Admin-Only Firewall rules

Would be nice id OnApp added a feature where a firewall rule can be added by the OnApp "admin" user in the OnApp CP and can neither be seen, nor edited or removed by the user (CP and API). Additionally, being about to firewall Outbound ports would also be nice.

This is very helpful for when you need to for example block SMTP for a VM that's been compromised or something.