First, let me thank you for an excellent product and all the work you put
into maintaining it.
I have a web server in a DMZ with only port 80 open to the world. Right
now, someone can telnet to port 80 and poke around with my Apache
installation. Given the right person and the wrong installation, this can
cause a lot of problems. If m0n0wall had stateful (or dynamic) packet
filtering then port 80 would only accept HTTP connections and the sysadmin
could sleep (a little) easier.
Naturally, I have no idea how to implement this myself (hence my use of
m0n0wall and my e-mail to this list) but I think it would be a useful topic
for future development. Of course, if such functionality already exists and
I've completely overlooked it, I'd appreciate a push in the right direction.