diff --git a/docs/Macros.xml b/docs/Macros.xml
index 712d166c3..161953ec4 100644
--- a/docs/Macros.xml
+++ b/docs/Macros.xml
@@ -102,6 +102,14 @@ PARAM - - tcp 135,139,445
somewhere else on your CONFIG_PATH) and modify the copy.
+
+ You can see a list of the Standard Macros in your version of
+ Shorewall using the shorewall show macros command.
+ You can see the contents of the file
+ macro.name by typing shorewall
+ show macro name.
+
+
User-defined Macros. These macros are created by end-users. They
are defined in macro.* files in /etc/shorewall or in another directory
@@ -796,19 +804,20 @@ bar:debug
- You can not associate an Extension Script with a macro the way that you can with an
- Action. So if you need access to iptables features not
- directly supported by Shorewall then you must use an action.
+ Embedded Perl is much more useful in an
+ action than it is in a macro. So if you need access to
+ iptables features not directly supported by Shorewall then you should
+ use an action.
- Macros are expanded in-line while each action is its own chain.
- So if there are a lot of rules involved in your new action/macro then
- it is generally better to use an action than a macro. Only the packets
- selected when you invoke the action are directed to the corresponding
- chain. On the other hand, if there are only one or two rules involved
- in what you want to do then a macro is more efficient.
+ Macros are expanded in-line while each action (that doesn't
+ specify the inline option) is its own chain. So if there are a lot of
+ rules involved in your new action/macro then it is generally better to
+ use an action than a macro. Only the packets selected when you invoke
+ the action are directed to the corresponding chain. On the other hand,
+ if there are only one or two rules involved in what you want to do
+ then a macro is more efficient.