From 26ec7cee1d995cfdd9b2f21732f8d6f1c044f709 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 21 Sep 2010 06:59:55 -0700
Subject: [PATCH] Update ipset doc with multiple match syntax

---
 docs/ipsets.xml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/docs/ipsets.xml b/docs/ipsets.xml
index 8e997242a..c94fb1032 100644
--- a/docs/ipsets.xml
+++ b/docs/ipsets.xml
@@ -95,8 +95,8 @@
       </listitem>
 
       <listitem>
-        <para>They must be composed of letters, digits or underscores
-        ("_").</para>
+        <para>They must be composed of letters, digits, dashes ("-") or
+        underscores ("_").</para>
       </listitem>
     </itemizedlist>
 
@@ -128,6 +128,11 @@ ACCEPT       net:+sshok  $FW      tcp      22</programlisting></para>
     blacklist file, you can coerce the rule into matching the destination IP
     address rather than the source.</para>
 
+    <para>Beginning with Shorewall 4.4.14, multiple source or destination
+    matches may be specified by placing multiple set names in '+[...]' (e.g.,
+    +[myset,myotherset]). When so inclosed, the set names need not be prefixed
+    with a plus sign.</para>
+
     <para>Shorewall can save/restore your ipset contents with certain
     restrictions:</para>