From a1e36836513bdab910542a299cec5b0f55555b1e Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Wed, 10 Nov 2010 14:38:55 -0800
Subject: [PATCH] Documentation updates

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/configuration_file_basics.xml | 22 ++++++++++++++++++++++
 manpages/shorewall.conf.xml        |  6 ++++++
 manpages6/shorewall6.conf.xml      |  6 ++++++
 3 files changed, 34 insertions(+)

diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 45739d8c1..127e0b2c9 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -1448,6 +1448,28 @@ Comcast 2        0x20000 main       COM_IF     detect          balance
     class="devicefile">tun*</filename> in the COPY column.</para>
   </section>
 
+  <section>
+    <title>Zone and Chain Names</title>
+
+    <para>For a pair of zones, Shorewall creates two Netfilter chains; one for
+    connections in each direction. The names of these chains are formed by
+    separating the names of the two zones by either "2" or "-".</para>
+
+    <para>Example: Traffic from zone A to zone B would go through chain A2B
+    (think "A to B") or "A-B".</para>
+
+    <para>The default separator is "2" but you can override that by setting
+    ZONE_SEPARATOR="-" in <ulink
+    url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5).</para>
+
+    <para>Zones themselves have names that begin with a letter and are
+    composed of letters, numerals, and "_". The maximum length of a name is
+    dependent on the setting of LOGFORMAT in <ulink
+    url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5). See <ulink
+    url="manpages/shorewall-zones.html">shorewall-zones</ulink> (5) for
+    details.</para>
+  </section>
+
   <section id="Levels">
     <title>Shorewall Configurations</title>
 
diff --git a/manpages/shorewall.conf.xml b/manpages/shorewall.conf.xml
index f0061a487..395da4453 100644
--- a/manpages/shorewall.conf.xml
+++ b/manpages/shorewall.conf.xml
@@ -954,6 +954,12 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
           that substring is not included then the rule number is not included.
           If not supplied or supplied as empty (LOGFORMAT="") then
           “Shorewall:%s:%s:” is assumed.</para>
+
+          <note>
+            <para>The setting of LOGFORMAT has an effect of the permitted
+            length of zone names. See <ulink
+            url="shorewall-zones.html">shorewall-zones</ulink> (5).</para>
+          </note>
         </listitem>
       </varlistentry>
 
diff --git a/manpages6/shorewall6.conf.xml b/manpages6/shorewall6.conf.xml
index f16d26719..fbc6c228e 100644
--- a/manpages6/shorewall6.conf.xml
+++ b/manpages6/shorewall6.conf.xml
@@ -836,6 +836,12 @@ net     all  DROP   info</programlisting>then the chain name is 'net2all'
           that substring is not included then the rule number is not included.
           If not supplied or supplied as empty (LOGFORMAT="") then
           “Shorewall6:%s:%s:” is assumed.</para>
+
+          <note>
+            <para>The setting of LOGFORMAT has an effect of the permitted
+            length of zone names. See <ulink
+            url="shorewall6-zones.html">shorewall6-zones</ulink> (5).</para>
+          </note>
         </listitem>
       </varlistentry>