From 8f152d554a9907abc17b8b528381a690c4fb59c9 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Tue, 18 Sep 2007 18:38:27 +0000
Subject: [PATCH] Add FAQ 69

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@7361 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/FAQ.xml            | 10 +++++++++-
 docs/Shorewall-perl.xml | 14 +++++++-------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index c38be9cb9..1efd7de06 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -1653,6 +1653,14 @@ Creating input Chains...
       url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
     </section>
 
+    <section id="faq69">
+      <title>(FAQ 69) When I restart Shorewall, new connections are blocked
+      for a long time. Is there a way to avoid that?</title>
+
+      <para><emphasis role="bold">Answer</emphasis>: Switch to using <ulink
+      url="Shorewall-perl.html">Shorewall-perl</ulink>.</para>
+    </section>
+
     <section id="faq43">
       <title>(FAQ 43) I just installed the Shorewall RPM and Shorewall doesn't
       start at boot time.</title>
@@ -1756,7 +1764,7 @@ iptables: Invalid argument
       the following message:</title>
 
       <para>ERROR: Command "/sbin/iptables -A FORWARD -m state --state
-      ESTABLISHED,RELATED -j ACCEPT"</para>
+      ESTABLISHED,RELATED -j ACCEPT" failed.</para>
 
       <para><emphasis role="bold">Answer</emphasis>: At a root shell prompt,
       type the iptables command shown in the error message. If the command
diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml
index fc63db026..cb1d0b520 100644
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@@ -127,9 +127,9 @@
 
         <listitem>
           <para>The BROADCAST column in the interfaces file is essentially
-          unused; if you enter anything in this column but '-' or 'detect',
-          you will receive a warning. This will be relaxed if and when the
-          addrtype match requirement is relaxed.</para>
+          unused if your kernel/iptables has Address Type Match support. If
+          that support is present and you enter anything in this column but
+          '-' or 'detect', you will receive a warning.</para>
         </listitem>
 
         <listitem>
@@ -158,7 +158,7 @@
           into the compiled script and executed at run-time. In many cases,
           this approach doesn't work with Shorewall Perl because (almost) the
           entire ruleset is built by the compiler. As a result, Shorewall-perl
-          runs many extension scripts at compile-time rather than at run-time.
+          runs some extension scripts at compile-time rather than at run-time.
           Because the compiler is written in Perl, your extension scripts from
           earlier versions will no longer work.</para>
 
@@ -167,8 +167,8 @@
               <tgroup cols="3">
                 <tbody>
                   <row>
-                    <entry><emphasis
-                    role="bold">Compile-time</emphasis></entry>
+                    <entry><emphasis role="bold">Compile-time (Must be written
+                    in Perl)</emphasis></entry>
 
                     <entry><emphasis role="bold">Run-time</emphasis></entry>
 
@@ -282,7 +282,7 @@
           </simplelist>
 
           <para>The log_rule_limit function works like it does in the shell
-          compiler with two exceptions:</para>
+          compiler with three exceptions:</para>
 
           <itemizedlist>
             <listitem>