1.00 - Original version - Chris Lowth

1.01 - 8 July 2003 - Chris Lowth
	Correction to ftwall.redhat.init to ensure that ftwall runs at
	step 11 rather than 09. This is so that it runs after the RedHat
	network step (step 10) and so can get a fully populated routing
	table when it starts.

1.02 - 15 July 2003 - Chris Lowth
	Reference to web doc on adding string match module added to INSTALL.

	Hint "Is ip_queue loaded?" added if ftwall fails to init.

1.03 - 21 July 2003 - Chris Lowth
	-d flag not recognised by getopts() in ftwall.c

	-s in ftwall.redhat.init should be -f

	logging to syslog or stderr - options "-l" and "-L" and supporting
	code added

1.04 - 25 July 2003 - Chris Lowth
	default for -t is now 120, not "disabled"

	merged client_hash and timelock_hash into a single list

	handling of possibilty that client will change the port number used.
	we now change the port in the hash rather than creating a new record,
	and optionally log the event.

	Manual page written (sourced from a ".pod" file)

	Logging of "clients removed from list" added

	Logging of accepted packets added

	ftwall.redhat.init upgrades the rmem_max if required

	-G option added to allow green subnets to come from a file

	comment in INSTALL file about placing iptables rules at the END of
	the relevant chains

	release tarball now includes the directory tree name

	"green.c" now speaks of subnets rather than routes.

1.05 - 29 July 2003 - Chris Lowth
	No more "green subnet" identification logic. We've got rid of "-g" and
	"-G" and "green.c" has vanished. We now depend on the iptables rules
	to do some of the packet filtering for us.

	Also got rid of "-k" flag - we're trying to simplify things a little.

	INSTALL document now has quite a lot more detail about building the
	iptables rules that apply the right filters, queuing etc.

	added "-c" option to specified a directory in which a snapshot of the
	active clients is maintained.

	packet tests now check for the chain on which the packet(s) arrive

	"make redhat_install" for RH 7.x, 8 and 9 distros

	we no longer have problems with dynamic routing - a side effect of the
	-g/-G logic being removed.

	probing logic improved - trigged by time passing rather than just
	arriving SYNs. So we probe even if the client is idle.

	Many log messages now include a "why" string.

	send_probe logic now builds the UDP packet using a re-usable function
	that could be used in future for other UDP spoofs.

	logging event options are now checked - so that unrecognised ones
	raise errors

	use of SRC and DST ip/port info in the inspect_* routines has been
	rationalised in the light of the results of alpha testing.

1.06 - 3 August 2003 - Chris Lowth
	Log error messages to syslog

	Minor cleanup and clarification in the INSTALL doc. Mainly: louder
	messages about importing warnings.

1.07 - 22 August 2003 - Chris Lowth
	Minor correction to INSTALL document - URL for downloading

1.08 - 17 December 2003 - Chris Lowth
	Changed findlibs.sh so that compilation works with iptables releases
	that end with non-digits (such as iptables-1.2.7a).

1.09 - 24 June 2004 - Chris Lowth
	Changed reference to ip.h (etc) to netinet/ip.h rather than linux/ip.h
	to allow compilation under Fedora Linux.

