diff --git a/Shorewall-common/changelog.txt b/Shorewall-common/changelog.txt
index de7485234..3a2d1570b 100644
--- a/Shorewall-common/changelog.txt
+++ b/Shorewall-common/changelog.txt
@@ -10,6 +10,8 @@ Changes in 4.1.3
 
 5)  Fix mis-handling of <interface>:<mac>
 
+6)  Add better diagnostic when not running as root.
+
 Changes in 4.1.2
 
 1)  Enhanced Operational Logging
diff --git a/Shorewall-common/lib.base b/Shorewall-common/lib.base
index 56a1d225f..5c5056cdf 100644
--- a/Shorewall-common/lib.base
+++ b/Shorewall-common/lib.base
@@ -1009,7 +1009,15 @@ determine_capabilities() {
     NFQUEUE_TARGET=
     REALM_MATCH=
 
-    qt $IPTABLES -N fooX1234
+    [ -n "$IPTABLES" ] || IPTABLES=$(mywhich iptables)
+
+    qt $IPTABLES -F fooX1234
+    qt $IPTABLES -X fooX1234
+    if ! $IPTABLES -N fooX1234; then
+	echo "   ERROR: The command \"$IPTABLES -N fooX1234\" failed" >&2
+	exit 1;
+    fi
+
     qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
 
     if qt $IPTABLES -A fooX1234 -p tcp -m multiport --dports 21,22 -j ACCEPT; then
diff --git a/Shorewall-common/releasenotes.txt b/Shorewall-common/releasenotes.txt
index c781ec964..9d25a3cff 100644
--- a/Shorewall-common/releasenotes.txt
+++ b/Shorewall-common/releasenotes.txt
@@ -37,6 +37,9 @@ Other changes in Shorewall 4.1.3.
     /bin/sh after issuing a warning message. Previously, both
     terminated with a fatal error.
 
+2)  The error message has been improved when a non-root user attempts
+    "shorewall show capabilities".
+
 Migration Issues.
 
 1)  Previously, when HIGH_ROUTE_MARKS=Yes, Shorewall allowed non-zero