- Allow a list of SIDs to have a manually specified target (such as

-j REJECT --reject-with tcp-reset). The list should come from the

command line with a new option and/or be read from a file.

- Make use of the u32 module for complex match criteria.

- Error checking in fwsnort.sh (at least for things like chain creation).

- Print more stats information such as shortest/longest pattern length, etc.

- Command line argument saving similar to fwknop.

- fwsnort init scripts?

- string match application layer offset bugfix (in the kernel).

- Ability to execute other fwsnort scripts from within the main fwsnort.sh

script. This would make it possible to have add a new fwsnort rule for

a specific signature to an existing fwsnort policy without removing

existing rules, or perhaps a new "--policy-add" option is in order.

- Ability to download Emerging Threats rulesets as a .tar.gz so that the

different classtypes can be used (e.g. within --include-type/exclude-type

options, etc.)