diff --git a/Shorewall-docs2/Documentation.xml b/Shorewall-docs2/Documentation.xml
index 3f0cfe8ca..491318294 100644
--- a/Shorewall-docs2/Documentation.xml
+++ b/Shorewall-docs2/Documentation.xml
@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2004-11-26</pubdate>
+    <pubdate>2004-12-11</pubdate>
 
     <copyright>
       <year>2001-2004</year>
@@ -2582,6 +2582,35 @@ eth0                  eth1            206.124.146.176</programlisting>
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>DROPINVALID</term>
+
+        <listitem>
+          <para>(Added at version 2.2.0) — Recent 2.6 kernels include code
+          that evaluates TCP packets based on TCP Window analysis. This can
+          cause packets that were previously classified as NEW or ESTABLISHED
+          to be classified as INVALID.</para>
+
+          <para>The new kernel code can be disabled by including this command
+          in your <ulink
+          url="shorewall_extension_scripts.htm">/etc/shorewall/init</ulink>
+          file:</para>
+
+          <programlisting>echo 1 &gt; /proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal</programlisting>
+
+          <para>Additional kernel logging about INVALID TCP packets may be
+          obtained by adding this command to /etc/shorewall/init:</para>
+
+          <programlisting>echo 1 &gt; /proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid</programlisting>
+
+          <para>Traditionally, Shorewall has dropped INVALID TCP packets
+          early. The DROPINVALID option allows INVALID packets to be passed
+          through the normal rules chains by setting DROPINVALID=No. If not
+          specified or if specified as empty (e.g., DROPINVALID="") then
+          DROPINVALID=Yes is assumed.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>LOGALLNEW</term>
 
diff --git a/Shorewall-docs2/starting_and_stopping_shorewall.xml b/Shorewall-docs2/starting_and_stopping_shorewall.xml
index f1c03b66a..47134e439 100644
--- a/Shorewall-docs2/starting_and_stopping_shorewall.xml
+++ b/Shorewall-docs2/starting_and_stopping_shorewall.xml
@@ -15,7 +15,7 @@
       </author>
     </authorgroup>
 
-    <pubdate>2004-11-27</pubdate>
+    <pubdate>2004-12-11</pubdate>
 
     <copyright>
       <year>2004</year>
@@ -367,11 +367,29 @@
         <term>add</term>
 
         <listitem>
-          <para><command>shorewall add &lt;interface&gt;[:&lt;bridge
-          port&gt;][:&lt;host&gt;] &lt;zone&gt;</command></para>
+          <para><command>shorewall add &lt;interface&gt;[:&lt;host-list&gt;] …
+          &lt;zone&gt;</command></para>
 
-          <para>Adds a host or subnet to a dynamic zone usually used with
-          VPN's.</para>
+          <para>A &lt;host-list&gt; is a comma-separated list whose entries
+          are:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>A host or network address</para>
+            </listitem>
+
+            <listitem>
+              <para>The name of a bridge port</para>
+            </listitem>
+
+            <listitem>
+              <para>The name of a bridge port followed by a colon (":") and a
+              host or network address.</para>
+            </listitem>
+          </itemizedlist>
+
+          <para>Adds an interface (and list of hosts if included) to a dynamic
+          zone usually used with VPN's.</para>
 
           <para>Note that there was no provision in the syntax for specifying
           a <ulink url="bridge.html">bridge</ulink> port prior to Shorewall
@@ -448,11 +466,30 @@
         <term>delete</term>
 
         <listitem>
-          <para><command>shorewall delete &lt;interface&gt;[:&lt;bridge
-          port&gt;][:&lt;host&gt;] &lt;zone&gt;</command></para>
+          <para><command>shorewall delete
+          &lt;interface&gt;[:&lt;host-list&gt;] …
+          &lt;zone&gt;</command></para>
 
-          <para>Deletes the specified interface (and host if included) from
-          the specified zone.</para>
+          <para>A &lt;host-list&gt; is a comma-separated list whose entries
+          are:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>A host or network address</para>
+            </listitem>
+
+            <listitem>
+              <para>The name of a bridge port</para>
+            </listitem>
+
+            <listitem>
+              <para>The name of a bridge port followed by a colon (":") and a
+              host or network address.</para>
+            </listitem>
+          </itemizedlist>
+
+          <para>Deletes the specified interface (and host list if included)
+          from the specified zone.</para>
 
           <para>Note that there was no provision in the syntax for specifying
           a <ulink url="bridge.html">bridge</ulink> port prior to Shorewall
