diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index e9a01cdf2..3edf4d2e6 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -10,6 +10,8 @@ Changes in 3.0.0 RC 3.
 
 5) Update config files with cmd-owner info.
 
+6) Fix DHCP with MACLIST_TABLE=mangle.
+
 Changes in 3.0.0 RC 2.
 
 1) Fix support for OpenVPN and tcp.
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 5732f8797..6c3e7c617 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -2816,6 +2816,12 @@ setup_mac_lists() {
     for interface in $maclist_interfaces; do
 	chain=$(mac_chain $interface)
 	create_mac_chain $chain
+	#
+	# If we're using the mangle table and the interface is DHCP-enabled then we need to accept DHCP broadcasts from 0.0.0.0
+	#
+	if [ $MACLIST_TABLE = mangle ] && interface_has_option $interface dhcp; then
+	    run_iptables -t mangle -A $chain -s 0.0.0.0 -p udp --dport 67:68 -j RETURN
+	fi
 
 	if [ -n "$MACLIST_TTL" ]; then
 	    chain1=$(macrecent_target $interface)
@@ -2826,6 +2832,7 @@ setup_mac_lists() {
 	    run_iptables -t $MACLIST_TABLE -A $chain  -m recent --set                           --name $chain
 	fi
     done
+
     #
     # Process the maclist file producing the verification rules
     #
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 77aed3cef..4af52ae29 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -18,6 +18,12 @@ Problems Corrected in 3.0.0 RC 3:
     files have been updated to warn that +<program name> is not supported
     by kernel versions 2.6.14 and later.
 
+4)  When MACLIST_TABLE=mangle and an interface is enabled for DHCP (the
+    'dhcp' option is specified in /etc/shorewall/interfaces) then broadcasts
+    on UDP port 67 to address 255.255.255.255 from address 0.0.0.0 were being
+    dropped and logged. While this did not prevent the client from acquiring
+    an IP address, it could result in lots of log messages.
+
 Migration Considerations:
 
 1) The "monitor" command has been eliminated.