Wish for new details in specifying network rules

I want some more detail in specifying network rules (not application rules)

Giving me (for instance) the option of
Allow tcp from any to any dst port any, state ESTABLISHED


Allow tcp from me to any dst port any, state SETUP

or allow udp from me to any dst port any, keep-state


Keeping track of state would increase the memory overhead, but would leave to certain rules being controlled in the network part, instead of in the application part, thus keeping the cpu overhead minimal.


Hello Svein

You might wanna make that as a ‘wish list’ and post that on the CPF Wishlist Rev 3 forum!