# Copyright 2003 Neil Gorsuch
#
# This file is part of pfilter.
#
# pfilter is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# pfilter is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

This is the list of things that should be done to pfilter2, not in any
particular order - Neil

Add the capability to loop expansions of a range of numbers being
generated by specifying something like this: 1 .. 17

Add ME as a possible source address that expands to all of the
machine's interface addresses.

Modify the compiled glue code to not output drop/rejection system
messages for broadcast packets when in limited logging mode.

Ipv6 support. - takers?

"make test". Very much needed. - Dave? Jim?

Add condor entry to rulesets files. In process now - Neil.

Gui. After investigating some possibilities, it looks like a webmin module
will give us the best interface with the least effort. I did a few experiments,
but nothing really is done. It is fairly trivial to do this. - takers?

Code to synchronize between tcpwrappers and pfilter configuration,
for the things that both can control. This is a big request item for
the NCSA clusters so that only one configuration needs to be updated
by the sysadmins. - takers?

Code to analyze system logs and in a nice (webmin gui ?) way, display
what new types of packets are being blocked. This is an absolute requirement,
since I have gone through a number of problems lately with cluster sysadmins
not really knowning exactly what ports/services are really used on their
systems. You need to be able to try out some service, and if it doesn't work,
have pfilter suggest which OPEN directives need to be inserted. - takers?

A few minor tweaks to the automatic configuration merging code that allows a
newer version of pfilter, with new directive types, to be upgraded to while
keeping the old configuration directives and still putting the commented
sections for new types of directives. For instance, all lines in a
configuration file that are "OPENX [source(s)]" need to be changed to
"OPEN X [source(s)]". - takers?

The configuration parsing code has to be tweaked to allow both white-space
seperated services/protocols/ports and comma separated services/protocols/ports,
while not allowing a comma between other portions.  In other words, this:
open    tcp,123 124 , x ,17 from 1.1.1.1,1.1.1.5 4.4.4.4 , x.com
would be okay, but this:
open    tcp,123 124 , x ,17 ,from 1.1.1.1,1.1.1.5 4.4.4.4 , x.com
would not be all right. - takers?

Change ruleset generation so that opening new connection packets
to a service from the external interface does not use the
external ip address if the source is specified as 0.0.0.0
(this is for dhcp serving functionality). - takers?

Need a README file. - takers?
