Subgraph Firewall should support a rules.d/ for default policies distributed with packages

[dma]

e.g. we plan to built default rules, one easy example is ricochet. Something like:

[ricochet|/usr/bin-oz/ricochet] ALLOW|.onion:|SYSTEM|-1:-1|

These would be included in a Subgraph package and would allow us to issue updates (which may be rare) in isolation from the user's own custom rules.

[Zerokami]

I hope you use an easy to use format for rules like JSON as you did with OZ or conf.

I hope you don't make a new format unless it is essential for security

Learning different rule systems can get complicated for users