diff --git a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
index fd963406d5..cda83446fd 100644
--- a/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
+++ b/en_US.ISO8859-1/books/handbook/firewalls/chapter.sgml
@@ -2163,6 +2163,19 @@ options    IPV6FIREWALL_DEFAULT_TO_ACCEPT</programlisting>
       <para>Enable logging:</para>
 
       <programlisting>firewall_logging="YES"</programlisting>
+
+      <warning>
+	<para>The only thing that the <varname>firewall_logging</varname>
+	  variable will do is setting the
+	  <varname>net.inet.ip.fw.verbose</varname> sysctl variable to
+	  the value of <literal>1</literal> (see
+	  <xref linkend="firewalls-ipfw-enable">).  There is no
+	  <filename>rc.conf</filename> variable to set log limitations,
+	  but it can be set via sysctl variable, manually or
+	  from the <filename>/etc/sysctl.conf</filename> file:</para>
+
+	<programlisting>net.inet.ip.fw.verbose_limit=5</programlisting>
+      </warning>
     </sect2>
 
     <sect2 id="firewalls-ipfw-cmd">