From 0634e100732521b5d17ef92c46aa6cea591916a3 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 1 Oct 2006 15:58:15 +0000
Subject: [PATCH] Mention purpose of common actions in the quickstart guides

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@4608 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/standalone.xml      | 16 +++++++++++++++-
 docs/three-interface.xml | 16 +++++++++++++++-
 docs/two-interface.xml   | 16 +++++++++++++++-
 3 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/docs/standalone.xml b/docs/standalone.xml
index 7aa83e521..4d01a6644 100644
--- a/docs/standalone.xml
+++ b/docs/standalone.xml
@@ -262,7 +262,21 @@ net     ipv4</programlisting>
     action</ulink> defined for the policy in
     <filename>/etc/shorewall/actions</filename> or
     <filename>/usr/share/shorewall/actions.std</filename> then that action is
-    peformed before the policy is applied.</para>
+    peformed before the policy is applied. The purpose of the common action is
+    two-fold:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>It silently drops or rejects harmless common traffic that would
+        otherwise clutter up your log — Broadcasts for example.</para>
+      </listitem>
+
+      <listitem>
+        <para>If ensures that traffic critical to correct operation is allowed
+        through the firewall — ICMP <emphasis>fragmentation-needed</emphasis>
+        for example.</para>
+      </listitem>
+    </itemizedlist>
 
     <para>The <filename>/etc/shorewall/policy</filename> file included with
     the one-interface sample has the following policies:</para>
diff --git a/docs/three-interface.xml b/docs/three-interface.xml
index 32a414113..5a03091ec 100644
--- a/docs/three-interface.xml
+++ b/docs/three-interface.xml
@@ -270,7 +270,21 @@ dmz     ipv4</programlisting>Zone names are defined in
     url="shorewall_extension_scripts.htm">comon action</ulink> defined for the
     policy in <filename>/etc/shorewall/actions</filename> or
     <filename>/usr/share/shorewall/actions.std</filename> then that action is
-    peformed before the action is applied.</para>
+    peformed before the action is applied. The purpose of the common action is
+    two-fold:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>It silently drops or rejects harmless common traffic that would
+        otherwise clutter up your log — Broadcasts for example.</para>
+      </listitem>
+
+      <listitem>
+        <para>If ensures that traffic critical to correct operation is allowed
+        through the firewall — ICMP <emphasis>fragmentation-needed</emphasis>
+        for example.</para>
+      </listitem>
+    </itemizedlist>
 
     <para>The <filename>/etc/shorewall/policy</filename> file included with
     the three-interface sample has the following policies:</para>
diff --git a/docs/two-interface.xml b/docs/two-interface.xml
index 4017fbe48..a87ea73e2 100644
--- a/docs/two-interface.xml
+++ b/docs/two-interface.xml
@@ -251,7 +251,21 @@ loc     ipv4</programlisting>Zones are defined in the <ulink
     url="shorewall_extension_scripts.htm">comon action</ulink> defined for the
     policy in <filename>/etc/shorewall/actions</filename> or
     <filename>/usr/share/shorewall/actions.std</filename> then that action is
-    peformed before the action is applied.</para>
+    peformed before the action is applied. The purpose of the common action is
+    two-fold:</para>
+
+    <itemizedlist>
+      <listitem>
+        <para>It silently drops or rejects harmless common traffic that would
+        otherwise clutter up your log — Broadcasts for example.</para>
+      </listitem>
+
+      <listitem>
+        <para>If ensures that traffic critical to correct operation is allowed
+        through the firewall — ICMP <emphasis>fragmentation-needed</emphasis>
+        for example.</para>
+      </listitem>
+    </itemizedlist>
 
     <para>The <filename
     class="directory">/etc/shorewall/</filename><filename>policy</filename>