diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 4beef440e..6174a543c 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -202,8 +202,7 @@ our $VERSION = '4.4_4';
 #
 #       'provisional' only applies to policy chains; when true, indicates that this is a provisional policy chain which might be
 #       replaced. Policy chains created under the IMPLICIT_CONTINUE=Yes option are marked with provisional == 1. Similarly,
-#       'expanded' also applies only to policy chains; when true, indicates that the chain is a policy chain as a result of
-#       EXPAND_POLICIES=Yes.
+#       'expanded' is set when a policy is define by a wildcard policy.
 #
 #       Only 'referenced' chains get written to the iptables-restore input.
 #
diff --git a/Shorewall/Perl/Shorewall/Policy.pm b/Shorewall/Perl/Shorewall/Policy.pm
index 2eae40bfc..054b6500a 100644
--- a/Shorewall/Perl/Shorewall/Policy.pm
+++ b/Shorewall/Perl/Shorewall/Policy.pm
@@ -102,12 +102,12 @@ sub set_policy_chain($$$$$)
 
 	    $chainref1->{default}     = $chainref->{default} if defined $chainref->{default};
 	    $chainref1->{is_policy}   = 1;
-	    $chainref1->{expanded}    = 1;
 	    push @policy_chains, $chainref1;
 	} else {
 	    $chainref1->{policychain} = $chainref->{name};
 	}
 
+	$chainref1->{expanded} = 1;
 	$chainref1->{policy} = $policy;
 	$chainref1->{policypair} = [ $source, $dest ];
     }
@@ -229,7 +229,13 @@ sub process_a_policy() {
 		fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
 	    }
 	} elsif ( $chainref->{policy} ) {
-	    fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
+	    if ( $chainref->{expanded} ) {
+		$chainref->{expanded} = 0;
+		convert_to_policy_chain( $chainref, $client, $server, $policy, 0 );
+		push @policy_chains, ( $chainref ) unless $config{EXPAND_POLICIES} && ( $clientwild || $serverwild );
+	    } else {
+		fatal_error qq(Policy "$client $server $policy" duplicates earlier policy "@{$chainref->{policypair}} $chainref->{policy}");
+	    }
 	} else {
 	    convert_to_policy_chain( $chainref, $client, $server, $policy, 0 );
 	    push @policy_chains, ( $chainref ) unless $config{EXPAND_POLICIES} && ( $clientwild || $serverwild );
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 29605ccec..c34344062 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -28,8 +28,8 @@ None.
                 N E W   F E A T U R E S   I N   4 . 5 . 0
 ----------------------------------------------------------------------------
 
-1)  Previously, if EXPAND_POLICIES=Yes, the following sequence of
-    policies would produce a 'Duplicate Policy' error:
+1)  Previously, the following sequence of policies would produce a
+    'Duplicate Policy' error:
 
     	     $FW             all             ACCEPT
     	     $FW             dmz             REJECT          info