diff --git a/docs/ipsets.xml b/docs/ipsets.xml
index 6b75a01eb..520413a6b 100644
--- a/docs/ipsets.xml
+++ b/docs/ipsets.xml
@@ -145,7 +145,8 @@ ACCEPT       net:+sshok       $FW      tcp      22</programlisting></para>
     <para>Beginning with Shorewall 4.4.14, multiple source or destination
     matches may be specified by placing multiple set names in '+[...]' (e.g.,
     +[myset,myotherset]). When so enclosed, the set names need not be prefixed
-    with a plus sign.</para>
+    with a plus sign. When such a list of sets is specified, matching packets
+    must match all of the listed sets.</para>
 
     <para>Shorewall can save/restore your ipset contents with certain
     restrictions:</para>