From 35f33b325fbfd3078ec22e4ca854d5dcf1686d38 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 5 Oct 2015 08:18:52 -0700
Subject: [PATCH] Update blacklisting article

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/blacklisting_support.xml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/blacklisting_support.xml b/docs/blacklisting_support.xml
index 1caf8d0db..9b0d1acf8 100644
--- a/docs/blacklisting_support.xml
+++ b/docs/blacklisting_support.xml
@@ -49,9 +49,13 @@
     <title>Introduction</title>
 
     <para>Shorewall supports two different types of blackliisting; rule-based,
-    static and dynamic. The BLACKLISTNEWONLY option in
-    /etc/shorewall/shorewall.conf controls the degree of blacklist
-    filtering:</para>
+    static and dynamic. The BLACKLIST option in /etc/shorewall/shorewall.conf
+    controls the degree of blacklist filtering.</para>
+
+    <para>The BLACKLIST option lists the Netfilter connection-tracking states
+    that blacklist rules are to be applied to (states are NEW, ESTABLISHED,
+    RELATED, INVALID, NOTRACK). The BLACKLIST option supersedes the
+    BLACKLISTNEWONLY option:</para>
 
     <orderedlist>
       <listitem>