diff --git a/docs/IPSEC-2.6.xml b/docs/IPSEC-2.6.xml
index 5840a5493..51b1dcdff 100644
--- a/docs/IPSEC-2.6.xml
+++ b/docs/IPSEC-2.6.xml
@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2006-03-11</pubdate>
+    <pubdate>2006-06-29</pubdate>
 
     <copyright>
       <year>2004</year>
@@ -51,7 +51,7 @@
   </important>
 
   <warning>
-    <para>To use the features described in this article, your kernel but be
+    <para>To use the features described in this article, your kernel must be
     2.6.16 or later <emphasis role="bold">or</emphasis> your kernel and
     iptables must include the Netfilter+ipsec patches and policy match
     support. The Netfilter patches are available from Netfilter
@@ -100,7 +100,8 @@
           </listitem>
 
           <listitem>
-            <para>The ipsec-tools 0.5 rpm from <trademark>SUSE</trademark> 9.3.</para>
+            <para>The ipsec-tools 0.5 rpm from <trademark>SUSE</trademark>
+            9.3.</para>
           </listitem>
         </itemizedlist>
       </listitem>
@@ -854,4 +855,4 @@ all             all             REJECT          info
     ipsec-tools source tree. It has a wide variety of sample racoon
     configuration files.</para>
   </section>
-</article>
+</article>
\ No newline at end of file
diff --git a/docs/upgrade_issues.xml b/docs/upgrade_issues.xml
index 8135780f2..0ab308a4b 100644
--- a/docs/upgrade_issues.xml
+++ b/docs/upgrade_issues.xml
@@ -152,7 +152,10 @@
         <para>This clumsiness has been eliminated in Shorewall 3.2. In
         Shorewall 3.2, extension scripts are copied in-line into the compiled
         program and are executed in-line during <command>start</command>,
-        <command>restart</command> and <command>restore</command>.</para>
+        <command>restart</command> and <command>restore</command>. This
+        applies to all extension scripts except those associated with a chain
+        or action -- those extension scripts continue to be processed at
+        compile time.</para>
 
         <para>This new approach has two implications for existing
         scripts.</para>
@@ -193,7 +196,7 @@
       </listitem>
 
       <listitem>
-        <para> Beginning with this release, the way in which packet marking in
+        <para>Beginning with this release, the way in which packet marking in
         the PREROUTING chain interracts with the 'track' option in
         /etc/shorewall/providers has changed in two ways:</para>
 
@@ -214,7 +217,7 @@
       </listitem>
 
       <listitem>
-        <para> Kernel version 2.6.16 introduces 'xtables', a new common packet
+        <para>Kernel version 2.6.16 introduces 'xtables', a new common packet
         filtering and connection tracking facility that supports both IPv4 and
         IPv6. Because a different set of kernel modules must be loaded for
         xtables, Shorewall now includes two 'modules' files:</para>
@@ -1082,4 +1085,4 @@ error: failed dependencies:iproute is needed by shorewall-1.4.0-1
       </listitem>
     </itemizedlist>
   </section>
-</article>
+</article>
\ No newline at end of file