- Allow a list of SIDs to have a manually specified target (such as -j REJECT --reject-with tcp-reset). The list should come from the command line with a new option and/or be read from a file. - Make use of the u32 module for complex match criteria. - Error checking in fwsnort.sh (at least for things like chain creation). - Print more stats information such as shortest/longest pattern length, etc. - Command line argument saving similar to fwknop. - fwsnort init scripts? - string match application layer offset bugfix (in the kernel). - Ability to execute other fwsnort scripts from within the main fwsnort.sh script. This would make it possible to have add a new fwsnort rule for a specific signature to an existing fwsnort policy without removing existing rules, or perhaps a new "--policy-add" option is in order. - Ability to download Emerging Threats rulesets as a .tar.gz so that the different classtypes can be used (e.g. within --include-type/exclude-type options, etc.)