diff --git a/manpages/shorewall-interfaces.xml b/manpages/shorewall-interfaces.xml
index 7832d33ce..cc9d8af17 100644
--- a/manpages/shorewall-interfaces.xml
+++ b/manpages/shorewall-interfaces.xml
@@ -259,9 +259,8 @@ loc     eth2            -</programlisting>
                 configured on the incoming interface</para>
 
                 <para>2 - reply only if the target IP address is local address
-                configured on the incoming interface and both with the
-                sender's IP address are part from same subnet on this
-                interface</para>
+                configured on the incoming interface and the sender's IP
+                address is part from same subnet on this interface</para>
 
                 <para>3 - do not reply for local addresses configured with
                 scope host, only resolutions for global and link</para>
@@ -327,7 +326,8 @@ loc     eth2            -</programlisting>
 
               <listitem>
                 <para>Incoming requests from this interface may be remapped
-                via UPNP (upnpd).</para>
+                via UPNP (upnpd). See <ulink
+                url="../UPnP.html">http://www.shorewall.net/UPnP.html</ulink>.</para>
               </listitem>
             </varlistentry>
           </variablelist>
diff --git a/manpages/shorewall-providers.xml b/manpages/shorewall-providers.xml
index c9da4930d..0e5b3eff3 100644
--- a/manpages/shorewall-providers.xml
+++ b/manpages/shorewall-providers.xml
@@ -42,6 +42,9 @@
 
     <para>Each entry in the file defines a single routing table.</para>
 
+    <para>If you wish to omit a column entry but want to include an entry in
+    the next column, use "-" for the omitted entry.</para>
+
     <para>The columns in the file are as follows.</para>
 
     <variablelist>
diff --git a/manpages/shorewall-proxyarp.xml b/manpages/shorewall-proxyarp.xml
index 55a15d9f5..f4831dcc0 100644
--- a/manpages/shorewall-proxyarp.xml
+++ b/manpages/shorewall-proxyarp.xml
@@ -51,7 +51,8 @@
         <emphasis>interface</emphasis></term>
 
         <listitem>
-          <para>External Interface to be used to access this system.</para>
+          <para>External Interface to be used to access this system from the
+          Internet.</para>
         </listitem>
       </varlistentry>
 
@@ -89,7 +90,7 @@
           <emphasis role="bold">Yes</emphasis> or <emphasis
           role="bold">yes</emphasis> then the route persists; If the column is
           empty or contains <emphasis role="bold">No</emphasis> or <emphasis
-          role="bold">no</emphasis> then the route is deleted at
+          role="bold">no</emphasis> then the route is deleted by
           <command>shorewall stop</command> or <command>shorewall
           clear</command>.</para>
         </listitem>
diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml
index 3f57199ae..b773753b2 100644
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@@ -122,7 +122,7 @@
         role="bold">LOG</emphasis>|<emphasis
         role="bold">QUEUE</emphasis>|<emphasis
         role="bold">COMMENT</emphasis>|<emphasis>action</emphasis>|<emphasis>macro</emphasis>[<emphasis
-        role="bold">/</emphasis><emphasis>target</emphasis>}<emphasis
+        role="bold">/</emphasis><emphasis>target</emphasis>]}<emphasis
         role="bold">[:</emphasis>{<emphasis>log-level</emphasis>|<emphasis
         role="bold">none</emphasis>}[<emphasis role="bold"><emphasis
         role="bold">!</emphasis></emphasis>][<emphasis
@@ -261,7 +261,9 @@
                 <ulink url="shorewall-zones.html">shorewall-zones</ulink>(5)
                 or in a parent zone of the source or destination zones, then
                 this connection request will be passed to the rules defined
-                for that (those) zone(s).</para>
+                for that (those) zone(s). See <ulink
+                url="shorewall-nesting.html">shorewall-nesting</ulink>(5) for
+                additional information.</para>
               </listitem>
             </varlistentry>
 
@@ -366,8 +368,8 @@
 
             <para>You may also specify <emphasis role="bold">ULOG</emphasis>
             (must be in upper case) as a log level.This will log to the ULOG
-            target for routing to a separate log through use of ulogd
-            (http://www.gnumonks.org/projects/ulogd).</para>
+            target for routing to a separate log through use of ulogd (<ulink
+            url="http://www.netfilter.org/projects/ulogd/index.html">http://www.netfilter.org/projects/ulogd/index.html</ulink>).</para>
 
             <para>Actions specifying logging may be followed by a log tag (a
             string of alphanumeric characters) which is appended to the string
@@ -676,7 +678,7 @@
           numbers or port ranges.</para>
 
           <warning>
-            <para>Unless you really understand TCP/IP, you should leave this
+            <para>Unless you really understand IP, you should leave this
             column empty or place a dash (<emphasis role="bold">-</emphasis>)
             in the column. Most people who try to use this column get it
             wrong.</para>
@@ -738,12 +740,14 @@
           <para>It is also possible to specify a set of addresses then exclude
           part of those addresses. For example, <emphasis
           role="bold">192.168.1.0/24!192.168.1.16/28</emphasis> specifies the
-          addresses 192.168.1.0-182.168.1.15 and
-          192.168.1.32-192.168.1.255.</para>
+          addresses 192.168.1.0-182.168.1.15 and 192.168.1.32-192.168.1.255.
+          See <ulink
+          url="shorewall-exclusion.html">shorewall-exclusion</ulink>(5).</para>
 
-          <para>See http://shorewall.net/PortKnocking.html for an example of
-          using an entry in this column with a user-defined action
-          rule.</para>
+          <para>See <ulink
+          url="../PortKnocking.html">http://shorewall.net/PortKnocking.html</ulink>
+          for an example of using an entry in this column with a user-defined
+          action rule.</para>
         </listitem>
       </varlistentry>
 
diff --git a/manpages/shorewall-tcclasses.xml b/manpages/shorewall-tcclasses.xml
index 89538deb0..fadd39ec7 100644
--- a/manpages/shorewall-tcclasses.xml
+++ b/manpages/shorewall-tcclasses.xml
@@ -123,7 +123,9 @@
           ppp interfaces, you need to put them all in here!</para>
 
           <para>Please note that you can only use interface names in here that
-          have a bandwidth defined in the tcdevices file</para>
+          have a bandwidth defined in the <ulink
+          url="shorewall-tcdevices.html">shorewall-tcdevices</ulink>(5)
+          file</para>
         </listitem>
       </varlistentry>
 
@@ -133,8 +135,10 @@
 
         <listitem>
           <para>The mark <emphasis>value</emphasis> which is an integer in the
-          range 1-255. You set mark values in the tcrules file, marking the
-          traffic you want to fit in the classes defined in here.</para>
+          range 1-255. You set mark values in the <ulink
+          url="shorewall-tcrules.html">shorewall-tcrules</ulink>(5) file,
+          marking the traffic you want to fit in the classes defined in
+          here.</para>
 
           <para>You can use the same marks for different interfaces.</para>
         </listitem>
diff --git a/manpages/shorewall-tcdevices.xml b/manpages/shorewall-tcdevices.xml
index 689f34df8..f8be1ae30 100644
--- a/manpages/shorewall-tcdevices.xml
+++ b/manpages/shorewall-tcdevices.xml
@@ -137,8 +137,9 @@
         <listitem>
           <para>The outgoing <emphasis>bandwidth</emphasis> of that interface.
           This is the maximum speed your connection can handle. It is also the
-          speed you can refer as "full" if you define the tc classes. Outgoing
-          traffic above this rate will be dropped.</para>
+          speed you can refer as "full" if you define the tc classes in <ulink
+          url="shorewall-tcclasses.html">shorewall-tcclasses</ulink>(5).
+          Outgoing traffic above this rate will be dropped.</para>
         </listitem>
       </varlistentry>
     </variablelist>
diff --git a/manpages/shorewall-zones.xml b/manpages/shorewall-zones.xml
index f94a27fac..73c07bb67 100644
--- a/manpages/shorewall-zones.xml
+++ b/manpages/shorewall-zones.xml
@@ -26,19 +26,6 @@
     <filename>/etc/shorewall/interfaces</filename> or
     <filename>/etc/shorewall/hosts</filename>.</para>
 
-    <warning>
-      <para>The format of this file changed in Shorewall 3.0.0. You can
-      continue to use your old records provided that you set IPSECFILE=ipsec
-      in /etc/shorewall/shorewall.conf. This will signal Shorewall that the
-      IPSEC-related zone options are still specified in /etc/shorewall/ipsec
-      rather than in this file.</para>
-
-      <para>To use records in the format described below, you must have
-      IPSECFILE=zones specified in
-      <filename>/etc/shorewall/shorewall.conf</filename> AND YOU MUST NOT SET
-      THE 'FW' VARIABLE IN THAT FILE.</para>
-    </warning>
-
     <para>The columns in the file are as follows.</para>
 
     <variablelist>
@@ -52,8 +39,10 @@
           <para>Name of the <emphasis>zone</emphasis>. The names "all" and
           "none" are reserved and may not be used as zone names. The maximum
           length of a zone name is determined by the setting of the LOGFORMAT
-          option in shorewall.conf. With the default LOGFORMAT, zone names can
-          be at most 5 characters long.</para>
+          option in <ulink
+          url="shorewall.conf.html">shorewall.conf</ulink>(5). With the
+          default LOGFORMAT, zone names can be at most 5 characters
+          long.</para>
 
           <para>Where a zone is nested in one or more other zones, you may
           follow the (sub)zone name by ":" and a comma-separated list of the
@@ -72,7 +61,7 @@ c:a,b     ipv4</programlisting>
           <para>Currently, Shorewall uses this information to reorder the zone
           list so that parent zones appear after their subzones in the list.
           The IMPLICIT_CONTINUE option in shorewall.conf can also create
-          implicit CONTINUE policies to/from the subzone. </para>
+          implicit CONTINUE policies to/from the subzone.</para>
 
           <para>In the future, Shorewall may make additional use of nesting
           information.</para>
@@ -92,7 +81,8 @@ c:a,b     ipv4</programlisting>
                 default if you leave this column empty or if you enter "-" in
                 the column. Communication with some zone hosts may be
                 encrypted. Encrypted hosts are designated using the
-                'ipsec'option in /etc/shorewall/hosts.</para>
+                'ipsec'option in <ulink
+                url="shorewall-hosts.html">shorewall-hosts</ulink>(5).</para>
               </listitem>
             </varlistentry>
 
@@ -127,7 +117,9 @@ c:a,b     ipv4</programlisting>
         role="bold">,</emphasis><emphasis>option</emphasis>]...]</term>
 
         <listitem>
-          <para>A comma-separated list of options.</para>
+          <para>A comma-separated list of options. With the exception of the
+          <option>mss</option> option, these only apply to TYPE
+          <option>ipsec</option> zones.</para>
 
           <variablelist>
             <varlistentry>