- break up port range from 1024:65535 to masq/non-masq ports (if masq enabled?)
- explain in documentation to use 0:1023 for "to all servers" range.
(credit to Dave Stern)
- use ipcalc.pl to generalize IP if:
	- in a directly connected netblock (but not netblock on default route?)
	- not a point-to-point link (slx/pppx/plipx)
- env var to choose what name lookup level
- set TOS where appropriate
- warn if DOCOMMAND incompatible with capabilities of running kernel
- set up documentation for "nolog" chain.  Check for existance at top of mason, 
create if not there, use for ipchains runcommand.
- parameter to set ip->0/0 if no match with /tmp/morehosts or IP ranges
- suggest that users make syslog asynchronous to reduce load
- Don't do processing if non-timestamp parameters equal to previous values.
- remind people to set all SERVER ports in /etc/services; no client ports.
- syslog is one way, syslog port to syslog port.
- 2401/tcp = cvs?
- do not generalize IP to 0/0 if both source and dest ports are 1024:65535
- grab additional local IP's (only?) from route -n grep BC and weed out dups
- break up ruleshell into runwall and runmason
- both source staticrules, which has ability to set lots of defaults
- button pushing gui to change values in /etc/masonrc
- caches in /var/...?
- host->name is a separate button from host -> network and is a fallback
- ssh source port; 1000:1023, then 975:999, 950:974, etc.
- staticrules env var for ports to block from outside world for all incoming requests.  
  Default 2049/tcp,udp, 3128/tcp, 3130/udp, X, xfs, all high services.
- reload DYN addresses on each pass at the top.
- don't put in tcp ack if client and server the same port
- add offending port numbers to comment on high-high connections 
- upgrade nfs-server beta 16 to 37; 16 used different ports.
- contact portmapper for rpc ports.