diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index 16000ccaf..ee680c58a 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -14,6 +14,8 @@ Changes in 4.0.1
 
 7)  Be sure that chkconfig runs after upgrade from < 4.0.0
 
+8)  Better out-of-order policy detection.
+
 Changes in 4.0.0 Final
 
 1)  Fix lite install.sh manpage problem.
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index f411627d8..3022461a8 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -73,6 +73,12 @@ Problems corrected in 4.0.1.
     4.0.0. Previously, Shorewall was not started automatically after an
     upgrade using the RPM.
 
+9)  Shorewall-perl now detects dead policy file entries that result
+    when an entry is masked by an earlier entry. Example:
+
+	 all	 all	  REJECT    info
+	 loc	 net	  ACCEPT
+
 Other changes in Shorewall 4.0.1.
 
 1)  A new EXPAND_POLICIES option is added to shorewall.conf. The
@@ -670,6 +676,14 @@ Migration Considerations:
      w) The PKTTYPE option is ignored by Shorewall-perl. Shorewall-perl 
         will use Address type match if it is available; otherwise, it 
 	will behave as if PKTTYPE=No had been specified.
+
+     x) Shorewall-perl detects dead policy file entries that result
+        when an entry is masked by an earlier more general
+        entry. Example:
+
+	 all	 all	  REJECT    info
+	 loc	 net	  ACCEPT
+
     ------------------------------------------------------------------------
                       P R E R E Q U I S I T E S
     ------------------------------------------------------------------------
diff --git a/docs/Shorewall-perl.xml b/docs/Shorewall-perl.xml
index 1be4a9522..8e521e4be 100644
--- a/docs/Shorewall-perl.xml
+++ b/docs/Shorewall-perl.xml
@@ -491,6 +491,17 @@ eth0             eth1:!192.168.4.9       ...</programlisting></para>
             available; otherwise, they will behave as if PKTTYPE=No had been
             specified.</para>
           </listitem>
+
+          <listitem>
+            <para> Shorewall-perl detects dead policy file entries that result
+            when an entry is masked by an earlier more general entry.</para>
+
+            <para>Example:</para>
+
+            <programlisting>#SOURCE DEST     POLICY    LOG LEVEL
+all     all      REJECT    info
+loc     net      ACCEPT</programlisting>
+          </listitem>
         </orderedlist>
       </listitem>