diff --git a/Shorewall/manpages/shorewall-tcfilters.xml b/Shorewall/manpages/shorewall-tcfilters.xml
index 26242660a..e428b03e9 100644
--- a/Shorewall/manpages/shorewall-tcfilters.xml
+++ b/Shorewall/manpages/shorewall-tcfilters.xml
@@ -88,9 +88,11 @@
address. DNS names are not allowed.
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
- Ematchcapability. The ipset name may optionally be
- followed by a number or a comma separated list of src and/or dst
- enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in
+ shorewall.conf (5). The
+ ipset name may optionally be followed by a number or a comma
+ separated list of src and/or dst enclosed in square brackets
+ ([...]). See shorewall-ipsets(5) for
details.
@@ -105,9 +107,11 @@
address. DNS names are not allowed.
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
- Ematchcapability. The ipset name may optionally be
- followed by a number or a comma separated list of src and/or dst
- enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in
+ shorewall.conf (5). The
+ ipset name may optionally be followed by a number or a comma
+ separated list of src and/or dst enclosed in square brackets
+ ([...]). See shorewall-ipsets(5) for
details.
diff --git a/Shorewall6/manpages/shorewall6-tcfilters.xml b/Shorewall6/manpages/shorewall6-tcfilters.xml
index 66e6e87a9..1813c0cc0 100644
--- a/Shorewall6/manpages/shorewall6-tcfilters.xml
+++ b/Shorewall6/manpages/shorewall6-tcfilters.xml
@@ -88,9 +88,11 @@
address. DNS names are not allowed.
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
- Ematch capability. The ipset name may optionally be
- followed by a number or a comma separated list of src and/or dst
- enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in
+ shorewall6.conf (5). The
+ ipset name may optionally be followed by a number or a comma
+ separated list of src and/or dst enclosed in square brackets
+ ([...]). See shorewall6-ipsets(5) for
details.
@@ -105,9 +107,11 @@
address. DNS names are not allowed.
Beginning with Shorewall 4.6.0, an ipset name (prefixed with '+')
may be used if your kernel and ip6tables have the Basic
- Ematchcapability. The ipset name may optionally be
- followed by a number or a comma separated list of src and/or dst
- enclosed in square brackets ([...]). See capability and you set BASIC_FILTERS=Yes in
+ shorewall6.conf (5). The
+ ipset name may optionally be followed by a number or a comma
+ separated list of src and/or dst enclosed in square brackets
+ ([...]). See shorewall6-ipsets(5) for
details.
diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml
index 0c6b34034..208b7f8f6 100644
--- a/docs/MultiISP.xml
+++ b/docs/MultiISP.xml
@@ -820,9 +820,9 @@ DROP:info net:192.168.1.0/24 all
url="manpages/shorewall-interfaces.html">shorewall-interfaces
(5) will not disable route filtering on a given interface. You must
set ROUTE_FILTER=No in shorewall-interfaces
- (5), then set the routefilter option
- on those interfaces on which you want route filtering.
+ url="manpages/shorewall.conf.html">shorewall.conf (5), then
+ set the routefilter option on those
+ interfaces on which you want route filtering.
diff --git a/docs/Shorewall_and_Aliased_Interfaces.xml b/docs/Shorewall_and_Aliased_Interfaces.xml
index 559e7c8b0..432fbb9f1 100644
--- a/docs/Shorewall_and_Aliased_Interfaces.xml
+++ b/docs/Shorewall_and_Aliased_Interfaces.xml
@@ -182,6 +182,13 @@ ACCEPT net $FW:206.124.146.178 tcp 22
#ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
# PORT(S) DEST
DNAT net loc:192.168.1.3 tcp 80 - 206.124.146.178
+
+ If I wished to forward tcp port 10000 on that virtual interface to
+ port 22 on local host 192.168.1.3, the rule would be:
+
+ #ACTION SOURCE DEST PROTO DEST PORT(S) SOURCE ORIGINAL
+# PORT(S) DEST
+DNAT net loc:192.168.1.3:22 tcp 10000 - 206.124.146.178