# $Id: CHANGELOG,v 1.57 2001-05-19 19:11:59-04 godot Exp $

v2.6.6


----------------------------------------
v2.6.5

- gforward.pl now included (for setting up generic portforwards)
- added QoS marking for typical game ports, irc
- gShield.conf reorganized
- added "error" documentation for common errors
- misc cleanups (added restart runtime)
----------------------------------------
v2.6.4

- bugfix for hosts.deny logic
- BLACKLIST defaults to normal
- toggle for locking down possible netbios leaks
- removal of a few bashisms (thanks J. Breton)
----------------------------------------
v2.6.3
	
- toggle for ICMP logging
- error checking for UNCLEAN match
- SYSLOG option defaults to false
- bugfix for loopback interface
- misc documentation updates
----------------------------------------
v2.6.2

- option for TCPMSS fix for borked PPPoE
- folded in TOS mangles for PREROUTE
- primitive packet marking for PREROUTE
- option for ICMP_ECHOREPLY_RATE
- sanity check for ICMP_ECHOREPLY_RATE
- fix for non-English LANG env (thanks mtanguy)
----------------------------------------
v2.6.1

- folded in syslog function (thanks hburgiss)
- moved conf/time_servers to gShield.conf
- support for running out of init.d/
- option to auto-blacklist "ALL"-prefixed addresses in hosts.deny
- run-time blacklist option can add to hosts.deny
- documentation additions to cover hosts.deny use
- cleaned up logging-prefixes
----------------------------------------
v2.6

- Configuration file format change
- ALL supported services are forwardable
- reserved drops now specific to external interface
- user-defined rules easily added (see gShield.conf)
- script even less verbose/color crap removed
----------------------------------------
v2.5.1

- improved logic for run-time option detection
- bug-fix for syncookies
- added generic peer to peer framework
- p2p client port-forwarding
----------------------------------------
v2.5

- added configuration kernel options for icmp_echo_ignore_broadcasts
- added configuration kernel options for tcp_timestamps
- syncookies now disabled by default
- bugfix for run-time client-add option
- misc documentation additions

----------------------------------------
v2.4

- added security comments concerning recent iptables ftp issue.
- run-time options: add blacklist, highport access, client access, flush.
- NOLOG automatically deals with broadcast addresses (drop/nolog).
- added kernel ip-sysctl options to main configuration 
- added additional usage notes to cover run-time options
----------------------------------------
v2.3

- ifconfig now defined as a variable
- reordered blacklist/NAT chain ordering (thanks Hurley) 
- folded in multi-homed logic based on diff by Duebbert
- fixed outgoing typos (thanks Duebbert)
- fixed protocol typo for HTTPS (thanks Faurot)
- misc comment fixes / updated gShield.conf
----------------------------------------
v2.2

- behavior when dropping packets now configurable
- support for forwarding imap-ssl
- toned down startup verbosity 
----------------------------------------
v2.1

- cleaned up reserved_address (was causing some issues)
- added auto-configuration logic for DNS servers
- added option to log INVALID state drops
- added framework for outgoing filters
- added blocked_outgoing to enable outgoing filtering
- added no_log option for specific ports
----------------------------------------
v2.0.4

- added toggle for traceroutes
- added logging-level option
- re-ordered CLOSED port chain
- added "flush" option
- folded in additional reserved blocks
----------------------------------------
v2.0.3

- fixed typo for https entry
- fixed typo for FW_ROOT in routables (thanks V. Hodges)
- added forwarding for ssh
- blacklist logging now a toggle
- added toggle for "default logging"
----------------------------------------
v2.0.2

- added option to not log reserved drops
- added common multicast addresses to conf/reserved_addresses
- enhanced DHCP logging
- removed redundant reserved chain
- removed redundant NAT entry
- common public services now use /etc/services to determine port
- added options for bind/domain forwarding
- highport_access should now deal with passive FTP
- highport blocking is now a toggle 
- added transparent proxy options
----------------------------------------
v2.0.1

- added DNS chain to ease readability
- moved DMZ rule entrace lower in filtering
- cleaned up logging output (no logging smb broadcasts)
- added conf/open_ports for user-defined open ports

----------------------------------------
v2.0.0

- initial conversion to iptables 
- support for multiple NATs 
- routable support and protection 
- support for DMZ'd machines 
- sane limits for default drops, incoming icmp 
- MAC address filtering for administrative machines 
- configurable public service access 
- configurable client access 
- integrated port-forwarding 
- stateful tracking 
