diff --git a/manpages/shorewall-tcclasses.xml b/manpages/shorewall-tcclasses.xml
index b43e47deb..75961d01e 100644
--- a/manpages/shorewall-tcclasses.xml
+++ b/manpages/shorewall-tcclasses.xml
@@ -196,8 +196,8 @@
role="bold">,option]...]
- A comma-separated list of options including the
- following:
+ Added in Shorewall-perl 4.1. A comma-separated list of options
+ including the following:
diff --git a/manpages/shorewall-tcrules.xml b/manpages/shorewall-tcrules.xml
index 01a2414cb..649058014 100644
--- a/manpages/shorewall-tcrules.xml
+++ b/manpages/shorewall-tcrules.xml
@@ -87,7 +87,14 @@
- If the SOURCE is $FW[:address-or-range[,address-or-range]...],
- then the rule is inserted into the OUTPUT chain.
+ then the rule is inserted into the OUTPUT chain. The behavior
+ changed in Shorewall-perl 4.1. Previously, when
+ HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero mark values
+ < 256 to be assigned in the OUTPUT chain. This has been
+ changed so that only high mark values may be assigned there.
+ Packet marking rules for traffic shaping of packets originating
+ on the firewall must be coded in the POSTROUTING chain (see
+ below).
- Otherwise, the chain is determined by the setting of
MARK_IN_FORWARD_CHAIN in
Example:shorewall refresh net2fw nat:net_dnat #Refresh the 'net2loc' chain in the filter table and the 'net_dnat' chain in the nat table
+
+ Beginning with Shorewall 4.1, the refresh command has slightly different
+ behavior. When no chain name is given to the refresh command, the mangle table is
+ refreshed along with the blacklist chain (if any). This allows you
+ to modify /etc/shorewall/tcrules and install
+ the changes using refresh.