v2.8
	* added version check for proper TOS variable set (thanks Damaged)
	* added gshield.pump (script by D. Munroe) to tools
	* removed useless UDP opening for SMTP
	* check_interface function disabled by default
	* folded in services.rules fixes
	* folded in C. Gielen's patch for port-range forwarding 	
	* added misc-patch by Harold van Oostrom
		- runtime option for -b blocks everything by default
		- support for remote transparent proxy
	* added windows terminal service (RDP) forwarding
	* typo fix in routables/routables.conf
	* added chkconfig parameters
	* added support for string filtering specific to HTTP
	* SMTP proxy support
	* added stronger regex for sourcing (thanks K. Root)
	* added PPTP options (thanks D. Powell) with restrictive options
	* multicast fixes / addresses moved to seperate file (thanks P. Starrenburg)
	* close netfilter flaw (unfiltered ICMP packets)
	* support for IRC connection tracking
v2.7.1
   	* service ports now hard-wired in
   	* increase port-range (marking) for Q3A servers (thanks S. Youngs)
   	* typo fix for BIND_HOST
   	* typo fixes for rFTP and rTraceroutes (thanks Nilsson/Bayer)
   	* added network patch for proper mask calculations by Marcos Tadeu
   	* misc service cleanup
   	* TOS disabled by default (iptables 1.2.3 oddity)
   	* logging facility defaults to numeric (resolves iptables 1.2.3 oddity)

v2.7
    * misc routable fixes (thanks J. Aitti)
    * gforward.pl updated
    * internal forwarding mechanism (thanks J. Benson)
    * added portscan detection options
	
v2.6.9
    * added option for QUEUE target
    * UNCLEAN toggle
    * adjusted domain service to handle brain-dead service listings

v2.6.8
    * changed GRE to numeric protocol to accomodate brain-dead distros
    * added smarter "broadcast" drops to reduce log verbosity
    * typo bugfix in kernel-options (thanks R. Goers)
    * extended highport_access logic (thanks A. Huffman)
    * added icmp_ignore_bogus_error kernel option (thanks R. Goers)
    * added return options for auth regardless of default policy (thanks R. Goers)
	
v2.6.7
	* added sanity loop for several kernel options	
	* bugfix for tcp/sshd in routables.rules (thanks C. Graham)
	* added blocked_addresses to conf/
	* added GRE-specific logging
	* added nntp/sshd TOS/QOS suggestions (thanks W. Torres)
	* updated gforward.pl w/ option to use external file 

v2.6.6
	* added configurable options for UDP responses
	* added nice version logic (thanks phantoo)	
	* bugfixes for routables/DMZ (thanks M. McCallister)
	* folded in sections of contributed patch by S. Youngs
	* added ICMP/traceroute options for routables/DMZ
	* added verbosity to routable startup
	* added toggle for QoS marking
	* added toggle for SNAT/MASQUERADE
	* added proper copyright and license file
	* cleaned up directories (added docs and tools subdir)

v2.6.5
	* gforward.pl now included (for setting up generic portforwards)
	* added QoS marking for typical game ports, irc
	* gShield.conf reorganized
	* added "error" documentation for common errors
	* misc cleanups (added restart runtime)

v2.6.4
	* bugfix for hosts.deny logic
	* BLACKLIST defaults to normal
	* toggle for locking down possible netbios leaks
	* removal of a few bashisms (thanks J. Breton)

v2.6.3
	* toggle for ICMP logging
	* error checking for UNCLEAN match
	* SYSLOG option defaults to false
	* bugfix for loopback interface
	* misc documentation updates

v2.6.2
	* option for TCPMSS fix for borked PPPoE
	* folded in TOS mangles for PREROUTE
	* primitive packet marking for PREROUTE
	* option for ICMP_ECHOREPLY_RATE
	* sanity check for ICMP_ECHOREPLY_RATE
	* fix for non-English LANG env (thanks mtanguy)

v2.6.1
	* folded in syslog function (thanks hburgiss)
	* moved conf/time_servers to gShield.conf
	* support for running out of init.d/
	* option to auto-blacklist "ALL"-prefixed addresses in hosts.deny
	* run-time blacklist option can add to hosts.deny
	* documentation additions to cover hosts.deny use
	* cleaned up logging-prefixes

v2.6
	* Configuration file format change
	* ALL supported services are forwardable
	* reserved drops now specific to external interface
	* user-defined rules easily added (see gShield.conf)
	* script even less verbose/color crap removed

v2.5.1
	* improved logic for run-time option detection
	* bug-fix for syncookies
	* added generic peer to peer framework
	* p2p client port-forwarding

v2.5
	* added configuration kernel options for icmp_echo_ignore_broadcasts
	* added configuration kernel options for tcp_timestamps
	* syncookies now disabled by default
	* bugfix for run-time client-add option
	* misc documentation additions

v2.4
	* added security comments concerning recent iptables ftp issue.
	* run-time options: add blacklist, highport access, client access, flush.
	* NOLOG automatically deals with broadcast addresses (drop/nolog).
	* added kernel ip-sysctl options to main configuration 
	* added additional usage notes to cover run-time options

v2.3
	* ifconfig now defined as a variable
	* reordered blacklist/NAT chain ordering (thanks Hurley) 
	* folded in multi-homed logic based on diff by Duebbert
	* fixed outgoing typos (thanks Duebbert)
	* fixed protocol typo for HTTPS (thanks Faurot)
	* misc comment fixes / updated gShield.conf

v2.2
	* behavior when dropping packets now configurable
	* support for forwarding imap-ssl
	* toned down startup verbosity 

v2.1
	* cleaned up reserved_address (was causing some issues)
	* added auto-configuration logic for DNS servers
	* added option to log INVALID state drops
	* added framework for outgoing filters
	* added blocked_outgoing to enable outgoing filtering
	* added no_log option for specific ports

v2.0.4
	* added toggle for traceroutes
	* added logging-level option
	* re-ordered CLOSED port chain
	* added "flush" option
	* folded in additional reserved blocks

v2.0.3
	* fixed typo for https entry
	* fixed typo for FW_ROOT in routables (thanks V. Hodges)
	* added forwarding for ssh
	* blacklist logging now a toggle
	* added toggle for "default logging"

v2.0.2
	* added option to not log reserved drops
	* added common multicast addresses to conf/reserved_addresses
	* enhanced DHCP logging
	* removed redundant reserved chain
	* removed redundant NAT entry
	* common public services now use /etc/services to determine port
	* added options for bind/domain forwarding
	* highport_access should now deal with passive FTP
	* highport blocking is now a toggle 
	* added transparent proxy options

v2.0.1
	* added DNS chain to ease readability
	* moved DMZ rule entrace lower in filtering
	* cleaned up logging output (no logging smb broadcasts)
	* added conf/open_ports for user-defined open ports

v2.0.0
	* initial conversion to iptables 
	* support for multiple NATs 
	* routable support and protection 
	* support for DMZ'd machines 
	* sane limits for default drops, incoming icmp 
	* MAC address filtering for administrative machines 
	* configurable public service access 
	* configurable client access 
	* integrated port-forwarding 
	* stateful tracking 
