diff --git a/Shorewall-docs2/ErrorMessages.xml b/Shorewall-docs2/ErrorMessages.xml
index a852ec277..ed9f028ea 100644
--- a/Shorewall-docs2/ErrorMessages.xml
+++ b/Shorewall-docs2/ErrorMessages.xml
@@ -511,7 +511,48 @@
defined in /etc/shorewall/zones but has no
corresponding entries in
/etc/shorewall/interfaces or in
- /etc/shorewall/hosts.
+ /etc/shorewall/hosts.
+
+
+
+
+
+
+ Iptables Error Messages
+
+ By far the most asked about iptables error message is:
+
+
+
+ iptables: No chain/target/match by that name
+
+
+ This almost always means that you are trying to use a
+ Shorewall feature that your iptables and/or kernel do not support.
+ Beginning with version 2.2.0, Shorewall follows this message with a
+ copy of the rule that is failing. Most commonly, the problem is that
+ one of the match types (keyword following "-m" in the command) isn't
+ supported by your iptables/kernel. The output of "shorewall check"
+ shows you what your iptables/kernel support:
+
+ gateway:~# shorewall check
+Loading /usr/share/shorewall/functions...
+Processing /etc/shorewall/params ...
+Processing /etc/shorewall/shorewall.conf...
+Loading Modules...
+Shorewall has detected the following iptables/netfilter capabilities:
+ NAT: Available
+ Packet Mangling: Available
+ Multi-port Match: Available
+ Extended Multi-port Match: Available
+ Connection Tracking Match: Available
+ Packet Type Match: Not available
+ Policy Match: Available
+ Physdev Match: Available
+ IP range Match: Available
+Verifying Configuration...
+
+...