1) Ability to sign and check signatures based on the certificates installed.
2) Ability to run a script based on an a filter rule. And yes, I understand that this could be a disaster in terms of DDOS, performance, etc... but I have a few cases that would be useful and "safe-ish" given the use case.
3) Ability to build compiled libraries into the system...
I'm trying to implement some sort of port-knocking system beyond static keys and it is proving difficult, if not impossible.