* Make sure to not run this as root (setuid doesn't work well), so use NET capabilities
* Check assertions and TODOs.
* Put ports to be allowed in options field, not in comments.
* Put device identifier in comments.