From fa010dc0209fd73761c8f087eeebb651a4bb92e5 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 3 Aug 2020 13:06:06 -0700
Subject: [PATCH 1/3] Include policing filters in the show commands

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index 2752d7476..b46848b26 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -260,6 +260,11 @@ show_one_classifier() {
 	fi
     done
     echo
+
+    if echo $2 | fgrep -q ingress; then
+	echo "Ingress:"
+	tc -s -d filter show dev $device parent ffff:
+    fi
 }
 
 show_classifier1() {
@@ -277,6 +282,9 @@ show_classifier1() {
 show_tc1() {
     show_one_tc() {
 	local device
+	local qdisc
+	local ingress
+
 	device=${1%@*}
 	qdisc=$(tc qdisc list dev $device)
 
@@ -286,7 +294,7 @@ show_tc1() {
 	    echo
 	    tc -s -d class show dev $device
 	    echo
-	    show_one_classifier $device
+	    show_one_classifier $device "$qdisc"
 	fi
     }
 

From ef9c153dd5791e5128ccd005573eab168f4e16eb Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 10 Aug 2020 17:52:37 -0700
Subject: [PATCH 2/3] Avoid double-reporting policing filters

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/lib.cli | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/Shorewall-core/lib.cli b/Shorewall-core/lib.cli
index b46848b26..7e930d65c 100644
--- a/Shorewall-core/lib.cli
+++ b/Shorewall-core/lib.cli
@@ -260,11 +260,6 @@ show_one_classifier() {
 	fi
     done
     echo
-
-    if echo $2 | fgrep -q ingress; then
-	echo "Ingress:"
-	tc -s -d filter show dev $device parent ffff:
-    fi
 }
 
 show_classifier1() {

From 3073185b39199cb291b5ed8904d7336ac4f22f18 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 14 Aug 2020 10:29:39 -0700
Subject: [PATCH 3/3] Update ipset article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/ipsets.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/docs/ipsets.xml b/docs/ipsets.xml
index 6b75a01eb..520413a6b 100644
--- a/docs/ipsets.xml
+++ b/docs/ipsets.xml
@@ -145,7 +145,8 @@ ACCEPT       net:+sshok       $FW      tcp      22</programlisting></para>
     <para>Beginning with Shorewall 4.4.14, multiple source or destination
     matches may be specified by placing multiple set names in '+[...]' (e.g.,
     +[myset,myotherset]). When so enclosed, the set names need not be prefixed
-    with a plus sign.</para>
+    with a plus sign. When such a list of sets is specified, matching packets
+    must match all of the listed sets.</para>
 
     <para>Shorewall can save/restore your ipset contents with certain
     restrictions:</para>