diff --git a/Shorewall-docs/blacklisting_support.htm b/Shorewall-docs/blacklisting_support.htm
deleted file mode 100644
index f21c88ed9..000000000
--- a/Shorewall-docs/blacklisting_support.htm
+++ /dev/null
@@ -1,91 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta http-equiv="Content-Type"
- content="text/html; charset=windows-1252">
-  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
-  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <title>Blacklisting Support</title>
-</head>
-<body>
-<h1 style="text-align: center;">Shorewall Blacklisting Support<br>
-</h1>
-<p>Shorewall supports two different forms of blacklisting; static and
-dynamic. Beginning with Shorewall version 1.4.8, the BLACKLISTNEWONLY
-option in /etc/shorewall/shorewall.conf controls the degree of
-blacklist filtering:<br>
-</p>
-<ol>
-  <li>BLACKLISTNEWONLY=No --&nbsp; All incoming packets are checked
-against the blacklist. New blacklist entries can be used to terminate
-existing connections. Versions of Shorewall prior to 1.4.8 behave in
-this manner.<br>
-  </li>
-  <li>BLACKLISTNEWONLY=Yes -- The blacklists are only consulted for new
-connection requests. Blacklists may not be used to terminate existing
-connections.</li>
-</ol>
-Only the source address is checked against the blacklists.<br>
-<h2>Static Blacklisting</h2>
-<p>Shorewall static blacklisting support has the following
-configuration
-parameters:</p>
-<ul>
-  <li>You specify whether you want packets from blacklisted hosts
-dropped or rejected using the <a href="Documentation.htm#BLDisposition">BLACKLIST_DISPOSITION</a>
-setting in /etc/shorewall/shorewall.conf</li>
-  <li>You specify whether you want packets from blacklisted hosts
-logged and at what syslog level using the <a
- href="Documentation.htm#BLLoglevel">BLACKLIST_LOGLEVEL</a> setting in
-/etc/shorewall/shorewall.conf</li>
-  <li>You list the IP addresses/subnets that you wish to blacklist in <a
- href="Documentation.htm#Blacklist">/etc/shorewall/blacklist.</a>
-Beginning with Shorewall version 1.3.8, you may also specify PROTOCOL
-and
-Port numbers/Service names in the blacklist file.<br>
-  </li>
-  <li>You specify the interfaces whose incoming packets you want
-checked against the blacklist using the "<a
- href="Documentation.htm#Interfaces">blacklist</a>" option in
-/etc/shorewall/interfaces.</li>
-  <li>The black list is refreshed from /etc/shorewall/blacklist by the "<a
- href="Documentation.htm#Starting">shorewall refresh</a>" command.</li>
-</ul>
-<h2>Dynamic Blacklisting</h2>
-<p>Dynamic blacklisting support was added in version 1.3.2. Dynamic
-blacklisting doesn't use any configuration parameters but is rather
-controlled using /sbin/shorewall commands:</p>
-<ul>
-  <li>drop <i>&lt;ip address list&gt; </i>- causes packets from the
-listed IP addresses to be silently dropped by the firewall.</li>
-  <li>reject <i>&lt;ip address list&gt; </i>- causes packets from the
-listed IP addresses to be rejected by the firewall.</li>
-  <li>allow <i>&lt;ip address list&gt; </i>- re-enables receipt of
-packets from hosts previously blacklisted by a <i>drop</i> or <i>reject</i>
-command.</li>
-  <li>save - save the dynamic blacklisting configuration so that it
-will be automatically restored the next time that the firewall is
-restarted.</li>
-  <li>show dynamic - displays the dynamic blacklisting configuration.</li>
-</ul>
-Dynamic blacklisting is <u>not</u> dependent on the "blacklist" option
-in /etc/shorewall/interfaces.<br>
-<p>Example 1:</p>
-<pre>     <b><font color="#009900">shorewall drop 192.0.2.124 192.0.2.125</font></b></pre>
-<p>&nbsp;&nbsp;&nbsp; Drops packets from hosts 192.0.2.124 and
-192.0.2.125</p>
-<p>Example 2:</p>
-<pre>     <b><font color="#009900">shorewall allow 192.0.2.125</font></b></pre>
-<p>&nbsp;&nbsp;&nbsp; Reenables access from 192.0.2.125.</p>
-<p><font size="2">Last updated 11/14/2003 - <a href="support.htm">Tom
-Eastep</a></font></p>
-<p><font face="Trebuchet MS"><a href="copyright.htm"><font size="2">Copyright</font>
-© <font size="2">2002, 2003 Thomas M. Eastep.</font></a></font></p>
-<br>
-<br>
-<br>
-<br>
-<br>
-</body>
-</html>
diff --git a/Shorewall-docs/blacklisting_support.xml b/Shorewall-docs/blacklisting_support.xml
new file mode 100644
index 000000000..6126fec4f
--- /dev/null
+++ b/Shorewall-docs/blacklisting_support.xml
@@ -0,0 +1,156 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<article>
+  <articleinfo>
+    <title>Shorewall Blacklisting Support</title>
+
+    <authorgroup>
+      <author>
+        <firstname>Tom</firstname>
+
+        <surname>Eastep</surname>
+      </author>
+    </authorgroup>
+
+    <pubdate>2003-11-14</pubdate>
+
+    <copyright>
+      <year>2002-2003</year>
+
+      <holder>Thomas M. Eastep</holder>
+    </copyright>
+
+    <legalnotice>
+      <para>Permission is granted to copy, distribute and/or modify this
+      document under the terms of the GNU Free Documentation License, Version
+      1.2 or any later version published by the Free Software Foundation; with
+      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      Texts. A copy of the license is included in the section entitled
+      <quote><ulink url="GnuCopyright.htm">GNU Free Documentation License</ulink></quote>.</para>
+    </legalnotice>
+  </articleinfo>
+
+  <section>
+    <title>Introduction</title>
+
+    <para>Shorewall supports two different forms of blacklisting; static and
+    dynamic. Beginning with Shorewall version 1.4.8, the BLACKLISTNEWONLY
+    option in /etc/shorewall/shorewall.conf controls the degree of blacklist
+    filtering:</para>
+
+    <orderedlist>
+      <listitem>
+        <para>BLACKLISTNEWONLY=No --&#x00A0; All incoming packets are checked
+        against the blacklist. New blacklist entries can be used to terminate
+        existing connections. Versions of Shorewall prior to 1.4.8 behave in
+        this manner.</para>
+      </listitem>
+
+      <listitem>
+        <para>BLACKLISTNEWONLY=Yes -- The blacklists are only consulted for
+        new connection requests. Blacklists may not be used to terminate
+        existing connections. Only the source address is checked against the
+        blacklists.</para>
+      </listitem>
+    </orderedlist>
+
+    <para>Only the source address is checked against the blacklists.</para>
+  </section>
+
+  <section>
+    <title>Static Blacklisting</title>
+
+    <para>Shorewall static blacklisting support has the following
+    configuration parameters:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>You specify whether you want packets from blacklisted hosts
+        dropped or rejected using the BLACKLIST_DISPOSITION setting in <ulink
+        url="Documentation.htm#Config">/etc/shorewall/shorewall.conf.</ulink></para>
+      </listitem>
+
+      <listitem>
+        <para>You specify whether you want packets from blacklisted hosts
+        logged and at what syslog level using the BLACKLIST_LOGLEVEL setting
+        in <ulink url="Documentation.htm#Config">/etc/shorewall/shorewall.conf</ulink>.</para>
+      </listitem>
+
+      <listitem>
+        <para>You list the IP addresses/subnets that you wish to blacklist in
+        <ulink url="Documentation.htm#Blacklist">/etc/shorewall/blacklist</ulink>.
+        Beginning with Shorewall version 1.3.8, you may also specify PROTOCOL
+        and Port numbers/Service names in the blacklist file.</para>
+      </listitem>
+
+      <listitem>
+        <para>You specify the interfaces whose incoming packets you want
+        checked against the blacklist using the &#34;blacklist&#34; option in
+        <ulink url="Documentation.htm#Interfaces">/etc/shorewall/interfaces</ulink>.</para>
+      </listitem>
+
+      <listitem>
+        <para>The black list is refreshed from /etc/shorewall/blacklist by the
+        &#34;<ulink url="starting_and_stopping_shorewall.htm">shorewall
+        refresh</ulink>&#34; command.</para>
+      </listitem>
+    </itemizedlist>
+  </section>
+
+  <section>
+    <title>Dynamic Blacklisting</title>
+
+    <para>Dynamic blacklisting support was added in version 1.3.2. Dynamic
+    blacklisting doesn&#39;t use any configuration parameters but is rather
+    controlled using /sbin/shorewall commands:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>drop <emphasis>&#60;ip address list&#62;</emphasis> - causes
+        packets from the listed IP addresses to be silently dropped by the
+        firewall.</para>
+      </listitem>
+
+      <listitem>
+        <para>reject <emphasis>&#60;ip address list&#62;</emphasis> - causes
+        packets from the listed IP addresses to be rejected by the firewall.</para>
+      </listitem>
+
+      <listitem>
+        <para>allow <emphasis>&#60;ip address list&#62;</emphasis> -
+        re-enables receipt of packets from hosts previously blacklisted by a
+        <emphasis>drop</emphasis> or <emphasis>reject</emphasis> command.</para>
+      </listitem>
+
+      <listitem>
+        <para>save - save the dynamic blacklisting configuration so that it
+        will be automatically restored the next time that the firewall is
+        restarted.</para>
+      </listitem>
+
+      <listitem>
+        <para>show dynamic - displays the dynamic blacklisting configuration.</para>
+      </listitem>
+    </itemizedlist>
+
+    <para>Dynamic blacklisting is not dependent on the &#34;blacklist&#34;
+    option in /etc/shorewall/interfaces.</para>
+
+    <example>
+      <title>Ingore packets from a pair if systems</title>
+
+      <programlisting>    shorewall drop 192.0.2.124 192.0.2.125</programlisting>
+
+      <para>Drops packets from hosts 192.0.2.124 and 192.0.2.125</para>
+    </example>
+
+    <example>
+      <title>Re-enable packetes from a system</title>
+
+      <programlisting>    shorewall allow 192.0.2.125</programlisting>
+
+      <para>Re-enables traffic from 192.0.2.125.</para>
+    </example>
+  </section>
+</article>
\ No newline at end of file
