From 3daf8076ff6dc9e5124233bcbca55c7de5bd9d1c Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Thu, 29 Sep 2005 15:37:15 +0000
Subject: [PATCH] Add warning about side effects of ADD_SNAT_ALIASES and
 ADD_IP_ALIASES

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2749 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 Shorewall/shorewall.conf | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/Shorewall/shorewall.conf b/Shorewall/shorewall.conf
index 6b02eefb7..c79b19782 100755
--- a/Shorewall/shorewall.conf
+++ b/Shorewall/shorewall.conf
@@ -372,6 +372,10 @@ IP_FORWARDING=On
 # for each NAT external address that you give in /etc/shorewall/nat. If you say
 # "No" or "no", you must add these aliases youself.
 #
+# WARNING: Addresses added by ADD_IP_ALIASES=Yes are deleted and re-added during
+# processing of the "shorewall restart" command. As a consequence, connections
+# using those addresses may be severed.
+#
 
 ADD_IP_ALIASES=Yes
 
@@ -383,6 +387,10 @@ ADD_IP_ALIASES=Yes
 # say "No" or "no", you must add these aliases youself. LEAVE THIS SET TO "No"
 # unless you are sure that you need it -- most people don't!!!
 #
+# WARNING: Addresses added by ADD_SNAT_ALIASES=Yes are deleted and re-added during
+# processing of the "shorewall restart" command. As a consequence, connections
+# using those addresses may be severed.
+#
 
 ADD_SNAT_ALIASES=No
 
@@ -811,9 +819,9 @@ MAPOLDACTIONS=No
 # going from the 'loc' zone to the 'net' zone, ESTABLISHED/RELATED packets are
 # ACCEPTED in the 'loc2net' chain.
 #
-# If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets are accepted 
+# If you set FASTACCEPT=Yes, then ESTABLISHED/RELEATED packets are accepted
 # early in the INPUT, FORWARD and OUTPUT chains. If you set
-# FASTACCEPT=Yes then you may not specify ESTABLISHED policies in 
+# FASTACCEPT=Yes then you may not specify ESTABLISHED policies in
 # /etc/shorewall/policy.
 
 FASTACCEPT=No