Cisco Security Manager does all that and more. The key features being Interface roles and ACL/device hierarchy.
Obviously this is not opensource.
I've never been canoeing before, but I imagine there must be just a few simple heuristics you have to remember... Yes, don't fall out, and don't hit rocks.