nat 1 0.0.0.0 0.0.0.0 0 10
does not limit inbound users from having more than 10 saA's ie an infected host could still generate hundreds of SYNs to non existant hosts outbound.
ie bad host would generate 1 initial SYN session request to 100 different non existant IP addresses.
Will the next Version address this issue, is it also possible to add a autoshun capability if a host violates an internal host violates outbound embryonic limit rule. adding this feature to internal hosts violating connection limits would also be nice :)