symbiosis-firewall reflecting changes made directly to iptables
Another wishlist item:
Symbiosis-firewall should be able to read the current state of iptables and ip6tables and update the representation of the firewall in /etc/symbiosis/firewall.d/ accordingly, as well as being able to update the firewall based on the contents of that same folder.
This would, I think, work best if the part of the system that provides blacklisting functionality was split out from the part that represents the state of the firewall on the system. It would also let us play nicely with fail2ban, something that some users would thank us for (and which would let us rely on a well established tool that has a surrounding community and ecosystem).