diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 127e0b2c9..9518dad46 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -1470,6 +1470,63 @@ Comcast 2 0x20000 main COM_IF detect balance
details.
+
+ Optional and Required Interfaces
+
+ Normally, Shorewall assumes that all interfaces described in shorewall-interfaces (5)
+ are going to be in an up and usable state when Shorewall starts or
+ restarts. You can alter that assumption by specifying the optional option in the OPTIONS column.
+
+ When an interface is marked as optional, Shorewall will determine
+ the interface state at start and
+ restart and adjust its configuration
+ accordingly.
+
+
+
+ The arp_filter, arp_ignore, routefilter, logmartians, proxyarp and sourceroute options are not enforced when the
+ interface is down, thus avoiding an error message such
+ as:WARNING: Cannot set Martian logging on ppp0
+
+
+
+ If the interface is associated with a provider in shorewall-providers
+ (5), start and restart will not
+ fail if the interface is not usable.
+
+
+
+ When DETECT_DNAT_IPADDRS=Yes in shorewall.conf (5), DNAT
+ rules in shorewall-rules (5) involving the interface will be omitted
+ when the interface does not have an IP address.
+
+
+
+ If detect is specified in the
+ ADDRESS column of an entry in shorewall-masq (5) then the
+ firewall still start if the optional interface in the INTERFACE column
+ does not have an IP address.
+
+
+
+ If you don't want the firewall to start unless a given interface is
+ usable, then specify required in the OPTIONS column of shorewall-interfaces (5).
+ If you have installed and configured the Shorewall-init package, then when
+ the interface becomes available, an automatic attempt will be made to
+ start the firewall.
+
+