- create classes for each class of in/out traffic - use hier_include to add firewall rules to each role
- add nftables/ipset modules - add custom firewall module
