UUh this is a great improvement. I didn't share the whole pipeline, because it is not mine, and I wanted to focus on the problem. However, feel free to take a look: pfelk/etc/pfelk/conf.d/02-firewall.pfelk at main · pfelk/pfelk · GitHub
I'm going to try your improvement, see if it can work here, and open a pull request!