the term “stealth ports” does not exist. You can drop traffic to ports via a -J DROP rule. If the ports where stealth then no one could connect to them. There other ticks you can use like a rule like this to cause a no route to host message
-A INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
Now Steve Gibson I.E. Gibson Research is not a very good resource. You might want to read a book on iptables and or read the documentation. Astaro is a good product but also requires lots of cpu horse power. ZeroShell works well on systems with lots of horse power but also works well on embedded systems as well. The drawbacks you speak of may be a limitation of your self vs ZeroShell.