From 6ffedae4fba812fe6c14a941ef9b18aae7e5b44f Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Tue, 5 Mar 2013 08:39:14 -0800
Subject: [PATCH] Document '=' in the SOURCE PORT(S) column of
 shorewall-tcrules(5)

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/manpages/shorewall-tcrules.xml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/Shorewall/manpages/shorewall-tcrules.xml b/Shorewall/manpages/shorewall-tcrules.xml
index a2f8d4aa0..fa3e5bd7b 100644
--- a/Shorewall/manpages/shorewall-tcrules.xml
+++ b/Shorewall/manpages/shorewall-tcrules.xml
@@ -933,6 +933,13 @@ Normal-Service       =&gt; 0x00</programlisting>
           <para>An entry in this field requires that the PROTO column specify
           tcp (6), udp (17), sctp (132) or udplite (136). Use '-' if any of
           the following fields is supplied.</para>
+
+          <para>Beginning with Shorewall 4.5.15, you may place '=' in this
+          column, provided that the DEST PORT(S) column is non-empty. This
+          causes the rule to match when either the source port or the
+          destination port in a packet matches one of the ports specified in
+          DEST PORTS(S). Use of '=' requires multiport match in your iptables
+          and kernel.</para>
         </listitem>
       </varlistentry>