Hey guys, I recently experimented with the netfilter/IPtables extension xt_tls and it seems to work pretty well. It provides the ability to firewall based on the observed SNI request in flight between client and server. That is pretty much the "new way" of firewalling since the re-use of HTTPS for all application traffic.
Is this something the VyOS project would be interested in including in the 1.3 or a future release?