diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index 1ff32eacc..f88c454e5 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -1261,6 +1261,55 @@ net all DROP infothen the chain name is 'net2all'
+
+ MASK_BITS=[number]
+
+
+ Added in Shorewall 4.4.26. Number of bits on the right of the
+ 32-bit packet mark to be masked when clearing the traffic shaping
+ mark. Must be >= TC_BITS and <= PROVIDER_OFFSET (if
+ PROVIDER_OFFSET > 0). Default value and the default values of the
+ other mark layout options is determined as follows:
+
+
+
+
+
MODULE_SUFFIX=["extension ...then the chain name is 'net2all'
+
+ PROVIDER_BITS=[number]
+
+
+ Added in Shorewall 4.4.26. The number of bits in the 32-bit
+ packet mark to be used for provider numbers. May be zero. See MASK_BITS above for default value.
+
+
+
+
+ PROVIDER_OFFSET=[number]
+
+
+ Added in Shorewall 4.4.26. The offset from the right
+ (low-order end) of the provider number field in the 32-bit packet
+ mark. If non-zero, must be >= TC_BITS (Shorewall automatically
+ adjusts PROVIDER_OFFSET's value). PROVIDER_OFFSET + PROVIDER_BITS +
+ ZONE_BITS must be < 32. See MASK_BITS above for default value.
+
+
+
RCP_COMMAND="commandthen the chain name is 'net2all'
+
+ TC_BITS=[number]
+
+
+ The number of bits at the low end of the 32-bit packet mark to
+ be used for traffic shaping marking. May be zero. See MASK_BITS above for default value.
+
+
+
TC_ENABLED=[Yes|then the chain name is 'net2all'
+
+ ZONE_BITS=[number]
+
+
+ Added in Shorewall 4.4.26. When non-zero, enables automatic
+ packet marking by source zone and determines the number of bits in
+ the 32-bit packet mark to be used for the zone mark. Default value
+ is 0.
+
+
+
ZONE2ZONE={|}