diff --git a/manpages/shorewall-zones.xml b/manpages/shorewall-zones.xml
index 70a2d0c28..9cb031fe1 100644
--- a/manpages/shorewall-zones.xml
+++ b/manpages/shorewall-zones.xml
@@ -44,10 +44,13 @@
default LOGFORMAT, zone names can be at most 5 characters
long.
- Where a zone is nested in one or more other zones, you may
- follow the (sub)zone name by ":" and a comma-separated list of the
- parent zones. The parent zones must have been declared in earlier
- records in this file. See The order in which Shorewall matches addresses from packets to
+ zones is determined by the order of zone declarations. Where a zone
+ is nested in one or more other zones, you may either ensure that the
+ nested zone precedes its parents in this file, or you may follow the
+ (sub)zone name by ":" and a comma-separated list of the parent
+ zones. The parent zones must have been declared in earlier records
+ in this file. See shorewall-nesting(5) for
additional information.
@@ -60,7 +63,8 @@ c:a,b ipv4
Currently, Shorewall uses this information to reorder the zone
list so that parent zones appear after their subzones in the list.
- The IMPLICIT_CONTINUE option in shorewall.conf can also create
+ The IMPLICIT_CONTINUE option in shorewall.conf(5 can also create
implicit CONTINUE policies to/from the subzone.
In the future, Shorewall may make additional use of nesting
@@ -241,6 +245,9 @@ c:a,b ipv4
See ALSO
+ http://www.shorewall.net/Multiple_Zones.html.
+
shorewall(8), shorewall-accounting(5), shorewall-actions(5),
shorewall-blacklist(5), shorewall-hosts(5), shorewall-interfaces(5),
shorewall-ipsec(5), shorewall-maclist(5), shorewall-masq(5),