Incapsula was willing to do a special deal, but their price was ridiculous.
Have you checked recently? If it has been a while it might be worth asking again.
I've fiddled around with nginx more recently at my day job, but it sounds like if you are talking firewall you are looking for maybe dedicated hardware to do this or provide a global-based service for it. I know nginx recently added UDP load balancing, but I'm not sure if TCP load balancing would work or stop TCP-SYN flooding or half-open attacks if that's what you're mostly having problems with.
Additionally you can adjust settings like net.ipv4.tcp_synack_retries and net.ipv4.tcp_syn_retries or even net.ipv4.tcp_fin_timeout on the firewall or reverse proxy if you haven't already.