diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 02418913b..130246972 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3745,8 +3745,8 @@ sub do_condition( $ ) {
 
     return '' if $condition eq '-';
 
-    require_capability 'CONDITION_MATCH', 'A non-empty CONDITION column', 's';
-    fatal_error "Invalid condition name ($condition)" unless $condition =~ /^[a-zA-Z]\w*$/;
+    require_capability 'CONDITION_MATCH', 'A non-empty SWITCH column', 's';
+    fatal_error "Invalid switch name ($condition)" unless $condition =~ /^[a-zA-Z][-\w]*$/;
 
     "-m condition --condition $condition "
 }
diff --git a/Shorewall/configfiles/rules b/Shorewall/configfiles/rules
index 068b23ff9..ca0f874b5 100644
--- a/Shorewall/configfiles/rules
+++ b/Shorewall/configfiles/rules
@@ -7,7 +7,7 @@
 # http://www.shorewall.net/manpages/shorewall-rules.html
 #
 ######################################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         CONDITION
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME         HEADERS         SWITCH
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/Shorewall6/configfiles/rules b/Shorewall6/configfiles/rules
index ba9607de5..cdbb68620 100644
--- a/Shorewall6/configfiles/rules
+++ b/Shorewall6/configfiles/rules
@@ -6,8 +6,8 @@
 # The manpage is also online at
 # http://www.shorewall.net/manpages6/shorewall6-rules.html
 #
-#######################################################################################################################################################################
-#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME            HEADERS
+###########################################################################################################################################################################
+#ACTION		SOURCE		DEST		PROTO	DEST	SOURCE		ORIGINAL	RATE		USER/	MARK	CONNLIMIT	TIME       HEADERS   SWITCH
 #							PORT	PORT(S)		DEST		LIMIT		GROUP
 #SECTION ALL
 #SECTION ESTABLISHED
diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index fe1a60e30..91abb1967 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -1604,7 +1604,7 @@ DNAT       net        loc:192.168.1.3 tcp       4000:4100</programlisting>
       LOGLIMIT.</para>
     </note>
 
-    <para>Shorewall also supports per-IP rate limiting. </para>
+    <para>Shorewall also supports per-IP rate limiting.</para>
 
     <para>Another example from <ulink
     url="manpages/shorewall.conf.html">shorewall.conf</ulink> (5):</para>
@@ -1624,6 +1624,52 @@ DNAT       net        loc:192.168.1.3 tcp       4000:4100</programlisting>
     above.</para>
   </section>
 
+  <section>
+    <title>Switches</title>
+
+    <para>There are times when you would like to enable or disable one or more
+    rules in the configuration without having to do a <command>shorewall
+    restart</command>. This may be accomplished using the SWITCH column in
+    <ulink url="manpages/shorewall-rules.html">shorewall-rules</ulink> (5) or
+    <ulink url="manpages6/shorewall6-rules.html">shorewall6-rules</ulink> (5).
+    Using this column requires that your kernel and iptables include
+    <firstterm>Condition Match Support</firstterm> and you must be running
+    Shorewall 4.4.24 or later. See the output of <command>shorewall show
+    capabilities</command> and <command>shorewall version</command> to
+    determine if you can use this feature. As of this writing, Condition Match
+    Support requires that you install xtables-addons.</para>
+
+    <para>The SWITCH column contains the name of a
+    <firstterm>switch.</firstterm> Each switch that is normally initially in
+    the off position. You can turn on the switch condition named
+    <emphasis>switch1</emphasis> by:</para>
+
+    <simplelist>
+      <member><command>echo 1 &gt;
+      /proc/net/nf_condition/switch1</command></member>
+    </simplelist>
+
+    <para>You can turn it off again by:</para>
+
+    <simplelist>
+      <member><command>echo 0 &gt;
+      /proc/net/nf_condition/switch1</command></member>
+    </simplelist>
+
+    <para>If you simply include the switch name in the SWITCH column, then the
+    rule is enabled only when the switch is on. If you precede the switch name
+    with ! (e.g., !switch1), then the rule is enabled only when the switch is
+    off. </para>
+
+    <warning>
+      <para>The <command>shorewall restart</command> command resets all
+      switches to off.</para>
+    </warning>
+
+    <para>Shorewall requires that switch names begin with a letter and be
+    composed of letters, digits, underscore ('_') or hyphen ('-').</para>
+  </section>
+
   <section id="Logical">
     <title>Logical Interface Names</title>
 
diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml
index 6009b4d4d..a0c9164ca 100644
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@@ -1279,16 +1279,33 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">CONDITION -
-        [!]<replaceable>condition-name</replaceable></emphasis></term>
+        <term><emphasis role="bold">SWITCH -
+        [!]<replaceable>switch-name</replaceable></emphasis></term>
 
         <listitem>
           <para>Added in Shorewall 4.4.24. Matches if the value stored in
-          <filename>/proc/net/nf_condition/<replaceable>condition-name</replaceable></filename>
+          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
           is 1. Does not match if that file contains 0 (the default). If '!'
           is supplied, the test is inverted such that there is a match if the
-          file contains 0. The condition-name must begin with a letter and be
-          composed of letters, decimal digits or underscores.</para>
+          file contains 0. The switch-name must begin with a letter and be
+          composed of letters, decimal digits, underscores or hyphens.</para>
+
+          <para>Switches are normally off. To turn on a switch:</para>
+
+          <simplelist>
+            <member><command>echo 1 &gt;
+            /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
+          </simplelist>
+
+          <para>To turn it off again:</para>
+
+          <simplelist>
+            <member><command>echo 0 &gt;
+            /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
+          </simplelist>
+
+          <para>The <command>shorewall restart</command> command turns all
+          switches off.</para>
         </listitem>
       </varlistentry>
     </variablelist>
@@ -1486,10 +1503,10 @@
         <term>Example 12:</term>
 
         <listitem>
-          <para>Forward port 80 to dmz host $BACKUP if condition
-          'primary_down' is set.</para>
+          <para>Forward port 80 to dmz host $BACKUP if switch 'primary_down'
+          is on.</para>
 
-          <programlisting>        #ACTION     SOURCE          DEST        PROTO       DEST         SOURCE    ORIGINAL   RATE      USER/     MARK    CONNLIMIT     TIME     HEADERS    CONDITION
+          <programlisting>        #ACTION     SOURCE          DEST        PROTO       DEST         SOURCE    ORIGINAL   RATE      USER/     MARK    CONNLIMIT     TIME     HEADERS    SWITCH
         #                                                   PORT(S)      PORT(S)   DEST       LIMIT     GROUP
         DNAT        net             dmz:$BACKUP tcp         80           -         -          -         -         -       -             -        -          primary_down</programlisting>
         </listitem>
diff --git a/manpages6/shorewall6-rules.xml b/manpages6/shorewall6-rules.xml
index ecebf06bf..33ca3784f 100644
--- a/manpages6/shorewall6-rules.xml
+++ b/manpages6/shorewall6-rules.xml
@@ -1104,16 +1104,33 @@
       </varlistentry>
 
       <varlistentry>
-        <term><emphasis role="bold">CONDITION -
-        [!]<replaceable>condition-name</replaceable></emphasis></term>
+        <term><emphasis role="bold">SWITCH -
+        [!]<replaceable>switch-name</replaceable></emphasis></term>
 
         <listitem>
           <para>Added in Shorewall6 4.4.24. Matches if the value stored in
-          <filename>/proc/net/nf_condition/<replaceable>condition-name</replaceable></filename>
+          <filename>/proc/net/nf_condition/<replaceable>switch-name</replaceable></filename>
           is 1. Does not match if that file contains 0 (the default). If '!'
           is supplied, the test is inverted such that there is a match if the
-          file contains 0. The condition-name must begin with a letter and be
-          composed of letters, decimal digits or underscores.</para>
+          file contains 0. The switch-name must begin with a letter and be
+          composed of letters, decimal digits, underscores or hyphens.</para>
+
+          <para>Switches are normally off. To turn on a switch:</para>
+
+          <simplelist>
+            <member><command>echo 1 &gt;
+            /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
+          </simplelist>
+
+          <para>To turn it off again:</para>
+
+          <simplelist>
+            <member><command>echo 0 &gt;
+            /proc/net/nf_condition/<replaceable>switch-name</replaceable></command></member>
+          </simplelist>
+
+          <para>The <command>shorewall6 restart</command> command turns all
+          switches off.</para>
         </listitem>
       </varlistentry>
     </variablelist>