Document 'findgw' in the extension script doc

docs/PacketMarking.xml

@@ -57,6 +57,13 @@
     url="manpages/shorewall.html">shorewal</ulink>(8) and <ulink
     url="manpages6/shorewall6.html">shorewall6</ulink>(8).</para>
 
+    <para>Example (output has been folded for display ):</para>
+
+    <programlisting>[11692.096077] TRACE: mangle:tcout:return:3 IN= OUT=eth0 SRC=172.20.1.130
+                                            DST=206.124.146.254 LEN=84 TOS=0x00 PREC=0x00 TTL=64
+                                            ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=7212 SEQ=3 UID=0 
+                                            GID=1000 <emphasis role="bold">MARK=0x10082</emphasis></programlisting>
+
     <para>Each active connection (even those that are not yet in ESTABLISHED
     state) has a mark value that is distinct from the packet marks. Connection
     mark values can be seen using the <command>shorewall show

docs/shorewall_extension_scripts.xml

@@ -184,6 +184,15 @@ esac</programlisting><caution>
         completion of a successful <command>shorewall restore</command> and
         <command>shorewall-lite restore</command>.</para>
       </listitem>
+
+      <listitem>
+        <para>findgw -- This script is invoked when Shorewall is attempting to
+        discover the gateway through a dynamic interface. The script is most
+        often used when the interface is managed by dhclient which has no
+        standardized location/name for its lease database. Scripts for use
+        with dhclient on several distributions are available at <ulink
+        url="http://www.shorewall.net/pub/shorewall/contrib/findgw/">http://www.shorewall.net/pub/shorewall/contrib/findgw/</ulink></para>
+      </listitem>
     </itemizedlist>
 
     <para><emphasis role="bold">If your version of Shorewall doesn't have the

manpages/shorewall.xml

@@ -871,6 +871,12 @@
           <para>The <replaceable>iptables match expression</replaceable> must
           be one or more matches that may appear in both the raw table OUTPUT
           and raw table PREROUTING chains.</para>
+
+          <para>The trace records are written to the kernel's log buffer with
+          faciility = kernel and priority = warning, and they are routed from
+          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
+          Shorewall has no control over where the messages go; consult your
+          logging daemon's documentation.</para>
         </listitem>
       </varlistentry>
 

manpages6/shorewall6.xml

@@ -703,9 +703,15 @@
           TRACE log records to be created. See ip6tables(8) for
           details.</para>
 
-          <para>The <replaceable>iptables match expression</replaceable> must
+          <para>The <replaceable>ip6tables match expression</replaceable> must
           be one or more matches that may appear in both the raw table OUTPUT
           and raw table PREROUTING chains.</para>
+
+          <para>The trace records are written to the kernel's log buffer with
+          faciility = kernel and priority = warning, and they are routed from
+          there by your logging daemon (syslogd, rsyslog, syslog-ng, ...) --
+          Shorewall has no control over where the messages go; consult your
+          logging daemon's documentation.</para>
         </listitem>
       </varlistentry>