diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index bfe1fc199..e28620b40 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -36,6 +36,28 @@ New Features in version 2.2.3
    connections will be allowed in accordance with the contents of
    /etc/shorewall/routestopped.
 
+3) The performance of configurations with a large numbers of entries in
+   /etc/shorewall/maclist can be improved by setting the new 
+   MACLIST_TTL variable in /etc/shorewall/shorewall.conf.
+
+   If your iptables and kernel support the "Recent Match" (see the
+   output of "shorewall check" near the top), you can cache the results
+   of a 'maclist' file lookup and thus reduce the overhead associated
+   with MAC Verification.
+
+   When a new connection arrives from a 'maclist' interface, the packet
+   passes through then list of entries for that interface in
+   /etc/shorewall/maclist. If there is a match then the source IP
+   address is added to the 'Recent' set for that interface. Subsequent
+   connection attempts from that IP address occuring within
+   $MACLIST_TTL seconds will be accepted without having to scan all
+   of the entries. After $MACLIST_TTL from the first accepted
+   connection request from an IP address, the next connection request
+   from that IP address will be checked against the entire list.
+
+   If MACLIST_TTL is not specified or is specified as empty (e.g, 
+   MACLIST_TTL="" or is specified as zero then 'maclist' lookups
+   will not be cached.
 -----------------------------------------------------------------------
 Problems corrected in version 2.2.2