diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml index 4a0383ab5..efaee8096 100644 --- a/Shorewall/manpages/shorewall.conf.xml +++ b/Shorewall/manpages/shorewall.conf.xml @@ -424,10 +424,11 @@ When set to Yes or yes, blacklists are only consulted for new - connections. That includes entries in the shorewall-blrules (5) file and in the BLACKLIST - section of shorewall-rules - (5). + connections and for packets in the INVALID connection state (such as + TCP SYN,ACK when there has been no corresponding SYN). That includes + entries in the shorewall-blrules (5) file + and in the BLACKLIST section of shorewall-rules (5). When set to No or no, blacklists are consulted for every packet diff --git a/Shorewall6/manpages/shorewall6.conf.xml b/Shorewall6/manpages/shorewall6.conf.xml index 13c93621e..a0a044ef1 100644 --- a/Shorewall6/manpages/shorewall6.conf.xml +++ b/Shorewall6/manpages/shorewall6.conf.xml @@ -356,9 +356,13 @@ When set to Yes or yes, blacklists are only consulted for new - connections. This includes entries in the shorewall-blrules (5) file and in the BLACKLIST - section of shorewall6-conntrack(5). + This includes entries in the shorewall6-blrules (5) file + and in the BLACKLIST section of shorewall6-rules (5). When set to No or