I briefly experimented with using such an agent to communicate with a separate hardware firewall and found it was not worth the effort for myself and a better solution was just sandboxing anything I don't trust in a VM, since escaping a VM is harder than compromising the local agent to mask the traffic as coming from something else.