Currently, an EgressFirewall with a Deny rule behaves like a black hole, silently dropping packets and causing connections to time out after the TCP timeout period.

Instead, it should immediately respond with a TCP RST (reset) for denied connections. This would prevent applications from blocking on long timeouts, thereby reducing the number of hanging or blocked threads. When too many threads are tied up waiting, health checks (probes) may fail, potentially leading to unnecessary pod restarts.