More documentation changes regarding SAVE_IPSETS.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/manpages/shorewall.conf.xml

@@ -2470,7 +2470,7 @@ INLINE          -       -       -       ; -j REJECT
       <varlistentry>
         <term><emphasis role="bold">SAVE_IPSETS=</emphasis>{<emphasis
         role="bold">Yes</emphasis>|<emphasis
-        role="bold">No|<replaceable>setlist</replaceable></emphasis>}</term>
+        role="bold">No|ipv4|<replaceable>setlist</replaceable></emphasis>}</term>
 
         <listitem>
           <para>Re-enabled in Shorewall 4.4.6. If SAVE_IPSETS=Yes, then the
@@ -2482,7 +2482,8 @@ INLINE          -       -       -       ; -j REJECT
 
           <para>Beginning with Shorewall 4.6.4, you can restrict the set of
           ipsets saved by specifying a setlist (a comma-separated list of ipv4
-          ipset names).</para>
+          ipset names). You may also restrict the saved sets to just the ipv4
+          ones by specifying <emphasis role="bold">ipv4</emphasis>.</para>
         </listitem>
       </varlistentry>
 

docs/ipsets.xml

@@ -154,6 +154,11 @@ ACCEPT       net:+sshok  $FW      tcp      22</programlisting></para>
         firewall is first stopped.</para>
       </listitem>
     </orderedlist>
+
+    <para>Beginning with Shorewall 4.6.4, you can save selective ipsets by
+    setting SAVE_IPSETS to a comma-separated list of ipset names. You can also
+    restrict the group of sets saved to ipv4 sets by setting
+    SAVE_IPSETS=ipv4.</para>
   </section>
 
   <section>
@@ -161,17 +166,21 @@ ACCEPT       net:+sshok  $FW      tcp      22</programlisting></para>
 
     <para>Ipset support in Shorewall6 was added in Shorewall 4.4.21.</para>
 
-    <para>Unlike iptables, which has separate configurations for IPv4 and
-    IPv6, ipset has a single configuration that handles both. This means the
-    SAVE_IPSETS=Yes in shorewall.conf or shorewall6.conf won't work correctly
-    because . To work around this issue, Shorewall-init is now capable
-    restoring ipset contents during 'start' and saving them during 'stop'. To
-    direct Shorewall-init to save/restore ipset contents, set the SAVE_IPSETS
-    option in /etc/sysconfig/shorewall-init (/etc/default/shorewall-init on
-    Debian and derivatives). The value of the option is a file name where the
-    contents of the ipsets will be save to and restored from. Shorewall-init
-    will create any necessary directories during the first 'save' operation.
-    If you configure Shorewall-init to save/restore ipsets, be sure to set
+    <para>Beginning with Shorewall 4.6.4, SAVE_IPSETS is available in <ulink
+    url="manpages6/shorewall6.conf.html">shorewall6-conf(5)</ulink>. When set
+    to Yes, the ipv6 ipsets will be set. You can also save selective ipsets by
+    setting SAVE_IPSETS to a comma-separated list of ipset names. </para>
+
+    <para>Prior to Shorewall 4.6.4, SAVE_IPSETS=Yes in shorewall.conf won't
+    work correctly because it saves both IPv4 and IPv6 ipsets. To work around
+    this issue, Shorewall-init is capable restoring ipset contents during
+    'start' and saving them during 'stop'. To direct Shorewall-init to
+    save/restore ipset contents, set the SAVE_IPSETS option in
+    /etc/sysconfig/shorewall-init (/etc/default/shorewall-init on Debian and
+    derivatives). The value of the option is a file name where the contents of
+    the ipsets will be save to and restored from. Shorewall-init will create
+    any necessary directories during the first 'save' operation. If you
+    configure Shorewall-init to save/restore ipsets, be sure to set
     SAVE_IPSETS=No in shorewall.conf and shorewall6.conf.</para>
   </section>
 </article>