diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index bb6675251..80ee26444 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -3224,15 +3224,14 @@ add_a_rule()
 				fi
 				
 				case $logtarget in
-				    NONAT)
+				    NONAT|ACCEPT+)
 					addnatrule $(dnat_chain $source) $proto $multiport \
 					    $cli $sports -d $srv $dports $ratelimit $userandgroup -j RETURN
 					;;
-				    ACCEPT+)
-					addnatrule $(dnat_chain $source) $proto $multiport \
-					    $cli $sports -d $srv $dports $ratelimit $userandgroup -j RETURN
-					run_iptables2 -A $chain $proto $multiport $cli $sports \
-					    -d $srv $dports $ratelimit $userandgroup -j $target
+				esac
+
+				case $logtarget in
+				    NONAT)
 					;;
 				    *)
 					run_iptables2 -A $chain $proto $multiport $cli $sports \
@@ -3249,15 +3248,14 @@ add_a_rule()
 		    fi
 
 		    case $logtarget in
-			NONAT)
+			NONAT|ACCEPT+)
 			    addnatrule $(dnat_chain $source) $proto $multiport \
 				$cli $sports $dports $ratelimit $userandgroup -j RETURN
                             ;;
-			ACCEPT+)
-			    addnatrule $(dnat_chain $source) $proto $multiport \
-				$cli $sports $dports $ratelimit $userandgroup -j RETURN
-			    run_iptables2 -A $chain $proto $multiport $cli $sports \
-				$dports $ratelimit $userandgroup -j $target
+                    esac
+
+		    case $logtarget in
+			NONAT)
 			    ;;
 			*)
 			    run_iptables2 -A $chain $proto $multiport $cli $sports \
@@ -3284,15 +3282,14 @@ add_a_rule()
 	    case $logtarget in
 		LOG)
 		    ;;
-		NONAT)
+		NONAT|ACCEPT+)
 		    addnatrule $(dnat_chain $source) $proto $multiport \
 		       $cli $sports $dports $ratelimit $userandgroup -j RETURN
 		    ;;
-		ACCEPT+)
-		    addnatrule $(dnat_chain $source) $proto $multiport \
-		       $cli $sports $dports $ratelimit $userandgroup -j RETURN
-		    run_iptables2 -A $chain $proto $multiport $dest_interface \
-			$cli $sports $dports $ratelimit $userandgroup -j $target
+		esac
+
+	    case $logtarget in
+		LOG|NONAT)
 		    ;;
 		*)
 		    run_iptables2 -A $chain $proto $multiport $dest_interface \
diff --git a/Shorewall2/interfaces b/Shorewall2/interfaces
index 9a9642362..64c02ee22 100644
--- a/Shorewall2/interfaces
+++ b/Shorewall2/interfaces
@@ -115,11 +115,21 @@
 #				       established connection will be accepted
 #				       from this interface, even if 
 #				       NEWNOTSYN=No has been specified in
-#				       /etc/shorewall/shorewall.conf.
+#				       /etc/shorewall/shorewall.conf. In other
+#				       words, packets coming in on this interface
+#				       are processed as if NEWNOTSYN=Yes had been
+#				       specified in /etc/shorewall/shorewall.conf.
 #
 #				       This option has no effect if 
 #				       NEWNOTSYN=Yes.
 #
+#				       It is the opinion of the author that
+#			  	       NEWNOTSYN=No creates more problems than
+#				       it solves and I recommend against using 
+#				       that setting in shorewall.conf (hence 
+#				       making the use of the 'newnotsyn'
+#				       interface option unnecessary).
+#
 #			routeback    - If specified, indicates that Shorewall
 #				       should include rules that allow filtering
 #				       traffic arriving on this interface back