From cb729487399affaf9028ce9c5afa9f573478141c Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Fri, 18 May 2012 07:27:33 -0700
Subject: [PATCH] Add Geoip match to config basics doc. Clarify variable search
 algorithm.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 docs/configuration_file_basics.xml | 33 ++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

diff --git a/docs/configuration_file_basics.xml b/docs/configuration_file_basics.xml
index 8269cfefa..a7b5d2b60 100644
--- a/docs/configuration_file_basics.xml
+++ b/docs/configuration_file_basics.xml
@@ -834,7 +834,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
       <listitem>
         <para>ADDRESS LIST — A list of one or more addresses (host or network)
         or address ranges, separated by commas. In an IPv6 configuration, this
-        list must be includef in square or angled brackets ("[...]" or
+        list must be included in square or angled brackets ("[...]" or
         "&lt;...&gt;"). The list may have <link
         linkend="Exclusion">exclusion</link>.</para>
       </listitem>
@@ -875,7 +875,7 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
       <listitem>
         <para>Host 2002:ce7c:92b4:1:a00:27ff:feb1:46a9 in the <emphasis
         role="bold">loc</emphasis> zone — <emphasis
-        role="bold">loc:[2002:ce7c:92b4:1:a00:27ff:feb1:46a9]</emphasis></para>
+        role="bold">loc::[2002:ce7c:92b4:1:a00:27ff:feb1:46a9]</emphasis></para>
       </listitem>
 
       <listitem>
@@ -883,6 +883,12 @@ DNAT { source=net dest=loc:10.0.0.1 proto=tcp dport=80 mark=88 }</programlisting
         role="bold">$FW:&amp;eth0</emphasis> (see <link
         linkend="Rvariables">Run-time Address Variables</link> below)</para>
       </listitem>
+
+      <listitem>
+        <para>All hosts in Vatican City - <emphasis
+        role="bold">net:^VA</emphasis> (Shorwall 4.5.4 and later - See <ulink
+        url="ISO-3661.html">this article</ulink>).</para>
+      </listitem>
     </orderedlist>
   </section>
 
@@ -1517,12 +1523,23 @@ SHELL cat /etc/shorewall/rules.d/*.rules 2&gt; /dev/null || true</programlisting
       </listitem>
     </itemizedlist>
 
-    <para>If the <replaceable>variable</replaceable> is still not found and it
-    begins with '__', then those leading characters are stripped off and the
-    result is searched for in the defined <firstterm>capabilities</firstterm>.
-    The current set of capabilities may be obtained by the command
-    <command>shorewall show capabilities</command> (the capability names are
-    in parentheses).</para>
+    <para>If the <replaceable>variable</replaceable> is still not
+    found:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>it begins with '__', then those leading characters are stripped
+        off.</para>
+      </listitem>
+
+      <listitem>
+        <para>the variable is then searched for in the defined
+        <firstterm>capabilities</firstterm>. The current set of capabilities
+        may be obtained by the command <command>shorewall show
+        capabilities</command> (the capability names are in
+        parentheses).</para>
+      </listitem>
+    </itemizedlist>
 
     <para>If it is not found in any of those places, the
     <replaceable>variable</replaceable> is assumed to have a value of 0