There have been a couple times now where my assistant has accidentally created an empty port forward rule at the top of the forwards list. Of course, this breaks our web site and every other external-facing service we have until we find and remove the bad rule. It's not that hard to do, but if we knew at the outset that this was the problem he wouldn't have left the rule hanging there in the first place.
I'm not excusing the mistake, but it did occur to me that one of a few steps could be taken to alleviate this:
1. Could we have the engine detect and ignore empty rules?
2. Could new rules be created at the bottom/end of the list by default instead of at the top, so that existing rules would still be processed?
I think #2 sounds like a the idea solution to me: if you want/need a new rule at the top, you can still move it, and it's a small thing, but for performance I'd like to have it process the high-volume rules first, and I think over time you're likely to get your "big" stuff in early and the additions that come in now and then are likely to be smaller exceptions.