From 36054b77846d7c7f4ce0ebddd7703ed1da46778f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Thu, 12 Aug 2010 17:52:22 -0700
Subject: [PATCH] Add additional vserver notes in rules manpages

---
 manpages/shorewall-rules.xml   | 4 +++-
 manpages6/shorewall6-rules.xml | 9 ++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml
index 39f4e0cf0..e08517dcd 100644
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@@ -538,7 +538,9 @@
           <para><emphasis role="bold">any</emphasis> is equivalent to
           <emphasis role="bold">all</emphasis> when there are no nested zones.
           When there are nested zones, <emphasis role="bold">any</emphasis>
-          only refers to top-level zones (those with no parent zones).</para>
+          only refers to top-level zones (those with no parent zones). Note
+          that <emphasis role="bold">any</emphasis> excludes all vserver
+          zones, since those zones are nested within the firewall zone.</para>
 
           <para>Hosts may also be specified as an IP address range using the
           syntax
diff --git a/manpages6/shorewall6-rules.xml b/manpages6/shorewall6-rules.xml
index 42ff2aa36..dbd67643f 100644
--- a/manpages6/shorewall6-rules.xml
+++ b/manpages6/shorewall6-rules.xml
@@ -359,7 +359,7 @@
       <varlistentry>
         <term><emphasis role="bold">SOURCE</emphasis> -
         {<emphasis>zone</emphasis>|<emphasis
-        role="bold">all</emphasis>[<emphasis
+        role="bold">{all|any}</emphasis>[<emphasis
         role="bold">+</emphasis>][<emphasis
         role="bold">-</emphasis>]}<emphasis
         role="bold">[:</emphasis><emphasis>interface</emphasis>][<emphasis
@@ -396,6 +396,13 @@
           mac addresses must begin with "~" and must use "-" as a
           separator.</para>
 
+          <para><emphasis role="bold">any</emphasis> is equivalent to
+          <emphasis role="bold">all</emphasis> when there are no nested zones.
+          When there are nested zones, <emphasis role="bold">any</emphasis>
+          only refers to top-level zones (those with no parent zones). Note
+          that <emphasis role="bold">any</emphasis> excludes all vserver
+          zones, since those zones are nested within the firewall zone.</para>
+
           <para>Hosts may also be specified as an IP address range using the
           syntax
           <emphasis>lowaddress</emphasis>-<emphasis>highaddress</emphasis>.