From 16a3384a7037680b601c45ada2b54e5da875e733 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 30 May 2020 19:57:37 -0700
Subject: [PATCH] Add an example of using 'blacklist ... timeout nnn'

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall-core/manpages/shorewall.xml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Shorewall-core/manpages/shorewall.xml b/Shorewall-core/manpages/shorewall.xml
index c6dbcef0a..cf0f4fd5f 100644
--- a/Shorewall-core/manpages/shorewall.xml
+++ b/Shorewall-core/manpages/shorewall.xml
@@ -1165,7 +1165,12 @@
           url="/manpages/shorewall.conf.html">shorewall.conf</ulink>(5). The
           <replaceable>address</replaceable> along with any
           <replaceable>option</replaceable>s are passed to the <command>ipset
-          add</command> command.</para>
+          add</command> command. Probably the most useful
+          <replaceable>option</replaceable> is the <option>timeout</option>
+          option. For example, to permanently blacklist 192.0.2.22, the
+          command would be:</para>
+
+          <programlisting>    shorewall blacklist 192.0.2.22 timeout 0</programlisting>
 
           <para>If the <option>disconnect</option> option is specified in the
           DYNAMIC_BLACKLISTING setting, then the effective VERBOSITY