-* tcp connections with invalid connection state
-* Broad-, multi- and anycast traffic not related to corosync
-* tcp traffic to port 43
-* udp traffic to ports 135 and 445
-* udp traffic to the port range 137 to 139
-* udp traffic form source port 137 to port range 1024 to 65535
-* udp traffic to port 1900
-* tcp traffic to port 135, 139 and 445
-* udp traffic originating from source port 53
-
-The rest of the traffic is dropped/rejected and logged.
+* TCP connections with invalid connection state
+* Broadcast, multicast and anycast traffic not related to corosync, i.e., not
+ coming through port 5404 or 5405
+* TCP traffic to port 43
+* UDP traffic to ports 135 and 445
+* UDP traffic to the port range 137 to 139
+* UDP traffic form source port 137 to port range 1024 to 65535
+* UDP traffic to port 1900
+* TCP traffic to port 135, 139 and 445
+* UDP traffic originating from source port 53
+
+The rest of the traffic is dropped or rejected, respectively, and also logged.