Version 0.2.2
- Command line options for stormwall
- Report target can be configured using config globals
- Experimental XML output plugin
- Made sniffer fallback more robust with $DEFAULT_TARGET variable
- Added more error messages
- Fixed snort_flip_rule(), no barfing over perfectly good snort rules
- Snort rule parsing fixes and tidyups
- Snort(1.8) fix. Numerical IP_PROTO now accepted
- Snort(1.8) fix. Extraneous new fields ignored instead of barfed on.
- Snort(any) fix. Protocol is omitted if its "ip"
- Fixed potential stack buffer overflow in config file parser
- Fixed memory leak in string matcher (added more error messages too)
- Fixed heap corruption in snort ruleset handling, removed a hack too...
- EXPERIMENTAL rule compiler (FAST) [see bottom of includes/g_globals.h]

Version 0.2.1
- Simple template bugfix
- Added ZLIB compression of network data
- Started firestorm daemon, provides only debug output
- Started report plugin, sends packets out on UDP (EXPERIMENTAL)
- Fixed so that logfiles are opened O_TRUNC
- Removed top layer hack for matchers, which are now just dumb
- Sniffer fallback mode, if no rules, all packets get sent to alert
- Fixed GRE handler and added alert support for it.

Version 0.2.0 (Vegas)
- Packet decode engine re-desgined, now supports encapsulation
- Final few issues in snort parser resolved
- Log target (logs to tcpdump files)
- Alert target supports Ethernet II and ICMP
- Netlink capture bugfix, reports link proto correct
- Documented firestorm config in SGML docs
- GRE encapsulation support
- Firestorm daemonizes and prints output to a file (specified on cmd line)
- Alert dumps to its own file
- plugin_require now works
- ICMP plugin demultiplexes original packet
- Fixed heap corruption bug in snort parser

Version 0.1.6
- libpcap_file understands RedHat "Extended" capfiles
- Linux firewall netlink capture.
- Optional internal leak checker.
- Fixed a memory leak in ip matcher!
- Some better macros for plugin hackers.
- Uncommented locking code in print functions (oops)
- Changed lots of print_out()s to print_raw()s (more efficient)
- Removed stupid fsync() in print_???, less syscalls, more efficient
- Tidied up code by wrapping it all before 80 chars
- Installer and RPM spec file
- Alert target yet more verbose, prints time etc..

Version 0.1.5
- String match bugfix
- TCP flags bugfix
- Keep better track of internal resources
- VIM syntax file for config files included
- Targets get access to rule
- Matchers need not have match functions (ie: they are metadata)
- Added some better cleanup templates
- Aggregated tcp/ip headers to improve cross platform support
- Added TCP flags display to alert target
- Fixed chroot/drop privs to warn if not superuser
- Added IP TOS matcher, like snorts, not very user friendly
- IP fragbits matcher

Version 0.1.4
- Plugin dirs, capture devices, etc.. can all be configureed from config file
- Can now drop root privileges (not tested)
- Sensor can run chrooted (not tested)
- Libpcap live capture plugin
- Plugin configuration via global variables
- Snort parser bug fix
- Snort parser understands variables
- Snort strings allow embedding binary data

Version 0.1.3
- Lots of compile fixes, FreeBSD, and SunOS/Solaris now supported
- Removed dependency on libpcap
- configure has --with-libpcap-includes option
- TCP flags, urgent pointer, window size, seq and ack matchers
- DSIZE matcher, matches total packet data size
- Favour BSD style tcphdr struct
- Targets can let packets continue
- ICMP SEQ/ID matchers
- IP ID match bug fix
- Alert slightly more verbose

Version 0.1.2
- Allow negation of rule criteria
- Snort rules support negation
- Added string (content) match, with depth and offset
- Warn better in the case of syntax err in snort ruleset
- Support for bi-directional snort rules
- Strip quote marks off of strings in snort rule values
- TTL match
- IP ID match
- Attempt to better the documentation
