diff --git a/docs/standalone.xml b/docs/standalone.xml
index c7bb78967..96dd2aa8c 100644
--- a/docs/standalone.xml
+++ b/docs/standalone.xml
@@ -536,6 +536,12 @@ Web(ACCEPT) net $FW
IMAP(ACCEPT)net $FW
+
+ The Shorewall-provided macros assume that the associated service
+ is using it's standard port and will not work with services listening on
+ a non-standard port.
+
+
You may also choose to code your rules directly without using the
pre-defined macros. This will be necessary in the event that there is not
a pre-defined macro that meets your requirements. In that case the general
diff --git a/docs/three-interface.xml b/docs/three-interface.xml
index 37736066e..64303f913 100644
--- a/docs/three-interface.xml
+++ b/docs/three-interface.xml
@@ -971,6 +971,12 @@ ACCEPT dmz $FW udp 53 This
page can be of help if you don't know the protocol and port
involved.
+
+
+ The Shorewall-provided macros assume that the service is using its
+ standard port and will not work with a service listening on a
+ non-standard port.
+
diff --git a/docs/two-interface.xml b/docs/two-interface.xml
index 5026414a6..23e46da41 100644
--- a/docs/two-interface.xml
+++ b/docs/two-interface.xml
@@ -807,6 +807,12 @@ FTP(DNAT) net loc:10.10.10.1 For
url="FTP.html">Shorewall FTP documentation for more
information.
A couple of important points to keep in mind:
+
+ The Shorewall-provided macros assume that the service is using
+ its standard port and will not work with a service listening on a
+ non-standard port.
+
+
You must test the above rule from a client outside of your
local network (i.e., don't test from a browser running on computers
@@ -1080,7 +1086,7 @@ ACCEPT loc $FW tcp 80 #Allow Weblet to work
- Also, I don't recommend using shorewall
+ Also, I don't recommend using shorewall
restart
; it is better to create an alternate
configuration and test it using the shorewall
try
command.