From ad0651b4bbb9b05df12a3f58865ba8add64c7640 Mon Sep 17 00:00:00 2001
From: teastep <teastep@fbd18981-670d-0410-9b5c-8dc0c1a9a2bb>
Date: Sun, 21 Jan 2007 03:52:04 +0000
Subject: [PATCH] Add FAQ 63

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@5274 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
---
 docs/FAQ.xml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/FAQ.xml b/docs/FAQ.xml
index 8a5e862b3..7eb9dd911 100644
--- a/docs/FAQ.xml
+++ b/docs/FAQ.xml
@@ -589,6 +589,23 @@ DNAT       loc           dmz:192.168.2.4    tcp      80          -         $ETH0
     </section>
   </section>
 
+  <section>
+    <title>Blacklisting</title>
+
+    <section id="faq63">
+      <title>(FAQ 63) I just blacklisted IP address 206.124.146.176 and I can
+      still ping it. What did I do wrong?</title>
+
+      <para><emphasis role="bold">Answer</emphasis>: Nothing.</para>
+
+      <para>Blacklisting an IP address blocks incoming traffic from that IP
+      address. And if you set BLACKLISTNEWONLY=Yes in shorewall.conf, then
+      only new connections <emphasis role="bold">from</emphasis> that address
+      are disallowed; traffic from that address that is part of an established
+      connection (such as ping replies) is allowed.</para>
+    </section>
+  </section>
+
   <section>
     <title>Netmeeting/MSN</title>