--0.5.2
09-30-2003:Fixed a cosmetic bug in ALLOWED_UDP_IN
--0.5.1--
09-30-2003:Added FAILSAFE config option
09-28-2003:Added test for TTL support
09-27-2003:Smarter autoconfiguration of DISALLOW_PRIVATE
09-25-2003:Added pre- and post- scripts
09-23-2003:Added PATH variable to fix distros like Redhat
09-22-2003:Reduced output verbosity
09-22-2003:Removed string matching rules for now
09-22-2003:Don't log icmp in catch-all
09-20-2003:Added --failsafe option to prevent loss of remote access if ipkungfu fails
09-18-2003:Removed rule saving since we're not doing anything with it yet
09-16-2003:ipkungfu -c no longer takes forever to return results
09-16-2003:Replaced MASQ_LOCAL_NET and IP_FORWARD with GATEWAY in config. MASQ_LOCAL_NET and IP_FORWARD are still used internally
09-12-2003:Fixed vhost output to fit in a nonfb terminal window
09-12-2003:Fixed vhost output to deal with optionally blank ports
09-12-2003:Fixed ulog support detection
09-12-2003:Fixed a small bug in the port redirection code
09-12-2003:New init script by Bruno Torres (thanks!) should work for most distros
09-12-2003:Either Port or Protocol (but not both) can be omitted in vhosts.conf
09-12-2003:Got rid of PARALLEL_HTTP feature
09-02-2003:Added support for port ranges in ALLOWED_*_IN
09-01-2003:Removed FORWARD rules for ALLOWED_*_IN
09-01-2003:Updated icq example in vhosts.conf
08-28-2003:Updated comments and examples in redirect.conf
08-27-2003:Removed PING_FLOOD code - there doesn't seem to be a way to do this the way I want
08-26-2003:Fixed numerous ping issues
08-22-2003:All config options in ipkungfu.conf are now guessed, detected, or have reasonable defaults and are commented out by default
08-22-2003:Stopping ipkungfu now enables ping
08-22-2003:Added output for port redirection
08-22-2003:No longer aborts for lack of LOG target support if LOG_FACILITY=ulog
08-22-2003:Added RFC compliant list of IP ranges to reject from EXT_NET if DISALLOW_PRIVATE=1
08-22-2003:Added optional wait time for init to work around mysterious kernel panics
08-22-2003:Better way to modprobe irc and ftp conntrack modules
08-22-2003:Added --show-vars command line option

--0.5.0--
05-26-2003:Path to executable is a variable in the init script to make life easier for packagers
05-22-2003:Added 'RETURN' as a valid target for SUSPECT, KNOWN_BAD, and PORT_SCAN
05-13-2003:Added option to set TTL on outbound traffic
04-29-2003:Updated installer
04-29-2003:Fixed detection of some nmap portscans, courtesy of SiegeX
04-29-2003:Numerous small bugfixes, courtesy of SiegeX
04-29-2003:Added syncookie support
04-18-2003:Applied deny_hosts.conf to the FORWARD chain
04-15-2003:Added --flush option
04-14-2003:Added config option for modprobe path
04-11-2003:Added unclean match support
04-11-2003:Made it possible to have a server on a public IP inside the firewall and have another server on the same port on a private IP inside the firewall
04-11-2003:Added machanism to get external IP address
04-09-2003:Added connection tracking to the FORWARD chain
04-05-2003:Added forward.conf to manage the FORWARD chain
04-05-2003:Added support for networks with public IP addresses inside the firewall
04-05-2003:Added support for filtering outbound traffic from inside the firewall
03-25-2003:Rearranged rules for more effective port scan detection
01-21-2003:Fixed a bad sample rule in custom.conf
01-21-2003:Added additional configuration sanity checks
01-28-2003:Fixed the DONT_LOG options in log.conf

--0.4.0--
01-25-2003:Better (I hope) default settings in conf files
01-25-2003:Fixed installer to install the conf files (oops)
01-25-2003:Added "direction" support in redirect.conf
01-25-2003:Added some new options to log.conf
01-25-2003:Added support for the ULOG target in log.conf
01-24-2003:Added support for multiple internal devices
01-24-2003:Added support for multiple internal subnets

--0.3.2--
01-20-2003:Rewrote installer, which now just copies files and makes no attempt at configuration
01-20-2003:Several bugfixes, comments added
01-19-2003:Port forwarding no longer interferes with outgoing packets
01-12-2003:Fixed some permissions problems
01-12-2003:Fixed installer so custom.conf gets installed
01-12-2003:Fixed a bug that prevents users from opening one port per protocol <lazycode>

--0.3.1--
01-05-2003:Added option to negatively specify hosts in vhosts.conf with a !

--0.3.0--
01-04-2003:Added support for port ranges in various config files
01-03-2003:Put syn-flood chain back in
12-14-2002:Eliminated syn-flood chain
12-14-2002:Used multiport match to open ports, to cut down on rules
12-14-2002:Removed rules that use external IP address
12-13-2002:Completely rewrote installer to be non-interactive
12-07-2002:Maybe took some hassle out of dcc, needs testing
12-06-2002:Added --quiet option
12-06-2002:Added init script
12-06-2002:Added uninstall script
12-06-2002:Fixed a bug with deny_hosts.conf

--0.2.1--
11-26-2002:Added --help (jahhan)
11-26-2002:Fixed multiple small bugs (jahhan)
11-25-2002:Updated installer
11-25-2002:Added preliminary support for dhcp servers
11-25-2002:Added --log-tcp-options to some relevant logs
11-25-2002:Put much of the code into functions
11-24-2002:Added "IPKF" string to all logs (more greppable)
11-24-2002:Added --panic (no one-letter easy-screwup version)
11-24-2002:Added --version, --list, --check, --disable and 1-letter versions thereof
11-20-2002:Fixed denyhosts bug (thanks martin!)
11-19-2002:Added code to autoload ip_conntrack_irc and ip_nat_irc 
11-15-2002:Added option to REJECT identd instead of DROP
11-15-2002:Eliminated some redundant rules

--0.2.0--
11-13-2002:trelane found an installer bug for standalone boxen - fixed
11-12-2002:Removed catch-all rule for the FORWARD chain
11-12-2002:Changed default policy for the FORWARD chain to ACCEPT
11-12-2002:Added preliminary DMZ support
11-12-2002:Added the ability to specify hosts to allow access to vhosts
11-12-2002:Added localhost redirect support
11-12-2002:Added accept_hosts.conf and deny_hosts.conf
11-12-2002:Changed rule-saving to support non-chkconfig-compatible installs
11-12-2002:Changed default policies for OUTPUT and FORWARD to ACCEPT
11-12-2002:Added ToS mangling code
11-12-2002:Improved virtual host redirection support
11-12-2002:Added support for custom rules
11-12-2002:Log verbosity is now configurable
11-12-2002:Additional configuration sanity checks... more still needed
11-12-2002:Added some very nice features borrowed from Arno's iptables-script
11-12-2002:Added interactive installer
11-12-2002:Split into multiple files, executable and config

--0.1.1--
10-20-2002:Added support for multiple virtual hosts (thanks Wolf!)        
10-19-2002:Added rule saving for non-chkconfig-friendly distros           
10-17-2002:Fixed a rather unfriendly error message                        
10-10-2002:Fixed dcc bug                                                  
10-10-2002:Added --disable command line option                            
10-10-2002:Removed some redundant rules                                   
10-10-2002:OK so we do need the external IP                               
09-19-2002:Added Slapper code                                             
09-19-2002:Added changelog :)                                             
09-19-2002:Removed the need to know the IP of the external interface      

