diff --git a/Shorewall-docs2/FAQ.xml b/Shorewall-docs2/FAQ.xml
index 8611391dc..ee02370fc 100644
--- a/Shorewall-docs2/FAQ.xml
+++ b/Shorewall-docs2/FAQ.xml
@@ -17,7 +17,7 @@
- 2005-01-16
+ 2006-01-30
2001-2006
@@ -1214,6 +1214,27 @@ LOGBURST=""
your firewall to log and drop the packet out of the rfc1918 chain
because the source IP is reserved by RFC 1918.
+
+
+ (FAQ 52) When I blacklist an IP address with "shorewall drop
+ www.xxx.yyy.zzz", why does my log still show REDIRECT and DNAT entries
+ from that address?
+
+ I blacklisted the address 130.252.100.59 using shorewall
+ drop 130.252.100.59 but I am still seeing these log
+ messages:
+
+ Jan 30 15:38:34 server Shorewall:net_dnat:REDIRECT:IN=eth1 OUT= MAC=00:4f:4e:14:97:8e:00:01:5c:23:24:cc:08:00
+ SRC=130.252.100.59 DST=206.124.146.176 LEN=64 TOS=0x00 PREC=0x00 TTL=43 ID=42444 DF
+ PROTO=TCP SPT=2215 DPT=139 WINDOW=53760 RES=0x00 SYN URGP=0
+
+ Answer: Please refer to the
+ Shorewall Netfilter
+ Documentation. Logging of REDIRECT and DNAT rules occurs in the
+ nat table's PREROUTING chain where the original destination IP address
+ is still available. Blacklisting occurs out of the filter table's INPUT
+ and FORWARD chains which aren't traversed until later.
+
@@ -1937,13 +1958,5 @@ Shorewall has detected the following iptables/netfilter capabilities:
Raw Table: Available
gateway:~#
-
-
- (FAQ 52) How do I Configure Shorewall to work with
- Snort-Inline?
-
- Answer: Please see http://www.catherders.com/tikiwiki-1.9.1/tiki-read_article.php?articleId=47
-
\ No newline at end of file