diff --git a/Shorewall2/changelog.txt b/Shorewall2/changelog.txt
index eb50123f0..b726abfda 100644
--- a/Shorewall2/changelog.txt
+++ b/Shorewall2/changelog.txt
@@ -121,3 +121,4 @@ Changes since 2.0.3
 
 58) Clarification of the 'ipsec' hosts file option.
 
+59) Allow list in the SUBNET column of the rfc1918 file.
diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index db35f6be7..d9a1dabc7 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -1986,7 +1986,6 @@ setup_mac_lists() {
     #
     # Process the maclist file producing the verification rules
     #
-
     while read interface mac addresses; do
 	expandv interface mac addresses
 
@@ -5834,20 +5833,22 @@ add_common_rules() {
 		    ;;
 	    esac
 
-	    run_iptables2 -A norfc1918 $(source_ip_range $networks) -j $target
-
-	    if [ -n "$CONNTRACK_MATCH" ]; then
-		#
-		# We have connection tracking match -- match on the original destination
-		#
-		run_iptables2 -A norfc1918 -m conntrack --ctorigdst $networks -j $target
-	    elif [ -n "$MANGLE_ENABLED" ]; then
-		#
-		# No connection tracking match but we have mangling -- add a rule to
-		# the mangle table
-		#
-		run_iptables2 -t mangle -A man1918 $(dest_ip_range $networks) -j $target
-	    fi
+	    for network in $(separate_list $networks); do
+		run_iptables2 -A norfc1918 $(source_ip_range $network) -j $target
+	
+		if [ -n "$CONNTRACK_MATCH" ]; then
+		    #
+		    # We have connection tracking match -- match on the original destination
+		    #
+		    run_iptables2 -A norfc1918 -m conntrack --ctorigdst $network -j $target
+		elif [ -n "$MANGLE_ENABLED" ]; then
+		    #
+		    # No connection tracking match but we have mangling -- add a rule to
+		    # the mangle table
+		    #
+		    run_iptables2 -t mangle -A man1918 $(dest_ip_range $network) -j $target
+		fi
+	    done
 	done < $TMP_DIR/rfc1918
 
 	for host in $hosts; do
diff --git a/Shorewall2/releasenotes.txt b/Shorewall2/releasenotes.txt
index ec3f0162c..45c5a50f2 100755
--- a/Shorewall2/releasenotes.txt
+++ b/Shorewall2/releasenotes.txt
@@ -640,3 +640,7 @@ New Features:
 
     DANGER: DO NOT USE THIS OPTION IF THE RESULTING LOG MESSAGES WILL
     BE SENT TO ANOTHER SYSTEM.
+
+26) The SUBNET column in /etc/shorewall/rfc1918 has been renamed
+    SUBNETS and it is now possible to specify a list of addresses in
+    that column.
diff --git a/Shorewall2/rfc1918 b/Shorewall2/rfc1918
index 2c6304a92..353105bf0 100644
--- a/Shorewall2/rfc1918
+++ b/Shorewall2/rfc1918
@@ -1,5 +1,5 @@
 #
-# Shorewall 2.1 -- RFC1918 File
+# Shorewall 2.2 -- RFC1918 File
 #
 # /etc/shorewall/rfc1918
 #
@@ -12,16 +12,17 @@
 #
 # Columns are:
 #
-# 	SUBNET		The subnet (host addresses also allowed as are IP
+# 	SUBNETS		A comma-separated list of subnet addresses
+			(host addresses also allowed as are IP
 #			address ranges provided that your kernel and iptables
-#			have iprange match support).
+#			have iprange match support). 
 #	TARGET		Where to send packets to/from this subnet
 #			RETURN	- let the packet be processed normally
 #			DROP	- silently drop the packet
 #			logdrop - log then drop
 #
 ###############################################################################
-#SUBNET			TARGET
+#SUBNETS		TARGET
 172.16.0.0/12		logdrop		# RFC 1918
 192.168.0.0/16		logdrop		# RFC 1918
 10.0.0.0/8		logdrop		# RFC 1918