diff --git a/config/action.d/shorewall.conf b/config/action.d/shorewall.conf
index 81ac05187..f5f2c775d 100644
--- a/config/action.d/shorewall.conf
+++ b/config/action.d/shorewall.conf
@@ -9,7 +9,9 @@
 # connections. So if the attempter goes on trying using the same connection
 # he could even log in. In order to get the same behavior of the iptable
 # action (so that the ban is immediate) the /etc/shorewall/shorewall.conf
-# file should me modified with "BLACKLISTNEWONLY=No".
+# file should me modified with "BLACKLISTNEWONLY=No". Note that as of
+# Shorewall 4.5.13 BLACKLISTNEWONLY is deprecated; however the equivalent
+# of BLACKLISTNEWONLY=No can now be achieved by setting BLACKLIST="ALL".
 # 
 
 [Definition]