diff --git a/Shorewall/blacklist b/Shorewall/blacklist
index 7ebd3db85..a729df5c8 100755
--- a/Shorewall/blacklist
+++ b/Shorewall/blacklist
@@ -18,6 +18,10 @@
 #
 #			  Example: ~00-A0-C9-15-39-78
 #
+#			  A dash ("-") in this column means that any source
+#			  address will match. This is useful if you want to
+#			  blacklist a particular application.
+#
 #	PROTOCOL	- Optional. If specified, must be a protocol number
 #			  or a protocol name from /etc/protocols.
 #
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 4a4dd15e6..d84cf044b 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -12,6 +12,8 @@ Changes in 3.0.3
 
 6) Add more migration information to release notes.
 
+7) Allow "-" in the ADDRESS/SUBNET column of the blacklist file.
+
 Changes in 3.0.2
 
 1) Typos in the Samples corrected.
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 30006f9c3..7cdb904ed 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -7334,6 +7334,9 @@ process_blacklist_rec() {
 
     for addr in $(separate_list $networks); do
 	case $addr in
+	    -)
+		source=
+		;;
 	    ~*)
 		addr=$(echo $addr | sed 's/~//;s/-/:/g')
 		source="--match mac --mac-source $addr"
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 2ef8fef2d..ea1ab9fa1 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -57,6 +57,10 @@ New Features in 3.0.3
 
 2) The '-q' option now works with 'safe-start' and 'safe-restart'.
 
+3) The value "-" is now allowed in the ADDRESS/SUBNET column of
+   /etc/shorewall/blacklist. That value is equivalent to specifying
+   0.0.0.0/0 in that column.
+
 Problems Corrected in 3.0.2
 
 1) A couple of typos in the one-interface sample configuration have