From 48b85c5353cd18347c5c588289854534a5b6b551 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Mon, 12 Jan 2009 23:57:02 +0000
Subject: [PATCH] Update Shorewall-perl migration issues

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9277 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/Shorewall-perl.xml | 43 ++++++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 13 deletions(-)

diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml
index 3e33bca1d..a4863e745 100644
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@@ -148,7 +148,8 @@
 
             <listitem>
               <para>The refresh command does not alter the Netfilter
-              configuration except for the static blacklist.</para>
+              configuration except for the static blacklist (it also refreshes
+              the mangle table, beginning with Shorewall 4.2.0).</para>
             </listitem>
           </itemizedlist>
         </listitem>
@@ -186,23 +187,13 @@
                   <row>
                     <entry>maclog</entry>
 
-                    <entry>initdone</entry>
-
-                    <entry></entry>
+                    <entry>start</entry>
                   </row>
 
                   <row>
                     <entry>Per-chain (including those associated with
                     actions)</entry>
 
-                    <entry>start</entry>
-
-                    <entry></entry>
-                  </row>
-
-                  <row>
-                    <entry></entry>
-
                     <entry>started</entry>
 
                     <entry></entry>
@@ -518,11 +509,37 @@ ACCEPT  loc:eth0:192.168.1.3,192.168.1.5       $FW  tcp   22</programlisting>Wit
 ACCEPT loc:eth0:192.168.1.3,eth0:192.168.1.5   $fw  tcp   22</programlisting>
           Shorewall-perl does not support this alternative syntax.</para>
         </listitem>
+
+        <listitem>
+          <para>Beginning in Shorewall 4.2.0, Shorewall-perl gives a warning
+          if a zone name is entered in the DEST column of a
+          <firstterm>nonat</firstterm> rule. Nonat rules include:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>DNAT-</para>
+            </listitem>
+
+            <listitem>
+              <para>REDIRECT-</para>
+            </listitem>
+
+            <listitem>
+              <para>NONAT</para>
+            </listitem>
+          </itemizedlist>
+
+          <para>So rather than this:<programlisting>#ACTION            SOURCE             DEST             PROTO        DEST PORT(S)
+DNAT-              net                loc:192.168.1.3  tcp          21</programlisting></para>
+
+          <para>you instead want:<programlisting>#ACTION            SOURCE             DEST             PROTO        DEST PORT(S)
+DNAT-              net                192.168.1.3  tcp          21</programlisting></para>
+        </listitem>
       </orderedlist>
     </section>
 
     <section id="PerlDep">
-      <title>Dependence on Perl</title>
+      <title> Dependence on Perl</title>
 
       <para>Shorewall-perl is dependent on Perl (see the next section) which
       has a large disk footprint. This makes Shorewall-perl less desirable in