diff --git a/src/main.py b/src/main.py
index 7ad9181..98bac05 100644
--- a/src/main.py
+++ b/src/main.py
@@ -120,6 +120,7 @@ method=    auto, nat, tproxy, or ipfw
 python=    path to python interpreter on the remote server
 r,remote=  ssh hostname (and optional username) of remote sshuttle server
 x,exclude= exclude this subnet (can be used more than once)
+X,exclude-from=  exclude the subnets in a file (whitespace separated)
 v,verbose  increase debug message verbosity
 e,ssh-cmd= the command to use to connect to the remote [ssh]
 seed-hosts= with -H, use these hostnames for initial scan (comma-separated)
@@ -165,6 +166,8 @@ try:
         for k, v in flags:
             if k in ('-x', '--exclude'):
                 excludes.append(v)
+            if k in ('-X', '--exclude-from'):
+                excludes += open(v).read().split()
         remotename = opt.remote
         if remotename == '' or remotename == '-':
             remotename = None
diff --git a/src/sshuttle.md b/src/sshuttle.md
index 11c3d03..cd3dccf 100644
--- a/src/sshuttle.md
+++ b/src/sshuttle.md
@@ -94,6 +94,10 @@ entire subnet to the VPN.
     `0/0 -x 1.2.3.0/24` to forward everything except the
     local subnet over the VPN, for example.
 
+-X, --exclude-from=*file*
+:   exclude the subnets specified in a file, one subnet per
+    line. Useful when you have lots of subnets to exclude.
+
 -v, --verbose
 :   print more information about the session.  This option
     can be used more than once for increased verbosity.  By