Update Config file basics doc for 3.0 - take 2

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2609 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

Shorewall-docs2/configuration_file_basics.xml

@@ -320,9 +320,8 @@ smtp,www,pop3,imap  #Services running on the firewall</programlisting>
       problems then don't say that you were not forewarned.</para>
     </caution>
 
-    <para>Beginning with Shorewall 1.3.9, Host addresses in Shorewall
-    configuration files may be specified as either IP addresses or DNS
-    Names.</para>
+    <para>Host addresses in Shorewall configuration files may be specified as
+    either IP addresses or DNS Names.</para>
 
     <para>DNS names in iptables rules aren't nearly as useful as they first
     appear. When a DNS name appears in a rule, the iptables utility resolves
@@ -419,16 +418,6 @@ smtp,www,pop3,imap  #Services running on the firewall</programlisting>
     Shorewall.</para>
   </section>
 
-  <section id="Compliment">
-    <title>Complementing an Address or Subnet</title>
-
-    <para>Where specifying an IP address, a subnet or an interface, you can
-    precede the item with <quote>!</quote> to specify the complement of the
-    item. For example, !192.168.1.4 means <quote>any host but
-    192.168.1.4</quote>. There must be no white space following the
-    <quote>!</quote>.</para>
-  </section>
-
   <section id="Lists">
     <title>Comma-separated Lists</title>
 
@@ -454,6 +443,16 @@ smtp,www,pop3,imap  #Services running on the firewall</programlisting>
     </itemizedlist>
   </section>
 
+  <section id="Compliment">
+    <title>Complementing an Address or Subnet</title>
+
+    <para>Where specifying an IP address, a subnet or an interface, you can
+    precede the item with <quote>!</quote> to specify the complement of the
+    item. For example, !192.168.1.4 means <quote>any host but
+    192.168.1.4</quote>. There must be no white space following the
+    <quote>!</quote>.</para>
+  </section>
+
   <section id="Exclusion">
     <title>Exclusion Lists</title>
 
@@ -482,16 +481,16 @@ smtp,www,pop3,imap  #Services running on the firewall</programlisting>
   <section id="IPRanges">
     <title>IP Address Ranges</title>
 
-    <para>Beginning with Shorewall 2.2.0, if you kernel and iptables have
-    iprange match support, you may use IP address ranges in Shorewall
-    configuration file entries; IP address ranges have the syntax
-    &lt;<emphasis>low IP address</emphasis>&gt;-&lt;<emphasis>high IP
-    address</emphasis>&gt;. Example: 192.168.1.5-192.168.1.12.</para>
+    <para>If you kernel and iptables have iprange match support, you may use
+    IP address ranges in Shorewall configuration file entries; IP address
+    ranges have the syntax &lt;<emphasis>low IP
+    address</emphasis>&gt;-&lt;<emphasis>high IP address</emphasis>&gt;.
+    Example: 192.168.1.5-192.168.1.12.</para>
 
     <para>To see if your kernel and iptables have the required support, use
-    the <command>shorewall check</command> command:</para>
+    the <command>shorewall show capabilities</command> command:</para>
 
-    <programlisting>&gt;~ <command>shorewall check</command>
+    <programlisting>&gt;~ <command>shorewall show capabilities</command>
 ... 
 Shorewall has detected the following iptables/netfilter capabilities:
    NAT: Available
@@ -725,9 +724,7 @@ INT_IF=$(getcfg-interface bus-pci-0000:00:03.0)</programlisting>
       <listitem>
         <para>specifying the separate directory in a <command>shorewall
         start</command> or <command>shorewall restart</command> command (e.g.,
-        <command>shorewall restart /etc/testconfig</command> using Shorewall
-        2.2.0 and later or <command>shorewall -c /etc/testconf
-        restart</command> using earlier versions )</para>
+        <command>shorewall restart /etc/testconfig</command> )</para>
       </listitem>
     </orderedlist>