v2.2

- behavior when dropping packets now configurable
- support for forwarding imap-ssl
- toned down startup verbosity 
----------------------------------------
v2.1

- cleaned up reserved_address (was causing some issues)
- added auto-configuration logic for DNS servers
- added option to log INVALID state drops
- added framework for outgoing filters
- added blocked_outgoing to enable outgoing filtering
- added no_log option for specific ports
----------------------------------------
v2.0.4

- added toggle for traceroutes
- added logging-level option
- re-ordered CLOSED port chain
- added "flush" option
- folded in additional reserved blocks
----------------------------------------
v2.0.3

- fixed typo for https entry
- fixed typo for FW_ROOT in routables (thanks V. Hodges)
- added forwarding for ssh
- blacklist logging now a toggle
- added toggle for "default logging"
----------------------------------------
v2.0.2

- added option to not log reserved drops
- added common multicast addresses to conf/reserved_addresses
- enhanced DHCP logging
- removed redundant reserved chain
- removed redundant NAT entry
- common public services now use /etc/services to determine port
- added options for bind/domain forwarding
- highport_access should now deal with passive FTP
- highport blocking is now a toggle 
- added transparent proxy options
----------------------------------------
v2.0.1

- added DNS chain to ease readability
- moved DMZ rule entrace lower in filtering
- cleaned up logging output (no logging smb broadcasts)
- added conf/open_ports for user-defined open ports

----------------------------------------
v2.0.0

- initial conversion to iptables 
- support for multiple NATs 
- routable support and protection 
- support for DMZ'd machines 
- sane limits for default drops, incoming icmp 
- MAC address filtering for administrative machines 
- configurable public service access 
- configurable client access 
- integrated port-forwarding 
- stateful tracking 
