Yes.
I don’t think this change can be done on the GW but on the host’s IPtables?
Indeed. This looks easy on the host but wouldn’t know how to do on the gateway.
Optional sounds good as per:
Optional package maybe not even needed. Could be implemented in https://github.com/Whonix/whonix-host-firewall as optional feature.
(https://github.com/Whonix/whonix-host-firewall should be merged into GitHub - Whonix/whonix-firewall: https://www.whonix.org/wiki/Imprint but that’s future work, do not have to be done in this thread.)