diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index ccd24caaa..ca9e7ed39 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -3392,7 +3392,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 	#
 	# We have non-trivial exclusion -- need to create an exclusion chain
 	#
-	fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN';
+	fatal_error "Exclusion is not possible in ACCEPT+/CONTINUE/NONAT rules" if $disposition eq 'RETURN' || $disposition eq 'CONTINUE';
 
 	#
 	# Create the Exclusion Chain
diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt
index 5dd22cdaf..8bc3d85d8 100644
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@@ -30,3 +30,8 @@
     ignored when generating iptables (ip6tables) rules.
 
     Corrected in Shorewall 4.4.12.2.
+
+8)  Shorewall allows CONTINUE rules with exclusion. These rules
+    generate valid but incorrect iptables (ip6tables) input.
+
+    Corrected in Shorewall 4.4.12.2 -- these rules are now disallowed.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 8b09381ce..597adeec6 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -226,10 +226,14 @@ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 
 4.4.12.2
 
-1)  The fix for COMMENT and OPTIMIZE 8-15 in 4.4.12.1 missed one case
+1)  Earlier releases allowed CONTINUE rules with exclusion. These rules
+    generated valid but incorrect iptables (ip6tables) input. Such
+    rules are now disallowed.
+
+2)  The fix for COMMENT and OPTIMIZE 8-15 in 4.4.12.1 missed one case
     which has mpe been corrected.
 
-2)  Previously, exclusion in the blacklist file was correctly validated
+3)  Previously, exclusion in the blacklist file was correctly validated
     but was then ignored when generating iptables (ip6tables) rules.
 
 4.4.12.1
@@ -251,13 +255,8 @@ I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 5)  Previously, the interface option combination of 'optional' and
     'upnpclient' did not work correctly.
 
-6)  Earlier releases allowed CONTINUE rules with exclusion. These rules 
-    generated valid but incorrect iptables (ip6tables) input. Such
-    rules are now disallowed.
-
 4.4.12
 
-
 1)  Previously, the Shorewall6-lite version of shorecap was using
     iptables rather than ip6tables, with the result that many capabilities
     that are only available in IPv4 were being reported as available.