From 1e2030fd6f1154f5aecaa2e5524190adf644421a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 22 Jun 2017 12:43:25 -0700
Subject: [PATCH] Document leading "+" in inline matches

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/configuration_file_basics.xml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 04d04086e..5e0678bc8 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -859,6 +859,15 @@ INLINE               net              $FW ; -m recent --rcheck 10 --hitcount 5 -
 
           <programlisting>COMB_IF                         !70.90.191.120/29       70.90.191.121 ;; -m statistic --mode random --probability 0.50
 COMB_IF                         !70.90.191.120/29       70.90.191.123</programlisting>
+
+          <para>If the first character of the inline matches is a plus sign
+          ("+"), then the matches are processed before the column-oriented
+          input in the rule. That is required when specifying additional TCP
+          protocol parameters.</para>
+
+          <para>Example from action.TCPFlags:</para>
+
+          <programlisting>DROP     -      -      ;;+ -p 6 --tcp-flags ALL FIN,URG,PSH</programlisting>
         </listitem>
       </varlistentry>
     </variablelist>