Beginning with 2.4, gShield adds additional
run-time options to make some tasks easier.

From ./gShield help

gShield run-time options:
-------------------------
flush: flush all rulesets and disable firewall
client x: add ip "x" to clientlist
blacklist x: add ip  "x" to blacklist
highport x: add ip "x" to highport access list
help: this list

Briefly put, you can add ips to the client list, highport list
or blacklist all from the command line without having to re-load
gShield to re-read the ACL for that service.

For example, say I want to allow 1.2.3.4 as a client.  Starting with
gShield 2.4, this is a single step:

/etc/firewall/gShield.rc client 1.2.3.4

gShield will:

- add 1.2.3.4 to the -current- client list for immediate access
- add 1.2.3.4 to /etc/firewall/conf/client_hosts (for next time) and date its
insertion.
	   
There ARE some limitations:

- you have to use an -ip- address; hostnames are no good
- you can only use -single- ip addresses, not ranges or nets

Starting with 2.6.1, the 'blacklist' run-time option is a bit
smarter too. Running:

/etc/firewall/gShield.rc blackist 1.2.3.4

will:

- immediately block all access from that ip
- either:

	a) add that ip to /etc/firewall/conf/black_listed_hosts
		or
	b) add that ip to /etc/hosts.deny (prefixing ALL) if
           you have gShield.conf configured to use hosts.deny
           as a blacklist source.
