Update the Shorewall-perl document regarding SAVE_IPSETS.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

docs/Shorewall-perl.xml

@@ -361,23 +361,27 @@ insert_rule $filter_table->{OUTPUT},     1, "-p udp --sport 1701 -j ACCEPT";
           used in a Shorewall configuration file, the name must be preceded by
           a plus sign (+) as with the shell-based compiler.</para>
 
-          <para>Shorewall is now out of the ipset load/reload business with
-          the exception of ipsets used for dynamic zones. With scripts
-          generated by the Perl-based Compiler, the Netfilter rule set is
-          never cleared. That means that there is no opportunity for Shorewall
-          to load/reload your ipsets since that cannot be done while there are
-          any current rules using ipsets.</para>
+          <para>From Shorewall-perl 4.0.0 - Shorewall 4.4.5, Shorewall was out
+          of the ipset load/reload business with the exception of ipsets used
+          for dynamic zones:</para>
 
-          <para>So:</para>
+          <blockquote>
+            <para>With scripts generated by the Perl-based Compiler, the
+            Netfilter rule set is never cleared. That means that there is no
+            opportunity for Shorewall to load/reload your ipsets since that
+            cannot be done while there are any current rules using
+            ipsets.</para>
 
-          <orderedlist numeration="upperroman">
-            <listitem>
-              <para>Your ipsets must be loaded before Shorewall starts. You
-              are free to try to do that with the following code in
-              <filename>/etc/shorewall/init (it works for me; your mileage may
-              vary)</filename>:</para>
+            <para>So:</para>
 
-              <programlisting>if [ "$COMMAND" = start ]; then
+            <orderedlist numeration="upperroman">
+              <listitem>
+                <para>Your ipsets must be loaded before Shorewall starts. You
+                are free to try to do that with the following code in
+                <filename>/etc/shorewall/init (it works for me; your mileage
+                may vary)</filename>:</para>
+
+                <programlisting>if [ "$COMMAND" = start ]; then
     ipset -U :all: :all:
     ipset -U :all: :default:
     ipset -F
@@ -385,37 +389,43 @@ insert_rule $filter_table-&gt;{OUTPUT},     1, "-p udp --sport 1701 -j ACCEPT";
     ipset -R &lt; /etc/shorewall/ipsets
 fi</programlisting>
 
-              <para>The file <filename>/etc/shorewall/ipsets</filename> will
-              normally be produced using the <command>ipset -S</command>
-              command. I have this in my<filename>
-              /etc/shorewall/stop</filename> file:</para>
+                <para>The file <filename>/etc/shorewall/ipsets</filename> will
+                normally be produced using the <command>ipset -S</command>
+                command. I have this in my<filename>
+                /etc/shorewall/stop</filename> file:</para>
 
-              <programlisting>if ipset -S &gt; /etc/shorewall/ipsets.tmp; then
+                <programlisting>if ipset -S &gt; /etc/shorewall/ipsets.tmp; then
     mv -f /etc/shorewall/ipsets /etc/shorewall/ipsets.bak
     mv /etc/shorewall/ipsets.tmp /etc/shorewall/ipsets
 fi</programlisting>
 
-              <para>The above extension scripts will work most of the time but
-              will fail in a <command>shorewall stop</command> -
-              <command>shorewall start</command> sequence if you use ipsets in
-              your routestopped file (see below).</para>
-            </listitem>
+                <para>The above extension scripts will work most of the time
+                but will fail in a <command>shorewall stop</command> -
+                <command>shorewall start</command> sequence if you use ipsets
+                in your routestopped file (see below).</para>
+              </listitem>
 
-            <listitem>
-              <para>Your ipsets may not be reloaded until Shorewall is stopped
-              or cleared.</para>
-            </listitem>
+              <listitem>
+                <para>Your ipsets may not be reloaded until Shorewall is
+                stopped or cleared.</para>
+              </listitem>
 
-            <listitem>
-              <para>If you specify ipsets in your routestopped file then
-              Shorewall must be cleared in order to reload your ipsets.</para>
-            </listitem>
-          </orderedlist>
+              <listitem>
+                <para>If you specify ipsets in your routestopped file then
+                Shorewall must be cleared in order to reload your
+                ipsets.</para>
+              </listitem>
+            </orderedlist>
 
-          <para>As a consequence, scripts generated by the Perl-based compiler
-          will ignore <filename>/etc/shorewall/ipsets</filename> and will
-          issue a warning if you set SAVE_IPSETS=Yes in
-          <filename>shorewall.conf</filename>.</para>
+            <para>As a consequence, scripts generated by the Perl-based
+            compiler will ignore <filename>/etc/shorewall/ipsets</filename>
+            and will issue a warning if you set SAVE_IPSETS=Yes in
+            <filename>shorewall.conf</filename>.</para>
+          </blockquote>
+
+          <para>Beginning with Shorewall 4.4.6 (and 4.5.3), SAVE_IPSETS=Yes is
+          once again supported. See <ulink
+          url="manpages/shorewall.conf.html">shorewall.conf</ulink>(5).</para>
         </listitem>
 
         <listitem>