Document awesome where syntax for port

docs/resources.rst

@@ -3564,6 +3564,18 @@ A ``port`` |inspec resource| block declares a port, and then depending on what n
 
 where the ``processes`` returns the processes listening on port 514.
 
+or:
+
+.. code-block:: ruby
+
+   describe port.where { protocol =~ /tcp/ && port > 22 && port < 80 } do
+     it { should_not be_listening }
+   end
+
+where
+
+* ``.where{}`` may specify a block to filter on attributes: port, address, protocol, process, pid, listening?
+
 Matchers
 -----------------------------------------------------
 This InSpec audit resource has the following matchers.
@@ -3656,6 +3668,20 @@ This check can be implemented in two equivalent ways:
      it { should be_listening }
    end
 
+**Test that no ports above 80 are listening**
+
+.. code-block:: ruby
+
+   describe port.where { protocol =~ /tcp/ && port > 80 } do
+     it { should_not be_listening }
+   end
+
+**Tests that only httpd and sshd are listening**
+
+   describe port.where { listening? } do
+    its('processes') { should contain_exactly('sshd','httpd') }
+   end
+
 postgres_conf
 =====================================================
 Use the ``postgres_conf`` |inspec resource| to test the contents of the configuration file for |postgresql|, typically located at ``/etc/postgresql/<version>/main/postgresql.conf`` or ``/var/lib/postgres/data/postgresql.conf``, depending on the platform.