Protocol.
	Server provides a list of IPs to shun.

@ URL
	#URL where the master copy of this list can be found

. /full/path/to/additional/entries
	#Source another file of shun entries
	#. and 0 entries in files will be ignored.

. http://some.trusted.source/shunlist.html /etc/shun/trusted-shun-cache.html
	#pull down a shun list in this format and store a copy in
	#/etc/shun/trusted-shun-cache.html to use if the network
	#is down at some future time.

+ ipa/32 UnixGMTPardonTimestamp
	#Shun this host, but only until Timestamp reached, then the
	#shun client is responsible for taking away the shun entry.
	#The client does _not_ guarantee that the shun will be removed
	#at exactly that time.

+ networka/22 UnixGMTPardonTimestamp
	#Shun this net

+ networkb/30 UnixGMTPardonTimestamp

! ipz/32
	#Regardless of any other local or remote shun requests, _never_ shun this IP.

! networky/26
	#Likewise, never shun this net.

#blah blah blah
	#Ignore any characters following '#' anywhere on a line.

	All ips and networks must be straight numerical IPs or networks,
or resolvable via /etc/hosts.  While DNS lookup could technically be
accomodated, that's a _really_ bad idea in firewall rules if the dns
server is unavailable.
	Lines starting with any character other than 0, ., +, -, or !
will be ignored.
	No blocking will be done on the loopback interface.

	Timestamp for valid local cache file or individual shun entry.
date +%s	#provide seconds since the epoch
date -d "1970/01/01 gmt+ 995716877 sec" -u	#convert back



Unimplemented or future implementation:

0 0									#NOT IMPLEMENTED; NEEDED?
	#Start with a fresh list.  Implied if missing from conf file.

- ipb/32
	#Stop shunning this formerly shunned IP

- networkq/28
	#Stop shunning this formerly shunned network

. http://www.incidents.org/shunme.html incidents-shunme.html
	#pull down file from web or ftp URL.  Wget needed.
	#local copy kept at /etc/shun/incidents-shunme.html
	#., ! and 0 entries in pulled files will be ignored.

` command
	#Run the command and treat the output as normal shun commands.
	#Stderr is ignored.  Examples:
	#` route -n | grep '^[0-9]' | grep -v '^0.0.0.0' | awk '{print $1 "/" $3}' | sed -e 's/^/! /'
	#Do not use the ` chracter in your commands; use $( and ) to surround
	#any subshell output you need to create.

. /dev/stdin
	#Pull entries from stdin.  Useful if processing a procmail pipe.


#	In addition to the formally specified '!' non-blocks, the client
#app will, by default, refuse to block any local networks or gateways.

#Lines starting with a [1-9] will elicit a warning as
#the user may have forgotten the +/-/!.