diff --git a/sslsplit.1 b/sslsplit.1
index 91fba93..0e917ba 100644
--- a/sslsplit.1
+++ b/sslsplit.1
@@ -508,9 +508,7 @@ Assuming inbound interface \fBbge0\fP:
 .B netfilter
 Linux netfilter using the iptables REDIRECT target.
 Only supports IPv4 due to limitations in the SO_ORIGINAL_DST getsockopt(2)
-interface. Please note that SSLsplit is only able to accept incoming
-connections if it binds to the correct IP address (e.g. 192.0.2.1) or on all
-interfaces (0.0.0.0).
+interface.
 .LP
 .RS
 .nf
@@ -521,6 +519,11 @@ interfaces (0.0.0.0).
          -p tcp --dport 443 \\
          -j REDIRECT --to-ports 10443\fP
 .fi
+.LP
+Note that SSLsplit is only able to accept incoming connections if it binds
+to the correct IP address (e.g. 192.0.2.1) or on all interfaces (0.0.0.0).
+REDIRECT uses the local interface address of the incoming interface as
+target IP address, or 127.0.0.1 for locally generated packets.
 .RE
 .TP
 .B tproxy
@@ -576,8 +579,8 @@ available on your system):
 .RE
 .LP
 If the Linux netfilter engine is used with the iptables REDIRECT target, it is
-important to listen to the correct IP address (e.g. 192.0.2.1) or on the
-wildcard (0.0.0.0), otherwise SSLsplit is not able to accept incoming
+important to listen to the correct IP address (e.g. 192.0.2.1) or on all
+interfaces (0.0.0.0), otherwise SSLsplit is not able to accept incoming
 connections.
 .LP
 Intercepting IMAP/IMAPS using the same settings: