Version 0.2.9
-------------

BUG FIXES
=========
- fixed minor error in IP packet logger (protocols >20 off by one)

NEW FEATURES
============
- added new implicit "level oversized:" (works like "level spoof"); 
  improved detection of oversized IP packets


Version 0.2.8 (this and later versions work with Linux 2.0.xx only)
-------------

BUG FIXES
=========
- fixed minor errors in documentation and sample configuration files
- accept netmask 255.255.255.255
- eliminated generation of "THIS SHOULD NEVER HAPPEN" log message

NEW FEATURES
============
- permit 'call' statements in notification levels
- added 'destport' in LET statements (let attackport:sourcehost := destport ...)
- added 'reject with best' / 'reject with tcp_reset' (equivalent)
  sends TCP reset packet if TCP packet received
        ICMP port unreachable packet if UDP received
        ICMP host unreachable packet else 
- added 'reject with echo_reply' sends echo reply on echo request
  (use to answer pings)
- print ICMP type in log file
- added 'report' flag to notification - writes data to /var/log/firewall.report
- provide up-to-date /etc/services file, more sample configs and a log view 
  tool

CHANGES
=======
- merged Linux 1.3.x patches from Andi Kleen <andi@mlm.extern.lrz-muenchen.de>
  fixed a few glitches and modified for 2.0.x kernel
- switched to Linux file system standard
- updated installation instructions for Linux 2.0.x
- changed Makefile to optionally use bison/flex instead of yacc/lex, added 
  make install
- switched to configure (GNU Autoconfig)
- 'sfc show' omits mask if mask is 255.255.255.255
- updated IP protocol names (RFC 1700 obsoletes RFC 1340, IANA ftp server)
- moved sfc to /usr/local/sbin
- strip symbols of modules
