diff --git a/Shorewall/manpages/shorewall-policy.xml b/Shorewall/manpages/shorewall-policy.xml
index a317f80da..3a65c2498 100644
--- a/Shorewall/manpages/shorewall-policy.xml
+++ b/Shorewall/manpages/shorewall-policy.xml
@@ -242,13 +242,34 @@
BURST:LIMIT (limit) -
- [{s|d}:[[name]:]]]rate/{second|minute}[:burst]
+ [-|limit]
+ where limit is one of:
+
+
+ [-|[{s|d}:[[name]:]]]rate/{sec|min|hour|day}[:burst]
+
+ [name1]:rate1/{sec|min|hour|day}[:burst1],[name2]:rate2/{sec|min|hour|day}[:burst2]
+
+
If passed, specifies the maximum TCP connection
rate and the size of an acceptable
burst. If not specified, TCP connections are
@@ -261,9 +282,19 @@
the user and specifies a hash table to be used to count matching
connections. If not give, the name shorewall is assumed. Where more than one
- POLICY specifies the same name, the connections counts for the
- policies are aggregated and the individual rates apply to the
+ POLICY or rule specifies the same name, the connections counts for
+ the policies are aggregated and the individual rates apply to the
aggregated count.
+
+ Beginning with Shorewall 4.6.5, two
+ limits may be specified, separated by a comma. In this
+ case, the first limit (name1,
+ rate1, burst1) specifies the per-source
+ IP limit and the second limit specifies the per-destination IP
+ limit.
+
+ Example: client:10/sec:20,:60/sec:100
diff --git a/Shorewall6/manpages/shorewall6-policy.xml b/Shorewall6/manpages/shorewall6-policy.xml
index 3d4ed0e9a..f1390689c 100644
--- a/Shorewall6/manpages/shorewall6-policy.xml
+++ b/Shorewall6/manpages/shorewall6-policy.xml
@@ -242,13 +242,34 @@
BURST:LIMIT (limit) -
- [{s|d}:[[name]:]]]rate/{second|minute}[:burst]
+ [-|limit]
+ where limit is one of:
+
+
+ [-|[{s|d}:[[name]:]]]rate/{sec|min|hour|day}[:burst]
+
+ [name1]:rate1/{sec|min|hour|day}[:burst1],[name2]:rate2/{sec|min|hour|day}[:burst2]
+
+
If passed, specifies the maximum TCP connection
rate and the size of an acceptable
burst. If not specified, TCP connections are
@@ -261,9 +282,19 @@
the user and specifies a hash table to be used to count matching
connections. If not give, the name shorewall is assumed. Where more than one
- POLICY specifies the same name, the connections counts for the
- policies are aggregated and the individual rates apply to the
+ POLICY or rule specifies the same name, the connections counts for
+ the policies are aggregated and the individual rates apply to the
aggregated count.
+
+ Beginning with Shorewall 4.6.5, two
+ limits may be specified, separated by a comma. In this
+ case, the first limit (name1,
+ rate1, burst1) specifies the per-source
+ IP limit and the second limit specifies the per-destination IP
+ limit.
+
+ Example: client:10/sec:20,:60/sec:100