diff --git a/manpages/shorewall-tcrules.xml b/manpages/shorewall-tcrules.xml
index 82f65c275..12abaee51 100644
--- a/manpages/shorewall-tcrules.xml
+++ b/manpages/shorewall-tcrules.xml
@@ -80,18 +80,19 @@
marks (see below).
May optionally be followed by :P, :F,:T or
+ :I where
+ :P indicates that marking should occur in the
+ PREROUTING chain, :F indicates
+ that marking should occur in the FORWARD chain, :I indicates that marking should occur in
+ the INPUT chain (added in Shorewall 4.4.13), and :T indicates that marking should occur in
+ the POSTROUTING chain. If neither :P, :F
- or :T where :P indicates that marking should occur
- in the PREROUTING chain, :F
- indicates that marking should occur in the FORWARD chain, :I
- indicates that marking should occur in the INPUT chain (added in
- Shorewall 4.4.13), and :T
- indicates that marking should occur in the POSTROUTING chain. If
- neither :P, :F nor :T follow the mark value then the chain
- is determined as follows:
+ nor :T follow the mark value
+ then the chain is determined as follows:
- If the SOURCE is $FW[shorewall.conf(5).
+ Please note that :I is
+ included for completeness and affects neither traffic shaping
+ nor policy routing.
+
If your kernel and iptables include CONNMARK support then
you can also mark the connection rather than the packet.
The mark value may be optionally followed by "/" and a
mask value (used to determine those bits of the connection mark
to actually be set). The mark and optional mask are then
- followed by one of:+
+ followed by one of:
@@ -147,6 +152,16 @@
Mark the connecdtion in the POSTROUTING chain
+
+
+ CI
+
+
+ Mark the connection in the INPUT chain. This option
+ is included for completeness and has no applicability to
+ traffic shaping or policy routing.
+
+
Special considerations for If
@@ -805,10 +820,10 @@ SAME $FW 0.0.0.0/0 tcp 80,443
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-ecn(5), shorewall-exclusion(5),
- shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5), shorewall-maclist(5),
- shorewall-masq(5), shorewall-nat(5), shorewall-netmap(5),
- shorewall-params(5), shorewall-policy(5), shorewall-providers(5),
- shorewall-proxyarp(5), shorewall-route_rules(5),
+ shorewall-hosts(5), shorewall_interfaces(5), shorewall-ipsets(5),
+ shorewall-maclist(5), shorewall-masq(5), shorewall-nat(5),
+ shorewall-netmap(5), shorewall-params(5), shorewall-policy(5),
+ shorewall-providers(5), shorewall-proxyarp(5), shorewall-route_rules(5),
shorewall-routestopped(5), shorewall-rules(5), shorewall.conf(5),
shorewall-secmarks(5), shorewall-tcclasses(5), shorewall-tcdevices(5),
shorewall-tos(5), shorewall-tunnels(5), shorewall-zones(5)
diff --git a/manpages6/shorewall6-tcrules.xml b/manpages6/shorewall6-tcrules.xml
index 68892296a..d974fa90a 100644
--- a/manpages6/shorewall6-tcrules.xml
+++ b/manpages6/shorewall6-tcrules.xml
@@ -103,6 +103,10 @@
MARK_IN_FORWARD_CHAIN in shorewall6.conf(5).
+ Please note that :I is
+ included for completeness and affects neither traffic shaping
+ nor policy routing.
+
If your kernel and ip6tables include CONNMARK support then
you can also mark the connection rather than the packet.
@@ -144,6 +148,16 @@
Mark the connection in the POSTROUTING chain
+
+
+ CI
+
+
+ Mark the connection in the INPUT chain. This option
+ is included for completeness and has no applicability to
+ traffic shaping or policy routing.
+
+
Special considerations for If