diff --git a/Shorewall-docs2/Macros.xml b/Shorewall-docs2/Macros.xml
index 448cca07b..b970e8764 100644
--- a/Shorewall-docs2/Macros.xml
+++ b/Shorewall-docs2/Macros.xml
@@ -21,7 +21,7 @@
- 2005-09-12
+ 2005-09-20
2005
@@ -121,7 +121,7 @@ PARAM - - tcp 135,139,445
Copy /usr/share/shorewall/macro.template to
- /etc/shorewall/macro.ActionName (for example, if
+ /etc/shorewall/macro.MacroName (for example, if
your new macro name is Foo
then copy
/usr/share/shorewall/macro.template to
/etc/shorewall/macro.Foo).
@@ -137,7 +137,8 @@ PARAM - - tcp 135,139,445
ACTION - ACCEPT, DROP, REJECT, DNAT, DNAT-, REDIRECT, CONTINUE,
- LOG, QUEUE, PARAM or an action name.
+ LOG, QUEUE, PARAM or an action name. Note that a macro may not invoke
+ another macro.
ACCEPT - allow the connection request
@@ -189,9 +190,6 @@ PARAM - - tcp 135,139,445
The ACTION may optionally be followed by ":" and a syslog log
level (e.g, REJECT:info or DNAT:debug). This causes the packet to be
logged at the specified level.
-
- (http://www.gnumonks.org/projects/ulogd).
@@ -404,4 +402,30 @@ bar:debug
+
+
+ How do I know if I should create an Action or a Macro?
+
+ While actions and macros perform similar functions, in any given
+ case you will generally find that one is more appropriate than the
+ other.
+
+
+
+ You can not associate an Extension Script with a macro the way that you can with an
+ Action. So if you need access to iptables features not
+ directly supported by Shorewall then you must use an action.
+
+
+
+ Macros are expanded in-line while each action is it's own chain.
+ So if there are a lot of rules involved in your new action/macro then
+ it is generally better to use an action than a macro. Only the packets
+ selected when you invoke the action are directed to the corresponding
+ chain. On the other hand, if there are only one or two rules involved
+ in what you want to do then a macro is more efficient.
+
+
+
\ No newline at end of file