diff --git a/Samples/one-interface/rules b/Samples/one-interface/rules
index 428bdad1c..378d49fcd 100755
--- a/Samples/one-interface/rules
+++ b/Samples/one-interface/rules
@@ -26,6 +26,15 @@
 #
 #				ACCEPT
 #						Allow the connection request
+#				ACCEPT+
+#						Like ACCEPT but also excludes the
+#						connection from any subsequent
+#						DNAT[-] or REDIRECT[-] rules
+#				NONAT
+#						Excludes the connection from any
+#						subsequent DNAT[-] or REDIRECT[-]
+#						rules but doesn't generate a rule
+#						to accept the traffic.
 #				DROP
 #						Ignore the request
 #				REJECT
@@ -73,11 +82,34 @@
 #			log level (e.g, REJECT:info or DNAT:debug). This causes the 
 #			packet to be logged at the specified level.
 #		
+#			If the ACTION names an action defined in
+#			/etc/shorewall/actions or in
+#			/usr/share/shorewall/actions.std then:
+#
+#			- If the log level is followed by "!' then all rules
+#			  in the action are logged at the log level.
+#
+#			- If the log level is not followed by "!" then only
+#			  those rules in the action that do not specify
+#			  logging are logged at the specified level.
+#
+#			- The special log level 'none!' suppresses logging
+#			  by the action.
+#
 #			You may also specify ULOG (Must be in upper case) as a log
 #			level. This will log to the ULOG target for routing to a
 #			seperate log through the use of ulogd.
 #			(http://www.gnumonks.org/projects/ulogd).						
 #
+#			Actions specifying logging may be followed by a
+#			log tag (a string of alphanumeric characters)
+#			are appended to the string generated by the
+#			LOGPREFIX (in /etc/shorewall/shorewall.conf).
+#
+#			Example: ACCEPT:info:ftp would include 'ftp '
+#			at the end of the log prefix generated by the
+#			LOGPREFIX setting.
+##
 #	SOURCE		Source hosts to which the rule applies. May be a zone
 #			defined in /etc/shorewall/zones, $FW to indicate the
 #			firewall itself, or "all" If the ACTION is DNAT or
@@ -85,6 +117,10 @@
 #			excluded from the rule by following the zone name with
 #			"!' and a comma-separated list of sub-zone names.
 #
+#			When "all" is used either in the SOURCE or DEST column
+#			intra-zone traffic is not affected. You must add
+#			separate rules to handle that traffic.
+#
 #			Except when "all" is specified, clients may be further
 #			restricted to a list of subnets and/or hosts by
 #			appending ":" and a comma-separated list of subnets
@@ -109,6 +145,10 @@
 #						Host on the Internet with
 #						MAC address 00:A0:C9:15:39:78.
 #
+#			net:192.0.2.11-192.0.2.17
+#						Hosts 192.0.2.11-192.0.2.17 in
+#						the net zone.
+#
 #			Alternatively, clients may be specified by interface
 #			by appending ":" to the zone name followed by the
 #			interface name. For example, net:eth0 specifies a