v2.6.7
	* added sanity loop for several kernel options	
	* bugfix for tcp/sshd in routables.rules (thanks C. Graham)
	* added blocked_addresses to conf/
	* added GRE-specific logging
	* added nntp/sshd TOS/QOS suggestions (thanks W. Torres)
	* updated gforward.pl w/ option to use external file 

v2.6.6
	* added configurable options for UDP responses
	* added nice version logic (thanks phantoo)	
	* bugfixes for routables/DMZ (thanks M. McCallister)
	* folded in sections of contributed patch by S. Youngs
	* added ICMP/traceroute options for routables/DMZ
	* added verbosity to routable startup
	* added toggle for QoS marking
	* added toggle for SNAT/MASQUERADE
	* added proper copyright and license file
	* cleaned up directories (added docs and tools subdir)

v2.6.5
	* gforward.pl now included (for setting up generic portforwards)
	* added QoS marking for typical game ports, irc
	* gShield.conf reorganized
	* added "error" documentation for common errors
	* misc cleanups (added restart runtime)

v2.6.4
	* bugfix for hosts.deny logic
	* BLACKLIST defaults to normal
	* toggle for locking down possible netbios leaks
	* removal of a few bashisms (thanks J. Breton)

v2.6.3
	* toggle for ICMP logging
	* error checking for UNCLEAN match
	* SYSLOG option defaults to false
	* bugfix for loopback interface
	* misc documentation updates

v2.6.2
	* option for TCPMSS fix for borked PPPoE
	* folded in TOS mangles for PREROUTE
	* primitive packet marking for PREROUTE
	* option for ICMP_ECHOREPLY_RATE
	* sanity check for ICMP_ECHOREPLY_RATE
	* fix for non-English LANG env (thanks mtanguy)

v2.6.1
	* folded in syslog function (thanks hburgiss)
	* moved conf/time_servers to gShield.conf
	* support for running out of init.d/
	* option to auto-blacklist "ALL"-prefixed addresses in hosts.deny
	* run-time blacklist option can add to hosts.deny
	* documentation additions to cover hosts.deny use
	* cleaned up logging-prefixes

v2.6
	* Configuration file format change
	* ALL supported services are forwardable
	* reserved drops now specific to external interface
	* user-defined rules easily added (see gShield.conf)
	* script even less verbose/color crap removed

v2.5.1
	* improved logic for run-time option detection
	* bug-fix for syncookies
	* added generic peer to peer framework
	* p2p client port-forwarding

v2.5
	* added configuration kernel options for icmp_echo_ignore_broadcasts
	* added configuration kernel options for tcp_timestamps
	* syncookies now disabled by default
	* bugfix for run-time client-add option
	* misc documentation additions

v2.4
	* added security comments concerning recent iptables ftp issue.
	* run-time options: add blacklist, highport access, client access, flush.
	* NOLOG automatically deals with broadcast addresses (drop/nolog).
	* added kernel ip-sysctl options to main configuration 
	* added additional usage notes to cover run-time options

v2.3
	* ifconfig now defined as a variable
	* reordered blacklist/NAT chain ordering (thanks Hurley) 
	* folded in multi-homed logic based on diff by Duebbert
	* fixed outgoing typos (thanks Duebbert)
	* fixed protocol typo for HTTPS (thanks Faurot)
	* misc comment fixes / updated gShield.conf

v2.2
	* behavior when dropping packets now configurable
	* support for forwarding imap-ssl
	* toned down startup verbosity 

v2.1
	* cleaned up reserved_address (was causing some issues)
	* added auto-configuration logic for DNS servers
	* added option to log INVALID state drops
	* added framework for outgoing filters
	* added blocked_outgoing to enable outgoing filtering
	* added no_log option for specific ports

v2.0.4
	* added toggle for traceroutes
	* added logging-level option
	* re-ordered CLOSED port chain
	* added "flush" option
	* folded in additional reserved blocks

v2.0.3
	* fixed typo for https entry
	* fixed typo for FW_ROOT in routables (thanks V. Hodges)
	* added forwarding for ssh
	* blacklist logging now a toggle
	* added toggle for "default logging"

v2.0.2
	* added option to not log reserved drops
	* added common multicast addresses to conf/reserved_addresses
	* enhanced DHCP logging
	* removed redundant reserved chain
	* removed redundant NAT entry
	* common public services now use /etc/services to determine port
	* added options for bind/domain forwarding
	* highport_access should now deal with passive FTP
	* highport blocking is now a toggle 
	* added transparent proxy options

v2.0.1
	* added DNS chain to ease readability
	* moved DMZ rule entrace lower in filtering
	* cleaned up logging output (no logging smb broadcasts)
	* added conf/open_ports for user-defined open ports

v2.0.0
	* initial conversion to iptables 
	* support for multiple NATs 
	* routable support and protection 
	* support for DMZ'd machines 
	* sane limits for default drops, incoming icmp 
	* MAC address filtering for administrative machines 
	* configurable public service access 
	* configurable client access 
	* integrated port-forwarding 
	* stateful tracking 
