Sounds cool.
Permanent against GFW or against any kinds of attack? It is much easier to do the former.
GFW is not a real firewall (as a hardware that can deal with nation-wide traffic is simply impossible). Rather, GFW is a police car parking on the shoulder of the high way. It can monitor and inject packets, but not drop packets. And GFW is only on the border of Chinese network. So it does nothing against internal traffic, as long as you don't have a fixed server running "illegal" contents.
AFAIK, GFW does 3 things:
a) poison DNS,
b) blacklist IP and/or port,
c) identify traffic patterns and inject TCP RST to terminate connection, or bad sequence number to slow-down TCP connection.
Type c) has
c1) identify censored phrases, which is easily overcome by any kind of encryption; and
c2) identify traffic patterns such as SSH and VPN, which needs too much development that they won't bother to do on Sync.
And Type c) identified "illegal" foreign IPs are temporarily added to b) blacklist for some 3-5 minutes.
Hope this helps, in case you guys don't have idea how GFW works.