Version 2.0.1c (June 27, 2012)
------------------------------
! Fix a script 'IFS' issue if IPv6 and DMZ is enabled together with DMZ_HOST_OPEN_IP (thanks to Ingmar Schraub)
! Newer kernels (3.4+) replaced ipt_LOG & ip6t_LOG with xt_LOG (thanks to Adam Young)

Version 2.0.1b (March 16, 2012)
-------------------------------
! RESERVED_NET_DROP only worked when RESERVED_NET_LOG was enabled (regression) (thanks to gregoryach@gmail.com)
! Removed stray line in install.sh
* Updated/corrected documentation

Version 2.0.1a (March 7, 2012)
------------------------------
* Misc. tweaks for arno-fwfilter (thanks Mark van Dijk)
* Use ls instead of [ -n (find) ] as it's much faster (thanks Lonnie)
* As with previous versions, when LAN_INET_OPEN_xxx and LAN_INET_HOST_OPEN_xxx are NOT defined
  the default LAN->INET policy is ACCEPT. Changed is when *any* of these variables are defined
  the default LAN->INET policy is DROP for all ports and protocols, not just TCP/UDP/IP as before.
* As with previous versions, when DMZ_INET_OPEN_xxx and DMZ_INET_HOST_OPEN_xxx are NOT defined
  the default DMZ->INET policy is ACCEPT. Changed is when *any* of these variables are defined
  the default DMZ->INET policy is DROP for all ports and protocols, not just TCP/UDP/IP as before.
* Tweak the handling of some of the sysctl kernel settings. This now also
  allows disabling setting/resetting some settings (like forwarding)
* Default UDP connection timeout to 60 seconds
+ Added support for new LOCAL_CONFIG_DIR variable, defaults to "/etc/arno-iptables-firewall/conf.d" (Debian bug #658458)
! Set default policy to DROP if either LAN_INET_HOST_OPEN_xxx or DMZ_INET_HOST_OPEN_xxx are defined,
  to match the documentation. (thanks Schilling Thomas Ing for reporting)
* Improve documentation

Version 2.0.1 (December 18, 2011)
---------------------------------
- Removed DNS_FAST_FAIL & RESOLV_IPS since they are both obsolete
* Few changes in the install/uninstall scripts. eg. arno-fwfilter now installs to /usr/local/bin instead

Version 2.0.1-BETA1 (October 10, 2011)
--------------------------------------
! Fixed kernel_ver_chk() function to properly handle kernel 3. (thanks Gunawan Lim for reporting)
! Fixed variables containing REJECT_UDP with IPv6 enabled, it should use 'icmp6-addr-unreachable' for IPv6.
* Updated "DynDNS Host Open" and "DMZ-DNAT" plugins to use new parse_rule() function.
* AIF variables are now parsed with a common function, now missing fields are logged with a warning.
* Misc. tweaks

Version 2.0.0c (July 28, 2011)
-----------------------------------
* Call insserv during configure, when available. This is required for eg.
  Debian/Ubuntu systems that use dependency based booting
! Fixed MULTICAST jumping should be done at the end of the EXT_INPUT_CHAIN, not
  at the beginning else users won't be able create "normal" rules for it
* Updated several plugins
* Several tweaks

Version 2.0.0b (March 25, 2011)
-------------------------------
+ Perform kernel check when IPv6 support is enabled
- Don't auto detect external interface settings during configure. It's too
  confusing and fills out the wrong values for certain setups (like laptops that are moved around)
+ Show platform information on start/restart when verbose
! remove bash-ism related to traffic-shaper plugin (Reported by Debian upstream, Debian bug #619496)
! remove bash-ism in ipsec-vpn plugin (Reported by Debian upstream, Debian bug #617510)
! workaround Busybox 'ash' bug when IPV6_SUPPORT is enabled
+ Added pptp-vpn plugin for local PPTP server support
! arno-fwfilter uses incorrect URL for location lookup (Debian bug #613631, thanks to Tony Evans for the patch)
+ Drop all IPv6 packets with Routing Header Type 0, new variable IPV6_DROP_RH_ZERO (thanks Klemen Mihevc)
! Fixed handling HOST_OPEN_ICMP, HOST_DENY_ICMP_NOLOG and HOST_DENY_ICMP variables
  with IPv6 addresses. (thanks Klemen Mihevc)
* Tweaked NAT module loading + cosmetics. iptable_nat is a required module for
  AIF because of the plugin framework/helper chains so it's wrong to only load
  it when NAT is enabled in the main script.

Version 2.0.0a (December 30, 2010)
----------------------------------------
! Set IFS=' ' in our batch-functions else the wrappers fail in some cases
- Removed old legacy plugin support that used the PLUGIN_PATH variable
! Fixed an issue when the value of IPV6_SUPPORT was changed then followed with a 'restart'
* (Cosmetic) tweaks

Version 2.0.0 (November 15, 2010)
---------------------------------
! dig wrapper using nslookup, extract IPv4 addresses over IPv6 addresses
* ipsec-vpn plugin, removed unnecessary EXT_INPUT_CHAIN rule and added IPv6 support
  for matching AH headers

Version 1.9.9-RC1 (October 25, 2010)
------------------------------------
- Removed deprecated check_binary() function from environment
+ Added support for an optional plugin_restart() function in plugins using a new plugin template,
  while supporting previous plugins without a plugin_restart() function
* Refactor load_modules() using our new modprobe_multi() 
* Allow modprobe_multi() function arguments to be grouped by a comma
+ Use IDENT environment variable for plugins
+ Added SHAPER_IF variable to traffic-shaper plugin to specify a single external interface
  should the default EXT_IF value contain more than one interface
+ Added SIP_VOIP_REMOTE_HOSTS variable to sip-voip plugin to limit access by source address
- Removed obsolete module_probe() function. Use modprobe() instead
+ Added IPV6_AUTO_CONFIGURATION variable to control autoconf when IP_FORWARDING = 0
+ Added IPV6_OVER_IPV4_SERVER variable for ipv6-over-ipv4 plugin, restricting 6to4 source packets
* Misc. tweaks & fixes

Version 1.9.9-BETA1 (October 8, 2010)
-------------------------------------
* Refactor setting kernel parameters
! Revert change that didn't masquerade IPv6/proto 41, so outgoing forwarded connections work properly
+ Added EXTERNAL_DHCPV6_SERVER variable to allow DHCPv6 clients on the *external* interface
* The default INET->DMZ policy is now DROP.  Common variables this change may effect are:
  INET_DMZ_HOST_OPEN_xxx and INET_DMZ_OPEN_xxx
+ Added support for Link-Local-Multicast ICMPv6 echo-request packets
+ Added LINK_LOCAL_DROP_LOG variable which controls logging of dropped IPv6 Link-Local addresses.
+ Added FORWARD_LINK_LOCAL variable which, by default (0), disables forwarding of IPv6 Link-Local addresses.
+ Added EXT_MULTICAST_CHAIN to handle external-inbound multicast traffic
+ Added DHCPv6 support for the EXT_IF_DHCP_IP variable.
+ Added a new variable FORWARD_DROP_LOG to disable logging dropped forwards when set to 0, defaults to 1.
! Fixed handling of destination host~port fields where only the host was specified.
+ Added a new set of variables INET_FORWARD_xxx to allow forwarding INET IPv6 and non-NAT'ed IPv4 packets
  to other interfaces.  The format is similar to the IPv4 NAT_FORWARD_xxx without port mapping.
+ Added a new variable OPEN_ICMPV6 to allow independent control of INET ICMP for IPv4 and IPv6, enabled by default.
! Fixed handling of INET_DMZ_HOST_OPEN_xxx variables
! Fixed handling of INET_DMZ_HOST_DENY_xxx variables
! Fixed handling of INET_DMZ_DENY_TCP
! Fixed variable typo, INET_DMZ_HOST_DENY_TCP was not handled
+ Added IPv6 reserved network support, label logs by IPv4 and IPv6
! Fixed RESERVED_NET_LOG is now independant from DROP_PRIVATE_ADDRESSES
+ Added option to the configure script to enable/disable IPv6 + several tweaks
* Sanity check should always be the first thing we do since we probably can't
  write the log-file in case we're not root
+ Automatically disable IPV6_SUPPORT if IPv6 is not detected in the kernel
+ Add support for mixed IPv4/IPv6 when IPV6_SUPPORT=1

