diff --git a/docs/Actions.xml b/docs/Actions.xml
index 763450859..e3d354b20 100644
--- a/docs/Actions.xml
+++ b/docs/Actions.xml
@@ -35,8 +35,8 @@
- This article applies to Shorewall 3.0 and later. If you are running
- a version of Shorewall earlier than Shorewall 3.0.0 then please see the
+ This article applies to Shorewall 4.0 and later. If you are running
+ a version of Shorewall earlier than Shorewall 4.0.0 then please see the
documentation for that release.
@@ -537,7 +537,8 @@ acton:info:test $FW net
There may be cases where you wish to create a chain with rules that
can't be constructed using the tools defined in the action.template. In
- that case, you can use an extension script.
+ that case, you can use an extension script.
If you actually need an action to drop broadcast packets, use
the dropBcast standard action rather than create
one like this.
@@ -548,9 +549,16 @@ acton:info:test $FW net
/etc/shorewall/actionsDropBcasts
- /etc/shorewall/action.DropBcasts# This file is empty
+ /etc/shorewall/action.DropBcasts# This file is emptyWhen
+ using Shorewall-shell:
- /etc/shorewall/DropBcastsrun_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP
+
+ /etc/shorewall/DropBcastsrun_iptables -A DropBcasts -m pkttype --pkttype broadcast -j DROP
+
When using Shorewall-Perl:
+ /etc/shorewall/DropBcastsuse Shorewall::Chains;
+
+add_rule( $chainref, '-m pkttype --pkttype broadcast -j DROP' );
+
For a richer example, see this