diff --git a/Shorewall2/action.template b/Shorewall2/action.template
index 79b94ecb3..fcc948d00 100644
--- a/Shorewall2/action.template
+++ b/Shorewall2/action.template
@@ -37,6 +37,10 @@
 #			ACCEPT:debugging). This causes the packet to be
 #			logged at the specified level.
 #
+#			The special log level 'none' does not result in logging
+#			but rather exempts the rule from being overridden by a
+#			non-forcing log level when the action is invoked.
+#
 #			You may also specify ULOG (must be in upper case) as a
 #			log level.This will log to the ULOG target for routing
 #			to a separate log through use of ulogd
diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index bb3831291..7fbc27db8 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -33,4 +33,6 @@ Changes since 2.0.3
 
 10) Port "shorewall status" changes from 2.0.7.
 
-11) All config files are now empty.
\ No newline at end of file
+11) All config files are now empty.
+
+12) Port blacklisting fix from 2.0.7
\ No newline at end of file
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 10d1e5b55..042f9671d 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -4594,7 +4594,7 @@ process_blacklist_rec() {
 # Setup the Black List
 #
 setup_blacklist() {
-    local hosts=$(find_hosts_by_option blacklist)
+    local hosts="$(find_hosts_by_option blacklist)"
     local f=$(find_file blacklist)
     local disposition=$BLACKLIST_DISPOSITION
 
diff --git a/Shorewall2/rules b/Shorewall2/rules
index 2bee3c0c7..e65fba67f 100755
--- a/Shorewall2/rules
+++ b/Shorewall2/rules
@@ -72,6 +72,20 @@
 #			DNAT:debug). This causes the packet to be
 #			logged at the specified level.
 #
+#			If the ACTION names an action devined in
+#			/etc/shorewall/actions or in
+#			/usr/share/shorewall/actions.std then:
+#
+#			- If the log level is followed by "!' then all rules
+#			  in the action are logged at the log level.
+#
+#			- If the log level is not followed by "!" then only
+#			  those rules in the action that do not specify 
+#			  logging are logged at the specified level.
+#
+#			- The special log level 'none!' suppresses logging
+#			  by the action.
+#
 #			You may also specify ULOG (must be in upper case) as a
 #			log level.This will log to the ULOG target for routing
 #			to a separate log through use of ulogd