A firewall has to find the difference between good and bad packets, and for this, nothing is better than humans ! (french people could add this is the same difference as for good and bad hunters).
So the next generation firewall will be:
- better than stateful
- better than layer 7 analysis
- compliant with encrypted traffic
- able to detect malware, suspicious traffic, virus, etc.
Source code should be released on monday, on the Netfilter mailing lists. Stay tuned !