firehol (3.0.1) - 2016-01-10

  * FireHOL
    - Add ipv6mld to simplify enabling Multicast Listener Discovery
      protocol, required on networks which do multicast snooping.
    - Update the example to make it more likely to work copy-pasted,
      include MLD

  * VNetBuild
    - Add pre_up to run commands immediately before an interface is started

  * Common
    - Packaging fixes
    - Command detection fix for :

firehol (3.0.0) - 2015-12-20

  * FireQOS
    - Bidirectional fixes
    - accept DSCP parameters case insensitive
    - allow matching within GRE packets
    - use configured firehol config directory

  * Update-Ipsets
    - added jigsaw lists

firehol (3.0.0-rc.4) - 2015-11-28

  * Rework packaging
    - Simplify version number handling
    - Common functions moved to a file in lib
    - Allow disabling IPv4/IPv6 at configure time
    - Allow disabling any unwanted tools
    - Allow disabling manpages and/or docs
    - Honour configure script setting for AUTOSAVE and others
    - All commands detected via configure, used via variables
      Incuding new 'iprange' tool https://github.com/firehol/iprange/releases

  * FireHOL
    - Fixes to DSCP class
    - added protection *connlimit* and *connrate*; removed default mask
      from parameter connlimit
    - added rule option *connlog* to only log the first packet of connections
      added *hashlimit* with all its options
    - most actions now accept the keywork *with* which also supports
      *with connlimit* and *with hashlimit*
    - use iprange --diff mode for comparing ipset versions

  * FireQOS
    - fail if DSCP and TOS match have been specified at the same time
    - various fixes

  * VNetBuild
    - Eliminate dependency on brctl

  * Update-Ipsets
    - Promoted from contrib
    - Various improvements

firehol (3.0.0-rc.3) - 2015-10-10

  * Common
    - ipset fixes
    - require pandoc 1.12.2.1 and use its features
    - iprove contents page in documentation

  * FireHOL updates
    - made STOP mode exit successfully
    - add support for restore when specifying a filename on the command line
    - allow multiple "except" rules in statements that accept the keyword
    - disabled spinner in explain mode
    - add support for comma as an ipset IP separator
    - tproxy now uses markdef() to allocate a mark
    - save marks.conf only after successful firewall activation
    - drop requirement for awk (other programs still use it)
    - add log() and loglimit() helpers to allow logging from ipsets globally
    - prevented backup of all the ipsets in memory - it takes too long
      when the system has many ipsets installed
    - rewrote the ipsets functionality so that:s
      - it optimizes netsets with iprange if present
      - it adapts the maxelem parameter for the updated ipset so that
        updating ipsets with big incremental updates does not fail
      - maintains compatibility with older ipset versions
        (side-effect: calling an ipset update without restarting the
         firewall now only support ipsets that are used in firehol.conf)
      - if iprange is present, processing of ipsets is a lot faster

  * FireQOS updates
    - add ability to stop QoS on a specific device
    - fix for ERROR columns on some tc versions
    - max/ceil % is now relative to parent's ceiling rate
      (it was by mistake to parent's base rate)
    - warn if a class takes priority outside the valid ranges of HTB (0-7)
    - switched default color from blue to green

  * Link-Balancer updates
    - add wrappers for rawmark() and custommark()
    - when a table was already up to date but other depend on it,
      it was failing #78
    - fix issue when specifying loop and timeout #77

  * Contrib (ipsets scripts)
    - various fixes and lists added
    - support aggregate to optimize netsets
    - support syslog logging
    - add iprange program, various enhancements over original

  * VNetBuild updates
    - Added

firehol (3.0.0-rc.2) - 2015-03-14

  * Common
    - Added --disable-doc to configure script to stop the installation
      of PDF and HTML versions of documentation
    - Start to bring documentation in line
    - Disable colour on non-terminals

  * FireHOL updates
    - Added synproxy support
    - Services "all" and "any" are now simple services. Service "all" now
      has multiple helpers, thus eliminating the need for ALL_SHOULD_ALSO_RUN.
    - Fix REJECT action by accepting RELATED TCP ACK,RST packets appropriately
    - Fix empty firewall case
    - Added state NEW to masquerade
    - Fix to ensure the final firewall close code emits as both ipv4 and ipv6
      where appropriate even if only ipv4 or ipv6 was used for the final
      interface/router
    - Added action type "sockets_suspects_trap"
    - iptrap now creates the trap if it is not already created
    - Eliminate a warning for kernels prior to 3.5
    - NAT now supports balancing multiple IPs or ports on all NAT modes
    - NAT now supports keyword "at" to specify the chain to be attached to
    - Optimise multi-port matching rules

  * FireQOS updates
    - Optimisations
    - Create FIREQOS_INTERFACE_DEFAULT_CLASSID (8000), FIREQOS_MATCHES_STEP
    - Fixed monitor mode

  * Link-Balancer updates
    - Fix to stop ignoring fallback gateways
    - Use "traceroute -6" not "traceroute6"

firehol (3.0.0-rc.1) - 2015-02-15

  * Performance improvements
    - Both the script and resulting firewalls are faster
    - Choose original complete bi-directional or even faster runtime matching

  * New firewall features
    - ipset support and management
    - IDS and port knocking with traps
    - multiple mark definitions
    - conntrack helpers
    - experimental tproxy support
    - separate default settings file

  * Introduction of link-balancer script
