diff --git a/source/manual/aliases.rst b/source/manual/aliases.rst
index a8fdc26..5ed27cc 100644
--- a/source/manual/aliases.rst
+++ b/source/manual/aliases.rst
@@ -22,6 +22,8 @@ OPNsense offers the following alias types:
 +------------------+------------------------------------------------------+
 | Ports            | Port numbers or a port range like 20:30              |
 +------------------+------------------------------------------------------+
+| MAC address      | MAC address or partial mac addresses                 |
++------------------+------------------------------------------------------+
 | URL (IPs)        | A table of IP addresses that are fetched once        |
 +------------------+------------------------------------------------------+
 | URL Tables (IPs) | A table of IP addresses that are fetched on regular  |
@@ -79,6 +81,27 @@ Ports can be specified as a single number or a range using a colon **:**.
 For instance to add a range of 20 to 25 one would enter 20:25 in the **Port(s)**
 section.
 
+..................
+MAC address
+..................
+
+Hardware mac addresses can be specified as a (partial) hex value, such as :code:`F4:90:EA` to match all addresses from
+Deciso or :code:`f4:90:ea:00:00:01` to match a single item (the input is case insensitive).
+
+The way these aliases function is approximately the same as hostnames in host type aliases, they are resolved on periodic
+intervals from the :code:`arp` and :code:`ndp` tables.
+
+
+.. Warning::
+
+    Please be aware that hardware addresses can be spoofed (https://en.wikipedia.org/wiki/MAC_spoofing), which doesn't make
+    filters on them more secure than ip addresses in any way.
+
+.. Note::
+
+    Since mappings between addresses and mac addresses are resolved periodically the actual situation can differ, you can
+    always check :menuselection:`Firewall -> Diagnostics -> pfTables` to inspect the current contents of the alias.
+
 ..................
 URL Tables
 ..................