diff --git a/Shorewall-docs/MAC_Validation.xml b/Shorewall-docs/MAC_Validation.xml
index f161b200d..7af2023af 100644
--- a/Shorewall-docs/MAC_Validation.xml
+++ b/Shorewall-docs/MAC_Validation.xml
@@ -15,14 +15,10 @@
       </author>
     </authorgroup>
 
-    <pubdate>2002-06-30</pubdate>
+    <pubdate>2004-01-06</pubdate>
 
     <copyright>
-      <year>2001</year>
-
-      <year>2002</year>
-
-      <year>2003</year>
+      <year>2001-2004</year>
 
       <holder>Thomas M. Eastep</holder>
     </copyright>
@@ -39,7 +35,15 @@
 
   <para>All traffic from an interface or from a subnet on an interface can be
   verified to originate from a defined set of MAC addresses. Furthermore, each
-  MAC address may be optionally associated with one or more IP addresses.</para>
+  MAC address may be optionally associated with one or more IP addresses. Note
+  that </para>
+
+  <important>
+    <para><emphasis role="bold">MAC addresses are only visible within a
+    ethernet segment so all MAC addresses used in verification must belong to
+    devices physically connected to one of the LANs to which your firewall is
+    connected.</emphasis></para>
+  </important>
 
   <important>
     <para><emphasis role="bold">Your kernel must include MAC match support