diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml
index 3e33bca1d..a4863e745 100644
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@@ -148,7 +148,8 @@
The refresh command does not alter the Netfilter
- configuration except for the static blacklist.
+ configuration except for the static blacklist (it also refreshes
+ the mangle table, beginning with Shorewall 4.2.0).
@@ -186,23 +187,13 @@
maclog
- initdone
-
-
+ start
Per-chain (including those associated with
actions)
- start
-
-
-
-
-
-
-
started
@@ -518,11 +509,37 @@ ACCEPT loc:eth0:192.168.1.3,192.168.1.5 $FW tcp 22Wit
ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5 $fw tcp 22
Shorewall-perl does not support this alternative syntax.
+
+
+ Beginning in Shorewall 4.2.0, Shorewall-perl gives a warning
+ if a zone name is entered in the DEST column of a
+ nonat rule. Nonat rules include:
+
+
+
+ DNAT-
+
+
+
+ REDIRECT-
+
+
+
+ NONAT
+
+
+
+ So rather than this:#ACTION SOURCE DEST PROTO DEST PORT(S)
+DNAT- net loc:192.168.1.3 tcp 21
+
+ you instead want:#ACTION SOURCE DEST PROTO DEST PORT(S)
+DNAT- net 192.168.1.3 tcp 21
+
- Dependence on Perl
+ Dependence on Perl
Shorewall-perl is dependent on Perl (see the next section) which
has a large disk footprint. This makes Shorewall-perl less desirable in