From 0688431715a02c8c4baecd0556399ad263b9924e Mon Sep 17 00:00:00 2001
From: Christopher Tiwald <christiwald@gmail.com>
Date: Wed, 6 May 2015 23:57:32 -0400
Subject: [PATCH] aws: Document network ACL's new validations.

---
 .../docs/providers/aws/r/network_acl.html.markdown     | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/website/source/docs/providers/aws/r/network_acl.html.markdown b/website/source/docs/providers/aws/r/network_acl.html.markdown
index b217d73b0..71b93fda3 100644
--- a/website/source/docs/providers/aws/r/network_acl.html.markdown
+++ b/website/source/docs/providers/aws/r/network_acl.html.markdown
@@ -20,7 +20,7 @@ resource "aws_network_acl" "main" {
 		protocol = "tcp"
 		rule_no = 2
 		action = "allow"
-		cidr_block =  "10.3.2.3/18"
+		cidr_block =  "10.3.0.0/18"
 		from_port = 443
 		to_port = 443
 	}
@@ -29,7 +29,7 @@ resource "aws_network_acl" "main" {
 		protocol = "tcp"
 		rule_no = 1
 		action = "allow"
-		cidr_block =  "10.3.10.3/18"
+		cidr_block =  "10.3.0.0/18"
 		from_port = 80
 		to_port = 80
 	}
@@ -56,8 +56,10 @@ Both `egress` and `ingress` support the following keys:
 * `to_port` - (Required) The to port to match.
 * `rule_no` - (Required) The rule number. Used for ordering.
 * `action` - (Required) The action to take.
-* `protocol` - (Required) The protocol to match.
-* `cidr_block` - (Optional) The CIDR block to match.
+* `protocol` - (Required) The protocol to match. If using the -1 'all'
+protocol, you must specify a from and to port of 0.
+* `cidr_block` - (Optional) The CIDR block to match. This must be a
+valid network mask.
 
 ## Attributes Reference