Create a firewall that has a pre-programmed set of attacks to be detected and used against an attacker.
Make the firewall adaptive. It would dynamically detect attacks based on the certain parameters (shellcode/attempted buffer overflows/etc.) and once it has been hit several times by a specific attack on a particular service, it takes note of the service and the general format of the attack and generates its own version to be used against attackers.
Add an option to join a network (possibly p2p) of trusted firewalls on the internet that will ALL retaliate when one is attacked. This part of the project would be completely optional and not required to use other functionality of the firewall. The firewalls may also submit newly detected attacks to a central server (also optional). An offending part of the firewall network is automatically dropped and disabled on the lowest level possible to prevent entire networks from being shut out, although, successively larger blocks will be disabled if there is continued activity from larger sections of address space/corporate entities.
The firewall also needs to take into account the various ip ranges already marked bad by groups similar to Peer Guardian.
Phase 4 aka Hex Firewall Phase
Make the firewall self-propagating. If it manages to get control of a remote system, it either installs itself there and secures the computer from further attack, or (if we don't make it cross platform) it cleans the windows based system and installs a native firewall (or takes similar action) that would secure it. This can be a good or bad thing depending on how the public views it. Ideally, this would make the majority of the internet immune to attack whether users know it or not.