diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml
index 0e52e1e2f..dad75032c 100644
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@@ -366,6 +366,12 @@ insert_rule $filter_table->{OUTPUT},     1, "-p udp --sport 1701 -j ACCEPT";
           </listitem>
 
           <listitem>
+            <para>Shorewall-perl insists that ipset names begin with a letter
+            and be composed of alphanumeric characters and underscores (_).
+            When used in a Shorewall configuration file, the name must be
+            preceded by a plus sign (+) as with the shell-based
+            compiler.</para>
+
             <para>Shorewall is now out of the ipset load/reload business. With
             scripts generated by the Perl-based Compiler, the Netfilter
             ruleset is never cleared. That means that there is no opportunity