diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index 45d1ee518..4c8c0750b 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -8,6 +8,8 @@ Changes in 2.2.2
 3) All calls to 'clear' are now conditional on the output device being
    a terminal.
 
+4) Apply Juergen Kreileder's log/action patch.
+
 Changes in 2.2.1
 
 1) Add examples to the zones and policy files.
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 081358d47..b446c1fbc 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -3246,7 +3246,11 @@ createlogactionchain() # $1 = Action Name, $2 = Log Level [: Log Tag ]
     if [ $COMMAND != check ]; then
 	createchain $CHAIN No
 	LEVEL=${level%:*}
-	TAG=${level#*:}
+	if [ "$LEVEL" != "$level" ]; then
+	    TAG=${level#*:}
+	else
+	    TAG=
+	fi
 	run_user_exit $1
     fi
 
@@ -4427,6 +4431,7 @@ process_rules()
 		if [ "${ysourcezone}" != "${ydestzone}" ] ; then
 		    eval ypolicy=\$${ysourcezone}2${ydestzone}_policy
 		    if [ "$ypolicy" != NONE ] ; then
+			rule="$(echo $xtarget $yclients $yservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
 			process_rule $xtarget $yclients $yservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec
 		    fi
 		fi
@@ -4452,11 +4457,11 @@ process_rules()
 	    continue
 	fi
 	
+	rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
 	process_rule $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec
     }
 
     while read xtarget xclients xservers xprotocol xports xcports xaddress xratelimit xuserspec; do
-	rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
 	expandv xtarget
 
 	case "${xtarget%%:*}" in
@@ -4473,6 +4478,7 @@ process_rules()
 		    xtarget=$(find_logactionchain $xtarget)
 		    do_it    
 		else
+		    rule="$(echo $xtarget $xclients $xservers $xprotocol $xports $xcports $xaddress $xratelimit $xuserspec)"
 		    fatal_error "Invalid Action in rule \"$rule\""
 		fi
 		;;
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index f04afaacb..46a5a34ae 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -6,6 +6,11 @@ Problems corrected in version 2.2.2
 1) The SOURCE column in the /etc/shorewall/tcrules file now allows IP
    ranges (assuming that your iptables and kernel support ranges).
 
+2) If A is a user-defined action and you have file /etc/shorewall/A
+   then when that file is invoked, the $TAG value may be incorrect.
+
+   This is corrected in the 'firewall' script found in the errata and
+   the errata/LRP sub-directories.
 -----------------------------------------------------------------------
 New Features in version 2.2.2