diff --git a/docs/NewBridge.xml b/docs/NewBridge.xml
index 965a55473..d37cd2152 100644
--- a/docs/NewBridge.xml
+++ b/docs/NewBridge.xml
@@ -44,10 +44,6 @@
     later. If you are running a version of Shorewall earlier than Shorewall
     3.3.3 then please see the documentation for that
     release.</emphasis></para>
-
-    <para><emphasis role="bold">This configuration is not as secure as the one
-    described in <ulink url="bridge.html">another article</ulink> but it has
-    the advantage that it works with all kernel versions.</emphasis></para>
   </caution>
 
   <section>
@@ -85,6 +81,33 @@
         </note>
       </listitem>
     </orderedlist>
+
+    <para>The technique described in this article differs from that in <ulink
+    url="bridge.html">Shorewall and Bridged Firewalls</ulink> in that it
+    defines zones in terms of ip addresses (networks, hosts, and/or ranges)
+    accessed through the bridge device rather than in terms of ports on the
+    bridge. While using ports is more convenient, it requires a
+    fully-functional <emphasis>physdev match </emphasis> capability in your
+    kernel and iptables. Beginning with Linux kernel version 2.6.20, the
+    physdev match capability was reduced in function to the point where in can
+    no longer be used for Shorewall zone definition. To work around this
+    functional step backward, the technique described below can be
+    used.</para>
+
+    <para>To summarize the changes required required to move from a
+    <emphasis>Shorewall and Bridged Firewalls</emphasis> configuration to this
+    new type:</para>
+
+    <orderedlist>
+      <listitem>
+        <para>Set BRIDGING=No in shorewall.conf</para>
+      </listitem>
+
+      <listitem>
+        <para>Modify your <filename>/etc/shorewall/hosts</filename> file to
+        use IP addresses rather than bridge ports to define your zones.</para>
+      </listitem>
+    </orderedlist>
   </section>
 
   <section>
diff --git a/docs/bridge.xml b/docs/bridge.xml
index ce5dd10d8..18f168602 100644
--- a/docs/bridge.xml
+++ b/docs/bridge.xml
@@ -87,14 +87,14 @@
 
     <warning>
       <para><emphasis role="bold">SUPPORT FOR BRIDGING AS DESCRIBED IN THIS
-      ARTICLE MIGHT BE DISCONTINUED IN THE FUTURE.</emphasis> The underlying
-      Netfilter features that Shorewall Bridge/Firewall support relies on are
-      being removed and it is not certain whether Shorewall will be able to
-      continue to support bridge/firewalls in the way described here.</para>
+      ARTICLE IS DISCONTINUED IN LINUX KERNEL 2.6.20.</emphasis> The
+      underlying Netfilter features that Shorewall Bridge/Firewall support
+      relies on were removed from Netfilter and it is no longer possible to
+      define Shorewall zones in terms of physical bridge ports.</para>
 
       <para>In <ulink url="NewBridge.html">another article</ulink>, I describe
-      how to configure a bridge/firewall which will work with future kernel
-      versions.</para>
+      how to configure a bridge/firewall which will work with kernel 2.6.20
+      and later versions.</para>
     </warning>
 
     <para>Note that if you need a bridge but do not need to restrict the