diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index da47e9ad7..b0e40bd3b 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -216,7 +216,7 @@
/usr/share/shorewall/modules - directs
- the firewall to load kernel modules.
+ the firewall to load kernel modules.
@@ -432,6 +432,79 @@ ACCEPT net:\
+
+ Specifying SOURCE and DEST
+
+ Entries in Shorewall configuration files often deal with the source
+ (SOURCE) and destination (DEST) of connections and Shorewall implements a
+ uniform way for specifying them.
+
+ A SOURCE or DEST consists of one to three parts separated by colons
+ (":"):
+
+
+
+ ZONE — The name of a zone declared in
+ /etc/shorewall/zones or
+ /etc/shorewall6/zones. This part is only
+ available in the rules file (/etc/shorewall/rules
+ and /etc/shorewall6/rules).
+
+
+
+ INTERFACE — The name of an interface that matches an entry in
+ /etc/shorewall/interfaces
+ (/etc/shorewall6/interfaces).
+
+
+
+ ADDRESS LIST — A list of one or more addresses (host or network)
+ or address ranges, separated by commas. In an IPv6 configuration, this
+ list must be includes in angled brackets ("<...>"). The list may
+ have exclusion.
+
+
+
+ Examples.
+
+
+
+ All hosts in the net zone —
+ net
+
+
+
+ Subnet 192.168.1.0/29 in the loc zone — loc:192.168.1.0/29
+
+
+
+ All hosts in the net zone connecting through ppp0 — net:ppp0
+
+
+
+ All hosts interfaced by eth3 — eth3
+
+
+
+ Subnet 10.0.1.0/24 interfacing through eth2 — eth2:10.0.1.0/24
+
+
+
+ Host 2002:ce7c:92b4:1:a00:27ff:feb1:46a9 in the loc zone — loc:<2002:ce7c:92b4:1:a00:27ff:feb1:46a9>
+
+
+
+
INCLUDE Directive