diff --git a/Shorewall-docs/samba.htm b/Shorewall-docs/samba.htm
deleted file mode 100644
index 3f758fb17..000000000
--- a/Shorewall-docs/samba.htm
+++ /dev/null
@@ -1,186 +0,0 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
-<html>
-<head>
-  <meta http-equiv="Content-Language" content="en-us">
-  <meta name="GENERATOR" content="Microsoft FrontPage 5.0">
-  <meta name="ProgId" content="FrontPage.Editor.Document">
-  <meta http-equiv="Content-Type"
- content="text/html; charset=windows-1252">
-  <title>Samba</title>
-</head>
-<body>
-<h1 style="text-align: center;">Samba/SMB<br>
-</h1>
-<p>If you wish to run Samba on your firewall and access shares between
-the firewall and local hosts, you need the following rules:</p>
-<h4>/etc/shorewall/rules:</h4>
-<blockquote> <font face="Century Gothic, Arial, Helvetica"> </font>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><b>ACTION</b></td>
-        <td><b>SOURCE</b></td>
-        <td><b>DEST</b></td>
-        <td><b> PROTO</b></td>
-        <td><b>DEST<br>
-PORT(S)</b></td>
-        <td><b>SOURCE<br>
-PORT(S)</b></td>
-        <td><b>ORIGINAL<br>
-DEST</b></td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>fw</td>
-        <td>loc</td>
-        <td>udp</td>
-        <td>137:139</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>fw</td>
-        <td>loc</td>
-        <td>tcp</td>
-        <td>137,139,445</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>fw</td>
-        <td>loc</td>
-        <td>udp</td>
-        <td>1024:</td>
-        <td>137</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>loc</td>
-        <td>fw</td>
-        <td>udp</td>
-        <td>137:139</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>loc</td>
-        <td>fw</td>
-        <td>tcp</td>
-        <td>137,139,445</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>loc</td>
-        <td>fw</td>
-        <td>udp</td>
-        <td>1024:</td>
-        <td>137</td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<p>To pass traffic SMB/Samba traffic between zones Z1 and Z2:</p>
-<h4>/etc/shorewall/rules:</h4>
-<blockquote> <font face="Century Gothic, Arial, Helvetica"> </font>
-  <table border="2" cellpadding="2" style="border-collapse: collapse;">
-    <tbody>
-      <tr>
-        <td><b>ACTION</b></td>
-        <td><b>SOURCE</b></td>
-        <td><b>DEST</b></td>
-        <td><b> PROTO</b></td>
-        <td><b>DEST<br>
-PORT(S)</b></td>
-        <td><b>SOURCE<br>
-PORT(S)</b></td>
-        <td><b>ORIGINAL<br>
-DEST</b></td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>Z1<br>
-        </td>
-        <td>Z2<br>
-        </td>
-        <td>udp</td>
-        <td>137:139</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>Z1<br>
-        </td>
-        <td>Z2<br>
-        </td>
-        <td>tcp</td>
-        <td>137,139,445</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>Z1<br>
-        </td>
-        <td>Z2<br>
-        </td>
-        <td>udp</td>
-        <td>1024:</td>
-        <td>137</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>Z2<br>
-        </td>
-        <td>Z1<br>
-        </td>
-        <td>udp</td>
-        <td>137:139</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>Z2<br>
-        </td>
-        <td>Z1<br>
-        </td>
-        <td>tcp</td>
-        <td>137,139,445</td>
-        <td>&nbsp;</td>
-        <td>&nbsp;</td>
-      </tr>
-      <tr>
-        <td>ACCEPT</td>
-        <td>Z2<br>
-        </td>
-        <td>Z1<br>
-        </td>
-        <td>udp</td>
-        <td>1024:</td>
-        <td>137</td>
-        <td>&nbsp;</td>
-      </tr>
-    </tbody>
-  </table>
-</blockquote>
-<br>
-To make network browsing ("Network Neighborhood") work properly between
-Z1 and Z2 requires a Windows Domain Controller and/or a WINS server. I
-run Samba on my firewall to handle browsing between two zones connected
-to my firewall. Details are <a href="myfiles.htm">here</a>.<br>
-<p><font size="2">Last modified 10/22/2002 - <a href="support.htm">Tom
-Eastep</a></font></p>
-<p><font face="Trebuchet MS"><a href="copyright.htm"> <font size="2">Copyright</font>
-© <font size="2">2002 Thomas M. Eastep.</font></a></font></p>
-<br>
-</body>
-</html>
diff --git a/Shorewall-docs/samba.xml b/Shorewall-docs/samba.xml
new file mode 100644
index 000000000..7944662e5
--- /dev/null
+++ b/Shorewall-docs/samba.xml
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<article>
+  <articleinfo>
+    <title>Samba/SMB</title>
+
+    <authorgroup>
+      <author>
+        <firstname>Tom</firstname>
+
+        <surname>Eastep</surname>
+      </author>
+    </authorgroup>
+
+    <pubdate>2002-10-22</pubdate>
+
+    <copyright>
+      <year>2002</year>
+
+      <holder>Thomas M. Eastep</holder>
+    </copyright>
+
+    <legalnotice>
+      <para>Permission is granted to copy, distribute and/or modify this
+      document under the terms of the GNU Free Documentation License, Version
+      1.2 or any later version published by the Free Software Foundation; with
+      no Invariant Sections, with no Front-Cover, and with no Back-Cover
+      Texts. A copy of the license is included in the section entitled &#34;<ulink
+      url="GnuCopyright.htm">GNU Free Documentation License</ulink>&#34;.</para>
+    </legalnotice>
+  </articleinfo>
+
+  <para>If you wish to run Samba on your firewall and access shares between
+  the firewall and local hosts, you need the following rules:</para>
+
+  <para><emphasis role="bold">/etc/shorewall/rules:</emphasis><informaltable><tgroup
+  cols="7"><thead><row><entry>ACTION</entry><entry>SOURCE</entry><entry>DESTINATION</entry><entry>PROTOCOL</entry><entry>PORT(S)</entry><entry>SOURCE
+  PORT(S)</entry><entry>ORIGINAL DEST</entry></row></thead><tbody><row><entry>ACCEPT</entry><entry>fw</entry><entry>loc</entry><entry>udp</entry><entry>137:139</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>fw</entry><entry>loc</entry><entry>tcp</entry><entry>137,139,445</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>fw</entry><entry>loc</entry><entry>udp</entry><entry>1024:</entry><entry>137</entry><entry></entry></row><row><entry>ACCEPT</entry><entry>loc</entry><entry>fw</entry><entry>udp</entry><entry>137:139</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>loc</entry><entry>fw</entry><entry>tcp</entry><entry>137,139,445</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>loc</entry><entry>fw</entry><entry>udp</entry><entry>1024:</entry><entry>137</entry><entry></entry></row></tbody></tgroup></informaltable></para>
+
+  <para>To pass traffic SMB/Samba traffic between zones Z1 and Z2:</para>
+
+  <para><emphasis role="bold">/etc/shorewall/rules:</emphasis><informaltable><tgroup
+  cols="7"><thead><row><entry>ACTION</entry><entry>SOURCE</entry><entry>DESTINATION</entry><entry>PROTOCOL</entry><entry>PORT(S)</entry><entry>SOURCE
+  PORT(S)</entry><entry>ORIGINAL DEST</entry></row></thead><tbody><row><entry>ACCEPT</entry><entry>Z1</entry><entry>Z2</entry><entry>udp</entry><entry>137:139</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>Z1</entry><entry>Z2</entry><entry>tcp</entry><entry>137,139,445</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>Z1</entry><entry>Z2</entry><entry>udp</entry><entry>1024:</entry><entry>137</entry><entry></entry></row><row><entry>ACCEPT</entry><entry>Z2</entry><entry>Z1</entry><entry>udp</entry><entry>137:139</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>Z2</entry><entry>Z1</entry><entry>tcp</entry><entry>137,139,445</entry><entry></entry><entry></entry></row><row><entry>ACCEPT</entry><entry>Z2</entry><entry>Z1</entry><entry>udp</entry><entry>1024:</entry><entry>137</entry><entry></entry></row></tbody></tgroup></informaltable></para>
+
+  <para>To make network browsing (&#34;Network Neighborhood&#34;) work
+  properly between Z1 and Z2 requires a Windows Domain Controller and/or a
+  WINS server. I run Samba on my firewall to handle browsing between two zones
+  connected to my firewall. Details are <ulink url="myfiles.htm">here</ulink>.</para>
+</article>
\ No newline at end of file

ACTION	SOURCE	DEST	PROTO	DEST -PORT(S)	SOURCE -PORT(S)	ORIGINAL -DEST
ACCEPT	fw	loc	udp	137:139
ACCEPT	fw	loc	tcp	137,139,445
ACCEPT	fw	loc	udp	1024:	137
ACCEPT	loc	fw	udp	137:139
ACCEPT	loc	fw	tcp	137,139,445
ACCEPT	loc	fw	udp	1024:	137