diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index b7d10be05..c50396c5d 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -181,8 +181,8 @@ VI. PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
See the shorewall-secmarks and shorewall6-secmarks manpages for
details.
- As part of this change, the tcrules file now accepts chain
- designators 'I' and 'CI' for marking packets in the input chain.
+ As part of this change, the tcrules file now accepts $FW in the
+ DEST column for marking packets in the INPUT chain.
4) The 'blacklist' interface option may now have one of 2 values:
diff --git a/manpages/shorewall-tcrules.xml b/manpages/shorewall-tcrules.xml
index cde754b28..36cd62414 100644
--- a/manpages/shorewall-tcrules.xml
+++ b/manpages/shorewall-tcrules.xml
@@ -147,15 +147,6 @@
Mark the connecdtion in the POSTROUTING chain
-
-
- CI
-
-
- Added in Shorewall 4.4.13. Mark the connecdtion in
- the POSTROUTING chain
-
-
Special considerations for If
@@ -456,7 +447,7 @@ SAME $FW 0.0.0.0/0 tcp 80,443
DEST - {-|{interface|[interface:]address-or-range[-|{interface|$FW}|[{interface|$FW}:]address-or-range[,address-or-range]...}[exclusion]
@@ -477,6 +468,12 @@ SAME $FW 0.0.0.0/0 tcp 80,443
The list may include ip address ranges if your kernel and
iptables include iprange support.
+
+
+ Beginning with Shorewall 4.4.13, $FW may be specified by
+ itself or qualified by an address list. This causes marking to
+ occur in the INPUT chain.
+
You may exclude certain hosts from the set already defined
@@ -812,8 +809,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443
shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
shorewall-proxyarp(5), shorewall-route_rules(5),
- shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5), shorewall-secmarks(5),
- shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tos(5),
- shorewall-tunnels(5), shorewall-zones(5)
+ shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
+ shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
+ shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
diff --git a/manpages6/shorewall6-tcrules.xml b/manpages6/shorewall6-tcrules.xml
index 7fc01fd18..e6985ad36 100644
--- a/manpages6/shorewall6-tcrules.xml
+++ b/manpages6/shorewall6-tcrules.xml
@@ -144,14 +144,6 @@
Mark the connection in the POSTROUTING chain
-
-
- CI (added in Shorewall 4.4.13)
-
-
- Mark the connection in the INPUT chain.
-
-
Special considerations for If
@@ -330,7 +322,7 @@ SAME $FW 0.0.0.0/0 tcp 80,443
DEST - {-|{interface|[interface:]<address-or-range[-|{interface|$FW}[{interface|$FW}:]<address-or-range[,address-or-range]...}[exclusion]>
@@ -348,6 +340,10 @@ SAME $FW 0.0.0.0/0 tcp 80,443
('<' and '>') surrounding the address(es) may be
omitted.
+ Beginning with Shorewall 4.4.13, $FW may be given by itself or
+ qualified by an address list. This causes marking to occur in the
+ INPUT chain.
+
You may exclude certain hosts from the set already defined
through use of an exclusion (see shorewall6-exclusion(5)).
@@ -666,8 +662,8 @@ SAME $FW 0.0.0.0/0 tcp 80,443
shorewall6-hosts(5), shorewall6-interfaces(5), shorewall6-maclist(5),
shorewall6-params(5), shorewall6-policy(5), shorewall6-providers(5),
shorewall6-route_rules(5), shorewall6-routestopped(5),
- shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5), shorewall6-tcclasses(5),
- shorewall6-tcdevices(5), shorewall6-tos(5), shorewall6-tunnels(5),
- shorewall6-zones(5)
+ shorewall6-rules(5), shorewall6.conf(5), shorewall6-secmarks(5),
+ shorewall6-tcclasses(5), shorewall6-tcdevices(5), shorewall6-tos(5),
+ shorewall6-tunnels(5), shorewall6-zones(5)