diff --git a/docs/manual.en.md b/docs/manual.en.md
index 712fcd2..7e1dac7 100644
--- a/docs/manual.en.md
+++ b/docs/manual.en.md
@@ -19,6 +19,7 @@
   - [Protocol detection](#protocol-detection)
   - [Using multiple profiles](#using-multiple-profiles)
     - [Profile templates](#profile-templates)
+    - [Filtering by ipsets](#filtering-by-ipsets)
     - [Filtering by lists](#filtering-by-lists)
     - [Autohostlist failure detector](#autohostlist-failure-detector)
     - [Network presence filter](#network-presence-filter)
@@ -820,6 +821,12 @@ In this example, there are 3 active profiles and 3 templates, one of which impor
 
 Any parameters applicable to profiles, including filters, are allowed within templates.
 
+### Filtering by ipsets
+
+- In case of tcp or udp server address is matched in client mode и and client address in [server](#server-mode).
+- related icmp use cached profile from the original packet.
+- Unrelated icmp and и raw ip are matched by either source or destination ip. To match ipset any of two must match.
+
 ### Filtering by lists
 
 If hostlist filters are used - meaning there is at least one domain in any hostlist or an autohostlist is specified - the profile will never be selected if the hostname is missing.