 - Masquerading firewall access support in FORWARD chain.
 - Doc links in email messages linking back to help docs on cipherdyne.org
 - Integrate with clients programs besides SSH.
 - Integrate with other packet filtering architectures and products.
 - Add ability to re-import an updated config with --HUP option.
 - Port client code to as many operating systems as possible.  Even Windows
   support perhaps?
 - Solve the key management issue by interfacing with various existing
   authentication systems (LDAP, Radius, Unix crypt(), etc.).
 - Update IPTables::ChainMgr to be able to manage an iptables ruleset on a
   remote system.
 - Client derived access timeouts.
 - Reverse shell from fwknop server.
 - Verbose status information for fwknop server that shows stats on the
   number of authentication requests, currently allowed addresses, etc.
 - Debian package, and Gentoo release.
 - Re-implement p0f for the pcap modes, and use to pre-filter before
   attempting to decrypt (for better performance).
 - Ability to ignore IP addresses that have flooded fwknop with bogus or
   replayed packets.
 - External updating of web view into fwknop status information.  Then by
   allowing SSL encrypted sessions only with the webserver, a user can get
   a view into what is actually happening on the server side.
 - Tie in with pcap to detect when the first session actually established
   after allowing access through the packet filter, and then shutting the
   access off immediately after instead of requiring a timeout?
 - Check to see if a service is actually listening before providing access.
 - Update fwknopd to get decryption passwords from a UNIX domain socket after
   startup.  This feature will make it possible to run fwknopd without having
   any passwords or keys within /etc/fwknop/access.conf.
 - Secure IP auto resolution instead of cleartext http://www.whatismyip.com/.
   One way to accomplish this may be to build a custom cgi script on
   cipherdyne.org that returns a GPG-signed message that includes the source
   address.
 - Scp patch.
 - Privledge separation to reduce code that executes as root.
 - ssh-agent integration.
 - Destination IP address restriction restrictions in access.conf.
 - Web SPA proxy.
 - Verbosity settings on outgoing email messages.
 - In command mode, the ability to run commands as users other than root.
 - Add source IP address to MD5 sum cache file so that fwknopd can report on
   the original IP of a subsequently replayed packet.
