To add to this, the rules on your shield do have all of the latest and known CnC signatures for the IoT exploits you mentioned. You should also filter at the DNS level, I use OpenDNS.
My shield is still working flawlessly too but here are some others if you wanted to research:
Untangle
pfSense
OpnSense
Security Onion
Sophos UTM as mentioned
All have either Snort or Suricata. Untangle is supposedly very easy to setup out of all of them, but all of these will work on your machine.
Running the latest OpenWrt stable release