From 4347190f821c169baa189c9e1d75a2bdb010121a Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 24 Aug 2014 09:10:10 -0700
Subject: [PATCH] Clarify REJECT handling in IP[6]TABLE rules

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/manpages/shorewall-rules.xml   | 23 ++++++++++++-----
 Shorewall6/manpages/shorewall6-rules.xml | 32 ++++++++++++++++--------
 2 files changed, 39 insertions(+), 16 deletions(-)

diff --git a/Shorewall/manpages/shorewall-rules.xml b/Shorewall/manpages/shorewall-rules.xml
index 0466f8c6f..ae2275a53 100644
--- a/Shorewall/manpages/shorewall-rules.xml
+++ b/Shorewall/manpages/shorewall-rules.xml
@@ -476,24 +476,35 @@
             </varlistentry>
 
             <varlistentry>
-              <term>IPTABLES({<replaceable>target</replaceable>
+              <term>IPTABLES({<replaceable>iptables-target</replaceable>
               [<replaceable>option</replaceable> ...])</term>
 
               <listitem>
                 <para>This action allows you to specify an iptables target
                 with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
-                the target is not one recognized by Shorewall, the following
-                error message will be issued:</para>
+                the <replaceable>iptables-target</replaceable> is not one
+                recognized by Shorewall, the following error message will be
+                issued:</para>
 
                 <simplelist>
                   <member>ERROR: Unknown target
-                  (<replaceable>target</replaceable>)</member>
+                  (<replaceable>iptables-target</replaceable>)</member>
                 </simplelist>
 
                 <para>This error message may be eliminated by adding the
-                <replaceable>target</replaceable> as a builtin action in
-                <ulink
+                <replaceable>iptables-</replaceable><replaceable>target</replaceable>
+                as a builtin action in <ulink
                 url="/manpages/shorewall-actions.html">shorewall-actions</ulink>(5).</para>
+
+                <important>
+                  <para>If you specify REJECT as the
+                  <replaceable>iptables-target</replaceable>, the target of
+                  the rule will be the iptables REJECT target and not
+                  Shorewall's builtin 'reject' chain which is used when REJECT
+                  (see below) is specified as the
+                  <replaceable>target</replaceable> in the ACTION
+                  column.</para>
+                </important>
               </listitem>
             </varlistentry>
 
diff --git a/Shorewall6/manpages/shorewall6-rules.xml b/Shorewall6/manpages/shorewall6-rules.xml
index 7254ddfd9..2d8ebca6e 100644
--- a/Shorewall6/manpages/shorewall6-rules.xml
+++ b/Shorewall6/manpages/shorewall6-rules.xml
@@ -450,24 +450,36 @@
             </varlistentry>
 
             <varlistentry>
-              <term>IP6TABLES({<replaceable>target</replaceable>
+              <term>IP6TABLES({<replaceable>ip6tables-target</replaceable>
               [<replaceable>option</replaceable> ...])</term>
 
               <listitem>
-                <para>This action allows you to specify an iptables target
-                with options (e.g., 'IP6TABLES(MARK --set-xmark 0x01/0xff)'.
-                If the target is not one recognized by Shorewall, the
-                following error message will be issued:</para>
+                <para>This action allows you to specify an ip6tables target
+                with options (e.g., 'IPTABLES(MARK --set-xmark 0x01/0xff)'. If
+                the <replaceable>ip6tables-target</replaceable> is not one
+                recognized by Shorewall, the following error message will be
+                issued:</para>
 
                 <simplelist>
                   <member>ERROR: Unknown target
-                  (<replaceable>target</replaceable>)</member>
+                  (<replaceable>ip6tables-target</replaceable>)</member>
                 </simplelist>
 
-                <para>This error message may be eliminated by adding the
-                <replaceable>target</replaceable> as a builtin action in
-                <ulink
-                url="/manpages6/shorewall6-actions.html">shorewall6-actions(5)</ulink>.</para>
+                <para>This error message may be eliminated by adding
+                the<replaceable>
+                ip6tables-</replaceable><replaceable>target</replaceable> as a
+                builtin action in <ulink
+                url="shorewall6-actions.html">shorewall6-actions</ulink>(5).</para>
+
+                <important>
+                  <para>If you specify REJECT as the
+                  <replaceable>ip6tables-target</replaceable>, the target of
+                  the rule will be the i6ptables REJECT target and not
+                  Shorewall's builtin 'reject' chain which is used when REJECT
+                  (see below) is specified as the
+                  <replaceable>target</replaceable> in the ACTION
+                  column.</para>
+                </important>
               </listitem>
             </varlistentry>