diff --git a/Shorewall/manpages/shorewall-mangle.xml b/Shorewall/manpages/shorewall-mangle.xml
index c02883011..fbe2d74af 100644
--- a/Shorewall/manpages/shorewall-mangle.xml
+++ b/Shorewall/manpages/shorewall-mangle.xml
@@ -374,7 +374,8 @@ DIVERTHA - - tcp
Allows you to place your own ip[6]tables matches at the
- end of the line following a semicolon (";"). If an
+ end of the line following a semicolon (";") (deprecated) or
+ two semicolons (";;") (preferred since Shoreall 5.0.0). If an
action is specified, the compiler
proceeds as if that action had been
specified in this column. If no action is specified, then you
@@ -391,21 +392,15 @@ DIVERTHA - - tcp
2:P eth0 - tcp 22
INLINE(MARK(2)):P eth0 - tcp 22
-INLINE(MARK(2)):P eth0 - ; -p tcp
-INLINE eth0 - tcp 22 ; -j MARK --set-mark 2
-INLINE eth0 - ; -p tcp -j MARK --set-mark 2
+INLINE(MARK(2)):P eth0 - ;; -p tcp
+INLINE eth0 - tcp 22 ;; -j MARK --set-mark 2
+INLINE eth0 - ;; -p tcp -j MARK --set-mark 2
If INLINE_MATCHES=Yes in shorewall6.conf(5)
then the third rule above can be specified as follows:
- MARK(2):P eth0 - ; -p tcp
-
- Beginning with Shorewall 5.0.0, the rule may also be
- written this way, irrespective of the setting of
- INLINE_MATCHES:
-
MARK(2):P eth0 - ;; -p tcp
diff --git a/Shorewall/manpages/shorewall-masq.xml b/Shorewall/manpages/shorewall-masq.xml
index fbe8bd7bb..6a968916c 100644
--- a/Shorewall/manpages/shorewall-masq.xml
+++ b/Shorewall/manpages/shorewall-masq.xml
@@ -700,7 +700,7 @@
/etc/shorewall/masq:
#INTERFACE SOURCE ADDRESS
- INLINE(eth1) 0.0.0.0/0 70.90.191.121 ; -m statistic --mode random --probability 0.50
+ INLINE(eth1) 0.0.0.0/0 70.90.191.121 ;; -m statistic --mode random --probability 0.50
eth1 0.0.0.0/0 70.90.191.123
diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml
index 82abeffc8..ac6900656 100644
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@@ -461,7 +461,8 @@
Added in Shorewall 4.5.16. This action allows you to
construct most of the rule yourself using iptables syntax. The
- part that you specify must follow a semicolon (';') and is
+ part that you specify must follow a semicolon (';')
+ (deprecated) or two semicolons(';;') (preferred) and is
completely free-form. If the target of the rule (the part
following 'j') is something that Shorewall supports in the
ACTION column, then you may enclose it in parentheses (e.g.,
@@ -489,7 +490,7 @@
necessarily be at the end of the generated rule. For
example, if addresses are specified in the SOURCE and/or
DEST columns, their generated matches will appear after
- those specified using ';'.
+ those specified using ';;' (or ';').