From c3cd826cb2ac33e4e6f09f56f022f3a4b464ccaf Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 18 Nov 2007 16:16:53 +0000
Subject: [PATCH] Disallow refresh of built-in chains

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7688 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 manpages/shorewall.xml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/manpages/shorewall.xml b/manpages/shorewall.xml
index 49553d98e..1ba51aadb 100644
--- a/manpages/shorewall.xml
+++ b/manpages/shorewall.xml
@@ -932,7 +932,8 @@
           can refresh chains in other tables by prefixing the chain name with
           the table name followed by ":" (e.g., nat:net_dnat). Chain names
           which follow are assumed to be in that table until the end of the
-          list or until an entry in the list names another table.</para>
+          list or until an entry in the list names another table. Built-in
+          chains such as FORWARD may not be refreshed.</para>
 
           <para>Example:<programlisting><command>shorewall refresh net2fw nat:net_dnat</command> #Refresh the 'net2loc' chain in the filter table and the 'net_dnat' chain in the nat table</programlisting></para>
         </listitem>