From 57c9efe38906e8ab3000990b5dd2b2f7534f0f92 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 17 Apr 2007 17:06:49 +0000
Subject: [PATCH] Add note about wild-card interfaces and /proc entries

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5975 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 manpages/shorewall-interfaces.xml | 43 ++++++++++++++++++++++++++++---
 1 file changed, 39 insertions(+), 4 deletions(-)

diff --git a/manpages/shorewall-interfaces.xml b/manpages/shorewall-interfaces.xml
index 71317fdcf..af223dd80 100644
--- a/manpages/shorewall-interfaces.xml
+++ b/manpages/shorewall-interfaces.xml
@@ -154,8 +154,15 @@ loc     eth2            -</programlisting>
 
               <listitem>
                 <para>Turn on kernel route filtering for this interface
-                (anti-spoofing measure). This option can also be enabled
-                globally in the <ulink
+                (anti-spoofing measure).</para>
+
+                <note>
+                  <para>This option does not work with a wild-card
+                  <replaceable>interface</replaceable> name (e.g., eth0.+) in
+                  the INTERFACE column.</para>
+                </note>
+
+                <para>This option can also be enabled globally in the <ulink
                 url="shorewall.conf.html">shorewall.conf</ulink>(5)
                 file.</para>
               </listitem>
@@ -186,6 +193,12 @@ loc     eth2            -</programlisting>
         1
         teastep@lists:~$ </programlisting>
 
+                <note>
+                  <para>This option does not work with a wild-card
+                  <replaceable>interface</replaceable> name (e.g., eth0.+) in
+                  the INTERFACE column.</para>
+                </note>
+
                 <para>This option may also be enabled globally in the <ulink
                 url="shorewall.conf.html">shorewall.conf</ulink>(5)
                 file.</para>
@@ -238,7 +251,11 @@ loc     eth2            -</programlisting>
                 url="shorewall-proxyarp.html">shorewall-proxyarp</ulink>(5).
                 This option is intended solely for use with Proxy ARP
                 sub-networking as described at: <ulink
-                url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html</ulink></para>
+                url="http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html">http://tldp.org/HOWTO/Proxy-ARP-Subnet/index.html</ulink><note>
+                    <para>This option does not work with a wild-card
+                    <replaceable>interface</replaceable> name (e.g., eth0.+)
+                    in the INTERFACE column.</para>
+                  </note></para>
               </listitem>
             </varlistentry>
 
@@ -264,6 +281,12 @@ loc     eth2            -</programlisting>
                 If not specified, the interface can respond to ARP who-has
                 requests for IP addresses on any of the firewall's interface.
                 The interface must be up when Shorewall is started.</para>
+
+                <note>
+                  <para>This option does not work with a wild-card
+                  <replaceable>interface</replaceable> name (e.g., eth0.+) in
+                  the INTERFACE column.</para>
+                </note>
               </listitem>
             </varlistentry>
 
@@ -290,6 +313,12 @@ loc     eth2            -</programlisting>
 
                 <para>8 - do not reply for all local addresses</para>
 
+                <note>
+                  <para>This option does not work with a wild-card
+                  <replaceable>interface</replaceable> name (e.g., eth0.+) in
+                  the INTERFACE column.</para>
+                </note>
+
                 <warning>
                   <para>Do not specify <emphasis
                   role="bold">arp_ignore</emphasis> for any interface involved
@@ -339,6 +368,12 @@ loc     eth2            -</programlisting>
                 to 1). Only set this option if you know what you are doing.
                 This might represent a security risk and is not usually
                 needed.</para>
+
+                <note>
+                  <para>This option does not work with a wild-card
+                  <replaceable>interface</replaceable> name (e.g., eth0.+) in
+                  the INTERFACE column.</para>
+                </note>
               </listitem>
             </varlistentry>
 
@@ -429,4 +464,4 @@ net     ppp0      -</programlisting>
     shorewall-tcclasses(5), shorewall-tcdevices(5), shorewall-tcrules(5),
     shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)</para>
   </refsect1>
-</refentry>
+</refentry>
\ No newline at end of file