From 9c749731c531a7285244e15abe2ff6f9c1a95c31 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sat, 22 Oct 2016 14:39:40 -0700
Subject: [PATCH] Add caution regarding Address Varibles

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/configuration_file_basics.xml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index c44954264..3d1ba0c6d 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -1654,6 +1654,14 @@ SSH(ACCEPT)    net:$MYIP      $FW
   <section id="AddressVariables">
     <title>Address Variables</title>
 
+    <caution>
+      <para>If you use address variables that refer to an optional interface,
+      the <command>enable</command> command will not change the rules that use
+      the variable. Therefore, to be completely safe, if you use such address
+      variables then you must follow an <command>enable</command> command with
+      a <command>reload</command> command.</para>
+    </caution>
+
     <para>Given that shell variables are expanded at compile time, there is no
     way to cause such variables to be expanded at run time. Prior to Shorewall
     4.4.17, this made it difficult (to impossible) to include dynamic IP