diff --git a/Shorewall-perl/Shorewall/Chains.pm b/Shorewall-perl/Shorewall/Chains.pm
index fe7805390..6a167b2f8 100644
--- a/Shorewall-perl/Shorewall/Chains.pm
+++ b/Shorewall-perl/Shorewall/Chains.pm
@@ -1154,9 +1154,10 @@ sub log_rule_limit( $$$$$$$$ ) {
 
     my $prefix;
 
-    $limit = $globals{LOGLIMIT} unless $limit && $limit ne '-';
-
-    $predicates .= $limit;
+    unless ( $predicates =~ /-m limit / ) {
+	$limit = $globals{LOGLIMIT} unless $limit && $limit ne '-';
+	$predicates .= $limit;
+    }
 
     if ( $tag ) {
 	if ( $config{LOGTAGONLY} ) {
diff --git a/Shorewall-perl/Shorewall/Rules.pm b/Shorewall-perl/Shorewall/Rules.pm
index 3127078f7..10e52e138 100644
--- a/Shorewall-perl/Shorewall/Rules.pm
+++ b/Shorewall-perl/Shorewall/Rules.pm
@@ -977,7 +977,12 @@ sub process_rule1 ( $$$$$$$$$$ ) {
     #
     $rule = join( '', do_proto($proto, $ports, $sports), do_ratelimit( $ratelimit, $basictarget ) , do_user( $user ) , do_test( $mark , 0xFF ) );
 
-    $rule .= "-m state --state $section " if $section eq 'ESTABLISHED' || $section eq 'RELATED';
+    if ( $section eq 'ESTABLISHED' || $section eq 'RELATED' ) {
+	fatal_error "Entries in the $section SECTION of the rules file not permitted with FASTACCEPT=Yes" if $config{FASTACCEPT};
+	fatal_error "$basictarget rules are not allowed in the $section SECTION" if $actiontype & NONAT;
+	$rule .= "-m state --state $section " 
+    }
+
     #
     # Generate NAT rule(s), if any
     #