Negation is supported in the from and to field. You can enter addresses in the form
Still other negations are possible (on the protocol and interface) and will be added in future release.
The chain dispatch mechanism has been enhanced. A new check-box controls how the firewall rules are updated in the kernel. The default mode is to wipe the kernel rules and put new one in place. With the "update the kernel gracefully" check-box enabled, only the relevant chains are updates. This produces faster updates and avoid opening holes while the firewall is changing. This is necessary with the userfirewall module, which can change the firewall rules several times per minutes.