- DONE! break up port range from 1024:65535 to masq/non-masq ports (if masq enabled?)
- DONE! use ipcalc.pl to generalize IP to a routed network (but not netblock on default route), and not a point-to-point link (slx/pppx/plipx)
- DONE! warn if DOCOMMAND incompatible with capabilities of running kernel
- DONE! Don't do processing if non-timestamp parameters equal to previous values.
- DONE! syslog is one way, syslog port to syslog port.
- DONE! do not generalize IP to 0/0 if both source and dest ports are 1024:65535
- DONE! grab additional local IP's (only?) from route -n grep BC and weed out dups
- DONE! caches in /var/...?
- DONE! ssh source port; 1000:1023, then 975:999, 950:974, etc.
- DONE! staticrules env var for ports to block from outside world for all incoming requests.  
  include 2049/tcp,udp, 3128/tcp, 3130/udp, X, xfs.
- DONE! add offending port numbers to comment on high-high connections 
- DONE! no masq port ranges in comment1
- DONE! don't put in tcp ack if both source and dest are servers.
- DONE! env var to choose what name lookup level
- DONE! reload DYN addresses on SIGUSR1.

- explain in documentation to use 0:1023 for "to all servers" range.
(credit to Dave Stern)
- set TOS where appropriate
- set up documentation for "nolog" chain.  Check for existance at top of mason, 
create if not there, use for ipchains runcommand.
- parameter to set ip->0/0 if no match with /tmp/morehosts or IP ranges
- suggest that users make syslog asynchronous to reduce load
- remind people to set all SERVER ports in /etc/services; no client ports.
- 2401/tcp = cvs?
- break up ruleshell into runwall and runmason
- both source staticrules, which has ability to set lots of defaults
- button pushing gui to change values in /etc/masonrc
- host->name is a separate button from host -> network and is a fallback
- upgrade nfs-server beta 16 to 37; 16 used different ports.
- contact portmapper for rpc ports.
- gui allows user to add comment line for most recent protocol
- for dns port, if ip is in /etc/resolv.conf/nameserver X, put in rule to host, not net.
...maaaasonnnn eeeeessssss eeeeevillll...uuuuse emmm-esss-proxxxxxeeeeee....
- in docs: NO PORT SCANNING WHILE MASON IS RUNNING!
- 0/0 -> 0/0 packets.... huh?
- make sure all host<-> ip's make it into host cache
- only allow incoming DNS from high ports or port 53?
