diff --git a/Samples/one-interface/interfaces b/Samples/one-interface/interfaces
index 588784761..5a9a9fca8 100755
--- a/Samples/one-interface/interfaces
+++ b/Samples/one-interface/interfaces
@@ -1,5 +1,5 @@
 #	
-# 	Shorewall 1.4 -- Sample Interface File For One Interface
+# 	Shorewall 1.4  -- Sample Interface File For One Interface
 #
 # 	/etc/shorewall/interfaces
 #
diff --git a/Samples/one-interface/policy b/Samples/one-interface/policy
index d86fd6e13..9c2e73f60 100644
--- a/Samples/one-interface/policy
+++ b/Samples/one-interface/policy
@@ -22,7 +22,30 @@
 #			Shorewall will not start!
 #
 #	POLICY		Policy if no match from the rules file is found. Must
-#			be "ACCEPT", "DROP", "REJECT" or "CONTINUE"
+#			be "ACCEPT", "DROP", "REJECT", "CONTINUE" or "NONE"
+#			
+#			ACCEPT
+#				Accept the connection
+#			DROP
+#				Ignore the connection request.
+#			REJECT
+#				For TCP, send RST. For all other, send
+#				"port unreachable" ICMP.
+#			CONTINUE
+#				Pass the connection request past
+#				any other rules that it might also
+#				match (where the source or destination
+#				zone in those rules is a superset of
+#				the SOURCE or DEST in this policy)
+#			NONE
+#				Assume that there will never be any
+#				packets from this SOURCE to this
+#				DEST. Shorewall will not set up any
+#				infrastructure to handle such packets
+#				and you may not have any rules with 
+#				this SOURCE and DEST in the /etc/shorewall/rules
+#				file. If such a packet is received the result
+#				is undefined.
 #
 #	LOG LEVEL	If supplied, each connection handled under the default
 #			POLICY is logged at that level. If not supplied, no
diff --git a/Samples/one-interface/rules b/Samples/one-interface/rules
index e419ddd3b..f6423c1e7 100755
--- a/Samples/one-interface/rules
+++ b/Samples/one-interface/rules
@@ -15,7 +15,8 @@
 # Columns are:
 #
 #
-#	ACTION			ACCEPT, DROP, REJECT, DNAT, DNAT- or REDIRECT
+#	ACTION			ACCEPT, DROP, REJECT, DNAT, DNAT-, REDIRECT,
+#				CONTINUE or LOG.
 #
 #				ACCEPT
 #						Allow the connection request
@@ -46,6 +47,8 @@
 #						connection request will be passed
 #						to the rules defined for that
 #						(those) zones(s).
+#				LOG		
+#						Simply log the packet and continue.
 #
 #			May optionally be followed by ":" and a syslog log
 #			level (e.g, REJECT:info). This causes the packet to be
@@ -110,6 +113,8 @@
 #			2. 	In DNAT rules, only IP addresses are
 #				allowed; no FQDNs or subnet addresses
 #				are permitted.
+#			3.	You may not specify both an interface and
+#				an address
 #
 #			The port that the server is listening on may be
 #			included and separated from the server's IP address by
diff --git a/Samples/three-interfaces/policy b/Samples/three-interfaces/policy
index 9e59c6880..3a5375d69 100644
--- a/Samples/three-interfaces/policy
+++ b/Samples/three-interfaces/policy
@@ -22,7 +22,30 @@
 #			Shorewall will not start!
 #
 #	POLICY		Policy if no match from the rules file is found. Must
-#			be "ACCEPT", "DROP", "REJECT" or "CONTINUE"
+#			be "ACCEPT", "DROP", "REJECT", "CONTINUE" Or "NONE"
+#
+#			ACCEPT
+#				Accept the connection
+#			DROP
+#				Ignore the connection request.
+#			REJECT
+#				For TCP, send RST. For all other, send
+#				"port unreachable" ICMP.
+#			CONTINUE
+#				Pass the connection request past
+#				any other rules that it might also
+#				match (where the source or destination
+#				zone in those rules is a superset of
+#				the SOURCE or DEST in this policy)
+#			NONE
+#				Assume that there will never be any
+#				packets from this SOURCE to this
+#				DEST. Shorewall will not set up any
+#				infrastructure to handle such packets
+#				and you may not have any rules with
+#				this SOURCE and DEST in the /etc/shorewall/rules
+#				file. If such a packet is received the result
+#				is undefined.
 #
 #	LOG LEVEL	If supplied, each connection handled under the default
 #			POLICY is logged at that level. If not supplied, no
diff --git a/Samples/three-interfaces/rules b/Samples/three-interfaces/rules
index ac85560c7..4c49393e3 100755
--- a/Samples/three-interfaces/rules
+++ b/Samples/three-interfaces/rules
@@ -15,7 +15,8 @@
 # Columns are:
 #
 #
-#	ACTION			ACCEPT, DROP, REJECT, DNAT, DNAT- or REDIRECT
+#	ACTION			ACCEPT, DROP, REJECT, DNAT, DNAT-, REDIRECT,
+#				CONTINUE or LOG.
 #
 #				ACCEPT
 #						Allow the connection request
@@ -46,6 +47,8 @@
 #						connection request will be passed
 #						to the rules defined for that
 #						(those) zones(s).
+#				LOG		
+#						Simply log the packet and continue.
 #
 #			May optionally be followed by ":" and a syslog log
 #			level (e.g, REJECT:info). This causes the packet to be
@@ -110,6 +113,8 @@
 #			2. 	In DNAT rules, only IP addresses are
 #				allowed; no FQDNs or subnet addresses
 #				are permitted.
+#			3.	You may not specify both an interface and
+#				an address.
 #
 #			The port that the server is listening on may be
 #			included and separated from the server's IP address by
diff --git a/Samples/two-interfaces/policy b/Samples/two-interfaces/policy
index 7d297638e..09f59f217 100644
--- a/Samples/two-interfaces/policy
+++ b/Samples/two-interfaces/policy
@@ -22,8 +22,31 @@
 #			Shorewall will not start!
 #
 #	POLICY		Policy if no match from the rules file is found. Must
-#			be "ACCEPT", "DROP", "REJECT" or "CONTINUE"
+#			be "ACCEPT", "DROP", "REJECT", "CONTINUE" Or "NONE"
 #
+#			ACCEPT
+#				Accept the connection
+#			DROP
+#				Ignore the connection request.
+#			REJECT
+#				For TCP, send RST. For all other, send
+#				"port unreachable" ICMP.
+#			CONTINUE
+#				Pass the connection request past
+#				any other rules that it might also
+#				match (where the source or destination
+#				zone in those rules is a superset of
+#				the SOURCE or DEST in this policy)
+#			NONE
+#				Assume that there will never be any
+#				packets from this SOURCE to this
+#				DEST. Shorewall will not set up any
+#				infrastructure to handle such packets
+#				and you may not have any rules with
+#				this SOURCE and DEST in the /etc/shorewall/rules
+#				file. If such a packet is received the result
+#				is undefined.
+#				
 #	LOG LEVEL	If supplied, each connection handled under the default
 #			POLICY is logged at that level. If not supplied, no
 #			log message is generated. See syslog.conf(5) for a
diff --git a/Samples/two-interfaces/rules b/Samples/two-interfaces/rules
index 597f131bc..363a54826 100755
--- a/Samples/two-interfaces/rules
+++ b/Samples/two-interfaces/rules
@@ -15,7 +15,8 @@
 # Columns are:
 #
 #
-#	ACTION			ACCEPT, DROP, REJECT, DNAT, DNAT- or REDIRECT
+#	ACTION			ACCEPT, DROP, REJECT, DNAT, DNAT-, REDIRECT,
+#				CONTINUE or LOG.
 #
 #				ACCEPT
 #						Allow the connection request
@@ -46,6 +47,8 @@
 #						connection request will be passed
 #						to the rules defined for that
 #						(those) zones(s).
+#				LOG		
+#						Simply log the packet and continue.
 #
 #			May optionally be followed by ":" and a syslog log
 #			level (e.g, REJECT:info). This causes the packet to be
@@ -110,6 +113,8 @@
 #			2. 	In DNAT rules, only IP addresses are
 #				allowed; no FQDNs or subnet addresses
 #				are permitted.
+#			3	You may not specify both an interface and 
+#				an address.
 #
 #			The port that the server is listening on may be
 #			included and separated from the server's IP address by