There's no need to write "a new style of firewall". It would be as easy as asking the user once whether a new connection is trusted or not. That's it.