Employ 'not' syntax for 'real-interface' parameter in 'interface' command?

[johnnyutahh]

Is there some way to replace the interface e+ statement below with some sort of interface not "[devices...]" syntax, maybe in a future FireHOL version if it's not supported today?

The interface not "[devices...]" syntax (second stanza below) breaks my firehol-based firewall; maybe it "works" but it does not work the desired way for my team (which is represented by the interface e+ exposed directive in the first stanza). The not directive would theoretically be more elegant (to catch "all devices that are not in the list") than matching against a more-hard-coded device wildcard (e+), and would (again, theoretically) make our /etc/firehol.conf much more portable.

eg: imagine a Linux system that has a regular ethernet device whose name does not begin with e. Seems quite within the realm of feasibility.

#
# TODO: find a more-elegant way of specifying
#       non-wireguard, non-local network devices
#       other than 'e+', which accounts for:
#           eth[x]
#           ens[x]
#           enp[x]
#           eno[x]
#       ...per:
#       https://en.wikipedia.org/wiki/Consistent_Network_Device_Naming#Device_naming_rules
#
interface e+ exposed
    protection strong
    server custom wireguard_udp udp/12345 default accept
    server custom wireguard_udp udp/12346 default accept
    client all accept

...with something like this (note the not "[devices...]", which breaks on our system for both of the not "wg0 wg1 lo" and "not wg0 wg1 lo" variants):

interface not "wg0 wg1 lo" exposed
    protection strong
    server custom wireguard_udp udp/12345 default accept
    server custom wireguard_udp udp/12346 default accept
    client all accept

References:

1. https://en.wikipedia.org/wiki/Consistent_Network_Device_Naming#Device_naming_rules
2. https://www.reddit.com/r/linuxadmin/comments/ixeky1/ubuntu_kvm_vps_iptables_ctstate/g67khpc/?utm_source=reddit&utm_medium=web2x&context=3