To do list:

* Package up `dom0` component so it's installable via
  RPM.  Alternatively, upstream it completely.
* Make the system more robust by setting the right
  `ip neigh / ip route` rules to force incoming traffic
  to go to the specific VIF that backs the exposed VM.
* Instead of / in addition to proxy ARP/NDP, use static
  MAC addresses set at runtime, for each VM.
* Support interposing ProxyVMs between NetVMs and AppVMs.
* (Maybe) set up firewall rules on AppVM to obey its designated
  firewall rules, bringing back support for the GUI.  This
  probably needs a conversation with the Qubes OS core devs.