Suricata

For discussion. There are 2 ideas here:
1. allow different actions than plain drop: e.g. reject.
2. allow default accept:hook hooks so we can insert new hooks w/o breaking existing rulesets

Also, so far it seems like the request_started/response_started hooks would most likely fit a default accept:hook as well.