From a06fcf71d2b38ce3b9a0976fdc8eb9014d5d0593 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 2 Jan 2007 03:43:51 +0000
Subject: [PATCH] Yet another tweak to FAQ 16a

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5184 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/FAQ.xml | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 5118cd38a..8a5e862b3 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -1032,15 +1032,18 @@ DROP      net       fw      udp      10619</programlisting>
         Netfilter log messages are written. The LOGFILE setting in
         <filename>shorewall.conf</filename> simply tells the
         <filename>/sbin/shorewall[-lite]</filename> program where to look for
-        the log. Also, it is important to understand that a log severity of
-        "debug" will generally be written to fewer log files than a log
-        severity of "info".</para>
+        the log. Also, it is important to understand that a log level of
+        "debug" will generally cause Netfilter messages be written to fewer
+        files in <filename class="directory">/var/log</filename> than a log
+        severity of "info". The log level does not control the number of log
+        messages or the content of the messages.</para>
 
         <para>The actual log file where Netfilter messages are written is not
-        standardized; but anytime you see no logging, it's time to look
-        outside the Shorewall configuration for the cause. As an example,
-        recent <trademark>SuSE</trademark> releases use syslog-ng by default
-        and write Shorewall messages to
+        standardized and will vary by distribution and distribusion version.
+        But anytime you see no logging, it's time to look outside the
+        Shorewall configuration for the cause. As an example, recent
+        <trademark>SuSE</trademark> releases use syslog-ng by default and
+        write Shorewall messages to
         <filename>/var/log/firewall</filename>.</para>
 
         <para>Please see the <ulink url="shorewall_logging.html">Shorewall
@@ -1358,9 +1361,9 @@ DROP      net       fw      udp      10619</programlisting>
 
       <para><emphasis role="bold">Answer:</emphasis> First of all, please note
       that the above is a very specific type of log message dealing with ICMP
-      port unreachable packets. Do not read this answer and assume that all
-      Shorewall log messages have something to do with ICMP (hint -- see <link
-      linkend="faq17">FAQ 17</link>).</para>
+      port unreachable packets (PROTO=ICMP TYPE=3 CODE=3). Do not read this
+      answer and assume that all Shorewall log messages have something to do
+      with ICMP (hint -- see <link linkend="faq17">FAQ 17</link>).</para>
 
       <para>While most people associate the Internet Control Message Protocol
       (ICMP) with <quote>ping</quote>, ICMP is a key piece of IP. ICMP is used