Add some expectation-setting warnings to two of the documents

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@3831 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb

docs/MultiISP.xml

@@ -46,6 +46,25 @@
     you</emphasis>.</para>
   </warning>
 
+  <warning>
+    <para>Reading just Shorewall documentation is probably not going to give
+    you enough background to use this material. Shorewall may make iptables
+    easy but the Shorewall team simply can't be expected to spoon-feed Linux
+    policy routing to you (please remember that the user's manual for a
+    tractor doesn't teach you to grow corn). You will need to refer to at
+    least the following additional information: </para>
+
+    <simplelist>
+      <member>The LARTC HOWTO: <ulink
+      url="http://www.lartc.org">http://www.lartc.org</ulink></member>
+
+      <member>Output of <command>man ip</command></member>
+
+      <member>Output of <command>ip route help</command> and <command>ip rule
+      help</command></member>
+    </simplelist>
+  </warning>
+
   <section>
     <title>Multiple Internet Connection Support</title>
 
@@ -565,13 +584,13 @@ eth1             eth2              130.252.99.27</programlisting>
         successfully routed.</para>
 
         <programlisting>gateway:~ # <command>ip rule ls</command>
-0:      from all lookup local
+0:      from all lookup local                &lt;=== Local (to the firewall) IP addresses
-10001:  from all fwmark 0x1 lookup Blarg
+10001:  from all fwmark 0x1 lookup Blarg     &lt;=== This and the next rule are generated by the
-10002:  from all fwmark 0x2 lookup Comcast
+10002:  from all fwmark 0x2 lookup Comcast        'MARK' values in /etc/shorewall/providers.
-20000:  from 206.124.146.176 lookup Blarg
+20000:  from 206.124.146.176 lookup Blarg    &lt;=== This and the next rule are generated unless
-20256:  from 24.12.22.33 lookup Comcast
+20256:  from 24.12.22.33 lookup Comcast           'loose' is specified; based in the output of 'ip addr ls'
-32766:  from all lookup main
+32766:  from all lookup main                 &lt;=== This is the routing table shown by 'iproute -n'
-32767:  from all lookup default
+32767:  from all lookup default              &lt;=== This table is empty
 gateway:~ #</programlisting>
 
         <para>In the above example, there are two providers: Blarg and Comcast
@@ -597,7 +616,7 @@ gateway:~ #</programlisting>
           </varlistentry>
 
           <varlistentry>
-            <term>DEST(optional)</term>
+            <term>DEST (Optional)</term>
 
             <listitem>
               <para>An ip address (network or host) that matches the

docs/traffic_shaping.xml

@@ -55,6 +55,28 @@
     you.</para>
   </important>
 
+  <warning>
+    <para>Said another way, reading just Shorewall documentation is probably
+    not going to give you enough background to use this material. Shorewall
+    may make iptables easy but the Shorewall team simply can't be expected to
+    spoon-feed Linux traffic control to you (please remember that the user's
+    manual for a tractor doesn't teach you to grow corn).</para>
+
+    <para>You will need to refer to at least the following additional
+    information:</para>
+
+    <simplelist>
+      <member>The LARTC HOWTO: <ulink
+      url="http://www.lartc.org">http://www.lartc.org</ulink></member>
+
+      <member>The documents listed at <ulink
+      url="http://www.netfilter.org/documentation/index.html#documentation-howto">http://www.netfilter.org/documentation/index.html#documentation-howto</ulink>.
+      The tutorial by Oskar Andreasson is particularly good.</member>
+
+      <member>The output of <command>man iptables</command></member>
+    </simplelist>
+  </warning>
+
   <section>
     <title>Introduction</title>