diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 5118cd38a..8a5e862b3 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -1032,15 +1032,18 @@ DROP net fw udp 10619
Netfilter log messages are written. The LOGFILE setting in
shorewall.conf simply tells the
/sbin/shorewall[-lite] program where to look for
- the log. Also, it is important to understand that a log severity of
- "debug" will generally be written to fewer log files than a log
- severity of "info".
+ the log. Also, it is important to understand that a log level of
+ "debug" will generally cause Netfilter messages be written to fewer
+ files in /var/log than a log
+ severity of "info". The log level does not control the number of log
+ messages or the content of the messages.
The actual log file where Netfilter messages are written is not
- standardized; but anytime you see no logging, it's time to look
- outside the Shorewall configuration for the cause. As an example,
- recent SuSE releases use syslog-ng by default
- and write Shorewall messages to
+ standardized and will vary by distribution and distribusion version.
+ But anytime you see no logging, it's time to look outside the
+ Shorewall configuration for the cause. As an example, recent
+ SuSE releases use syslog-ng by default and
+ write Shorewall messages to
/var/log/firewall.Please see the Shorewall
@@ -1358,9 +1361,9 @@ DROP net fw udp 10619
Answer: First of all, please note
that the above is a very specific type of log message dealing with ICMP
- port unreachable packets. Do not read this answer and assume that all
- Shorewall log messages have something to do with ICMP (hint -- see FAQ 17).
+ port unreachable packets (PROTO=ICMP TYPE=3 CODE=3). Do not read this
+ answer and assume that all Shorewall log messages have something to do
+ with ICMP (hint -- see FAQ 17).While most people associate the Internet Control Message Protocol
(ICMP) with ping, ICMP is a key piece of IP. ICMP is used