What really started to grind my gears was the rules. When I started to create a rule, I noticed I had a choice in “direction” which caught me off guard. Direction? Wasn’t this a stateful firewall? Ok, I thought maybe it was just a weird way of handling source / destination… Nope, they literally mean in/out of the LAN interface. I thought to myself, this doesn’t bode well.
Then I looked at some automatically generated rules - which I’m happy they make apparent but not happy there’s no way to directly modify them. For the WAN interface, if you set it to DHCP it automatically creates an in/out rule for DHCP, to allow the WAN to get an IP… I honestly hate dealing with rules like this. Why do I need an inbound rule if the firewall is initiating the connection to get an IP address? So now I have this inbound rule open 24/7 exposing any vulnerabilities to the DHCP client daemon? wtf?