2015/04/26:

Release of version 2.0.3

- Fix to avoid errors when using physin/physout. Note that these
  parameters are only useful when the traffic travels over a single
  bridge.
- Fix to handle tc output on some systems, courtesy of Phineas Gage

2015/03/06:

Release of version 2.0.2

- Fix to ensure the final firewall close code emits as both ipv4 and ipv6
  where appropriate even if only ipv4 or ipv6 was used for the final
  interface/router
- Added --disable-doc to configure script to stop the installation
  of PDF and HTML versions of documentation

2015/02/15:

Release of version 2.0.1

- Fix srcmac/dstmac with IPv6
- Stop configs embedding iptables -I statements becoming corrupted.

  Fixes #41 by deleting activation rules by spec not number.

2014/10/24:

Release of version 2.0.0

No changes compared to rc.3

2014/10/19:

Release of version 2.0.0-rc.3

- Fix chain lengths and ensure both IPv4/IPv6 ones created for
  "with limit", "with knock" and "with recent" (issues #38 and #40)
- Silently disable IPv6 where the kernel has no IPv6 support (#39)

2014/10/06:

Release of version 2.0.0-rc.2

FireHOL fixes/enhancements
- Create functional firehol helpme output (issue #35)
- Remove long-redundant firehol_wget and wget_cmd helpers
- Use mktemp for temporary directories during RPC enumeration
- Don't delete and recreate the main temporary directory
- Treat mktemp like other required commands
- Silence module detection warning when not loading modules

FireQOS fixes/enhancements
- Added srcmac dstmac matches to FireQOS

Packaging
- Clean up some intermediate files before packing

2014/08/02:

Release of version 2.0.0-rc.1

FireHOL fixes/enhancements
- #15 Do not fix source ports for DHCPv6 (not required by RFC)

FireQOS fixes/enhancements
- fixed mixed ipv4 and ipv6 matches that were generating match
  priorities above 0xffff
- #29 added warning when rate is lower than minrate

Documentation
- split manual in two
- explain that ICMPv6 ND/RD packets are untracked by default, so not in all
- #31 fixed magic line of services definition

2014/06/08:

Release of version 2.0.0-pre9

FireHOL fixes/enhancements
- recognise dst4/dst6 on interface/router as well as src4/src6

2014/05/10:

Release of version 2.0.0-pre8

FireQOS fixes/enhancements
- resolved an issue with pppd ip-up scripts
- automatic numbering continues giving class priorities after
  a manual priority is given

Documentation
- replaced docbook with pandoc (issue #24)

2014/04/13:

Release of version 2.0.0-pre7

FireQOS fixes/enhancements
- full bidirectional interface support, including firehol like services
- running on OpenWRT (insmod instead of modprobe, low-res timers)
- option to limit each match to a specific rate

FireHOL fixes/enhancements
- firehol save now writes to the specified files again
- firehol save, restore and fastactivation now work IPv4-only mode
- improved fast activation error handling (issue #22)
- improved mark/connmark handling (issue #23)
- tproxy support added

Documentation
    - Link and spelling fixes
    - new config examples

2014/02/15:

Release of version 2.0.0-pre6

Implement dual IPv4/IPv6 as standard
- Update your config from version 5 to 6 to enable
- See http://firehol.org/upgrade/#config-version-6

Include FireQOS manual pages

2013/10/29:

Release of version 2.0.0-pre5

Fix to the FIREHOL_DEBUGGING code.

Release of version 2.0.0-pre4

Cleanups and minor improvements
- Remove the blank line from wizard/helpme output
- Remove the #! from wizard output - it cannot be executed directly
- Cleaned up boilerplace information in script
- "firehol condrestart" now follows official conventions by restarting
   only if already running

Fix kernel version detection so that it is more flexible and less error prone.

Allow switching on of debug output by setting environment variable
FIREHOL_DEBUGGING to a non-empty value.

Fix "mac" helper command so that it works with iptables 1.4.12+
- Previous behaviour was deprecated in 1.4.3 (Jul 2009)
- Also prevent mac addresses being seen as IPv6 addresses

Allow some config variables to be set as environment variables
- FIREHOL_ESTABLISHED_ACTIVATION_ACCEPT,
  FIREHOL_INPUT_ACTIVATION_POLICY, FIREHOL_FORWARD_ACTIVATION_POLICY,
  FIREHOL_OUTPUT_ACTIVATION_POLICY, FIREHOL_LOAD_KERNEL_MODULES,
  FIREHOL_NAT, FIREHOL_ROUTING, FIREHOL_AUTOSAVE

Do not try to add DROP rules to NAT chains
- See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536675

Use "ss" in place of "netstat"
- As suggested here https://bugzilla.redhat.com/show_bug.cgi?id=784520

2013/10/28:

Release of version 2.0.0-pre3

Fix for issue https://github.com/ktsaou/firehol/issues/6
Fix for issue https://github.com/ktsaou/firehol/issues/9

2013/10/27:

Release of version 2.0.0-pre2

Inclusion of FireQOS
Standardisation of version information suitable for Git
Allow tcpmss usage in interfaces

2013/10/15:

Release of version 2.0.0-pre1

Project organisation moved to autotools: it is still possible to
copy the single sbin/firehol.in to an appropriate place on an
init-driven system.
