diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 227633369..ca20a5be6 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -55,6 +55,7 @@ our @EXPORT = qw(
 		    ensure_filter_chain
 		    ensure_manual_chain
 		    ensure_audit_chain
+		    ensure_blacklog_chain
 		    require_audit
 		    newlogchain
 		    log_rule_limit
@@ -2168,6 +2169,24 @@ sub ensure_manual_chain($) {
     $chainref;
 }
 
+sub ensure_blacklog_chain( $$$$ ) {
+    my ( $target, $disposition, $level, $audit ) = @_;
+
+    unless ( $filter_table->{blacklog} ) {
+	my $logchainref = new_manual_chain 'blacklog';
+
+	$target =~ s/A_//;
+	$target = 'reject' if $target eq 'REJECT';
+
+	log_rule_limit( $level , $logchainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add',	'' );
+
+	add_ijump( $logchainref, j => 'AUDIT', targetopts => '--type ' . lc $target ) if $audit;
+	add_ijump( $logchainref, g => $target );
+    }
+
+    'blacklog';
+}
+
 #
 # Create and populate the passed AUDIT chain if it doesn't exist. Return chain name
 #
@@ -3512,7 +3531,7 @@ sub do_test ( $$ )
     my $invert = $testval =~ s/^!// ? '! ' : '';
 
     if ( $config{ZONE_BITS} ) {
-	$testval = join( '/', in_hex( find_zone( $testval )->{mark} ), in_hex( $globals{ZONE_MASK} ) ) unless $testval =~ /^\d/ || $testval =~ /:/;
+	$testval = join( '/', in_hex( zone_mark( $testval ) ), in_hex( $globals{ZONE_MASK} ) ) unless $testval =~ /^\d/ || $testval =~ /:/;
     }
 
     my $match  = $testval =~ s/:C$// ? "-m connmark ${invert}--mark" : "-m mark ${invert}--mark";
diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 221957109..41ab2b809 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -220,17 +220,7 @@ sub setup_blacklist() {
 	$chainref1 = dont_delete new_standard_chain 'blackout' if @$zones1;
 
 	if ( supplied $level ) {
-	    my $logchainref = new_standard_chain 'blacklog';
-
-	    $target =~ s/A_//;
-	    $target = 'reject' if $target eq 'REJECT';
-
-	    log_rule_limit( $level , $logchainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add',	'' );
-
-	    add_ijump( $logchainref, j => 'AUDIT', targetopts => '--type ' . lc $target ) if $audit;
-	    add_ijump( $logchainref, g => $target );
-
-	    $target = 'blacklog';
+	    $target = ensure_blacklog_chain ( $target, $disposition, $level, $audit );
 	} elsif ( $audit ) {
 	    require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$disposition", 's';
 	    $target = verify_audit( $disposition );
@@ -405,16 +395,6 @@ sub convert_blacklist() {
     
     if ( @$zones || @$zones1 ) {
 	if ( supplied $level ) {
-	    my $logchainref = new_standard_chain 'blacklog';
-
-	    $target =~ s/A_//;
-	    $target = 'reject' if $target eq 'REJECT';
-
-	    log_rule_limit( $level , $logchainref , 'blacklst' , $disposition , "$globals{LOGLIMIT}" , '', 'add',	'' );
-
-	    add_ijump( $logchainref, j => 'AUDIT', targetopts => '--type ' . lc $target ) if $audit;
-	    add_ijump( $logchainref, g => $target );
-
 	    $target = 'blacklog';
 	} elsif ( $audit ) {
 	    require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$disposition", 's';
@@ -447,7 +427,7 @@ sub convert_blacklist() {
 
 	    warning_message "Duplicate 'whitelist' option ignored" if $whitelist > 1;
 
-	    my $tgt = $whitelist ? 'RETURN' : $target;
+	    my $tgt = $whitelist ? 'WHITELIST' : $target;
 
 	    if ( $auditone ) {
 		fatal_error "'audit' not allowed in whitelist entries" if $whitelist;
@@ -520,11 +500,7 @@ EOF
 	    for ( @rules ) {
 		my ( $srcdst, $tgt, $networks, $protocols, $ports ) = @$_;
 
-		if ( $level ) {
-		    $tgt .= ":$level\t";
-		} else {
-		    $tgt .= "\t\t";
-		}
+		$tgt .= "\t\t";
 
 		my $list = $srcdst eq 'src' ? $zones : $zones1;
 
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index fd26389db..3de8af7df 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2441,11 +2441,23 @@ sub process_rule ( ) {
 # Process the Rules File
 #
 sub process_rules() {
-
     my $fn = open_file 'blrules';
 
     if ( $fn ) {
-	first_entry "$doing $fn...";
+	first_entry( sub () {
+			 my ( $level, $disposition ) = @config{'BLACKLIST_LOGLEVEL', 'BLACKLIST_DISPOSITION' };
+			 my $audit       = $disposition =~ /^A_/;
+			 my $target      = $disposition eq 'REJECT' ? 'reject' : $disposition;
+
+			 progress_message2 "$doing $fn...";
+
+			 if ( supplied $level ) {
+			     ensure_blacklog_chain( $target, $disposition, $level, $audit );
+			 } elsif ( $audit ) {
+			     require_capability 'AUDIT_TARGET', "BLACKLIST_DISPOSITION=$disposition", 's';
+			     verify_audit( $disposition );
+			 }
+		     } );
 	
 	$section = 'BLACKLIST';