I think Qubes should have a Firewall-manager.
It should be a GUI tool to configure firewall rules for all qubes like connection to IPs, DNS, ICMP, Ports etc.
It should be able to manage port-forwarding, blocking connections to websites, allow connections to limited servers and websites.
It should have some method to alert users about mis-configurations or just deny that.
It should be able to handle fail-close mechanisms for VPN etc.
It should be able to handle SOCKS and HTTP proxies.
Current qubes-settings and qubes-manager are incompetent in this area (AFAIK about this). For eg. we can only manage restrictions for IP settings from settings of individual qube. For DNS and ICMP, you need
qvm-firewall. Same goes for Qubes-Manager (contains no such features)
What is your opinions about it.