diff --git a/manpages/shorewall-masq.xml b/manpages/shorewall-masq.xml
index cfb979d5a..5e76339ab 100644
--- a/manpages/shorewall-masq.xml
+++ b/manpages/shorewall-masq.xml
@@ -125,8 +125,10 @@
         role="bold">-</emphasis>|[<emphasis
         role="bold">SAME:</emphasis>[<emphasis
         role="bold">nodst:</emphasis>]][<emphasis>address-or-address-range</emphasis>[,<emphasis>address-or-address-range</emphasis>]...][:<emphasis>lowport</emphasis><emphasis
-        role="bold">-</emphasis><emphasis>highport</emphasis>]|<emphasis
-        role="bold">detect</emphasis>]</term>
+        role="bold">-</emphasis><emphasis>highport</emphasis>][<emphasis
+        role="bold">:random</emphasis>]|<emphasis
+        role="bold">detect</emphasis>|<emphasis
+        role="bold">random</emphasis>]</term>
 
         <listitem>
           <para>If you specify an address here, SNAT will be used and this
@@ -138,7 +140,13 @@
           <para>You may also specify a range of up to 256 IP addresses if you
           want the SNAT address to be assigned from that range in a
           round-robin fashion by connection. The range is specified by
-          <emphasis>first.ip.in.range</emphasis>-<emphasis>last.ip.in.range</emphasis>.</para>
+          <emphasis>first.ip.in.range</emphasis>-<emphasis>last.ip.in.range</emphasis>.
+          Beginning with Shorewall 4.0.6, you may follow the port range
+          with<emphasis role="bold"> :random</emphasis> in which case
+          assignment of ports from the list will be random. <emphasis
+          role="bold">random</emphasis> may also be specified by itself in
+          this column in which case random local port assignments are made for
+          the outgoing connections.</para>
 
           <para>Example: 206.124.146.177-206.124.146.180</para>
 
diff --git a/manpages/shorewall-rules.xml b/manpages/shorewall-rules.xml
index f0e3bd62d..5a5c85d50 100644
--- a/manpages/shorewall-rules.xml
+++ b/manpages/shorewall-rules.xml
@@ -618,7 +618,8 @@
         role="bold">+</emphasis>][<emphasis
         role="bold">-</emphasis>]}<emphasis
         role="bold">[:{</emphasis><emphasis>interface</emphasis>|<emphasis>address-or-range</emphasis>[,<emphasis>address-or-range</emphasis>]...[<emphasis>exclusion</emphasis>]|<emphasis>exclusion</emphasis>|<emphasis
-        role="bold">+</emphasis><emphasis>ipset</emphasis>}][<option>:</option><replaceable>port</replaceable>]</term>
+        role="bold">+</emphasis><emphasis>ipset</emphasis>}][<option>:</option><replaceable>port</replaceable>[:<emphasis
+        role="bold">random</emphasis>]]</term>
 
         <listitem>
           <para>Location of Server. May be a zone declared in <ulink
@@ -723,10 +724,13 @@
             a service name. Additionally, Shorewall-perl 4.0.5 and later
             permit specifying a port range in the form
             <emphasis>lowport-highport</emphasis> to cause connections to be
-            assigned to ports in the range in round-robin fashion. In that
-            case, <emphasis>lowport</emphasis> and
+            assigned to ports in the range in round-robin fashion. When a port
+            range is specified, <emphasis>lowport</emphasis> and
             <emphasis>highport</emphasis> must be given as integers; service
-            names are not permitted.</para>
+            names are not permitted. Beginning with Shorewall 4.0.6, the port
+            range may be optionally followed by <emphasis
+            role="bold">:random</emphasis> which causes assignment to ports in
+            the list will be random.</para>
 
             <para>If the <emphasis role="bold">ACTION</emphasis> is <emphasis
             role="bold">REDIRECT</emphasis> or <emphasis