diff --git a/docs/Documentation.xml b/docs/Documentation.xml index 45f134940..6d8acc132 100644 --- a/docs/Documentation.xml +++ b/docs/Documentation.xml @@ -461,13 +461,13 @@ NET_OPTIONS=blacklist,norfc1918 CONTINUE policy described below. - Beginning With Shorewall 3.0, you can adjust the order in + Beginning with Shorewall 3.0, you can adjust the order in which Shorewall generates its rules by using special syntax in the ZONE column of /etc/shorewall/zones. Where a zone is nested in one or more other zones, you may follow the (sub)zone name by ":" and a comma-separated list of the parent - zones. The parent zones must have been defined in earlier records in - this file. + zones. The parent zones must have been declared in earlier records + in this file. Example:
#ZONE TYPE OPTIONS @@ -475,6 +475,11 @@ parnt1 ipv4 parnt2 ipv4 child:parnt1,parnt2 ipv4
+ + Even though zones parnt1 and + parnt2 are declared before zone + child, Shorewall will generate the rules for + child before either of the parent zones. diff --git a/manpages/shorewall-zones.xml b/manpages/shorewall-zones.xml index 3c81c4b8e..2136fd26b 100644 --- a/manpages/shorewall-zones.xml +++ b/manpages/shorewall-zones.xml @@ -57,7 +57,7 @@ Where a zone is nested in one or more other zones, you may follow the (sub)zone name by ":" and a comma-separated list of the - parent zones. The parent zones must have been defined in earlier + parent zones. The parent zones must have been declared in earlier records in this file. Example: