diff --git a/Shorewall/firewall b/Shorewall/firewall
index 9be318390..7a513b42c 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -5265,12 +5265,19 @@ process_rule() # $1 = target
     excludesource=
 
     case $clients in
+	*!*!*)
+	    fatal_error "Invalid SOURCE in rule \"$rule\""
+	    ;;
 	!*)
 	    if [ $(list_count $clients) -gt 1 ]; then
 		excludesource=${clients#!}
 		clients=
 	    fi
 	    ;;
+	*!*)
+	    excludesource=${clients#*!}
+	    clients=${clients%!*}
+	    ;;
     esac
     
     validate_zone $clientzone || fatal_error "Undefined Client Zone in rule \"$rule\""
@@ -5316,12 +5323,19 @@ process_rule() # $1 = target
     excludedest=
 
     case $servers in
+	*!*!*)
+	    fatal_error "Invalid DEST in rule \"$rule\""
+	    ;;
 	!*)
 	    if [ $(list_count $servers) -gt 1 ]; then
 		excludedest=${servers#*!}
 		servers=
 	    fi
 	    ;;
+	*!*)
+	    excludedest=${servers#*!}
+	    servers=${servers%!*}
+	    ;;
     esac
     
     if ! validate_zone $serverzone; then