diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index ed3167534..f068006ab 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -2816,7 +2816,7 @@ sub expand_rule( $$$$$$$$$$;$ )
 					       'add',
 					       '' );
 
-				add_rule( $chainref, $target );
+				add_rule( $chainref, $exceptionrule . $target );
 			    } else {
 				log_rule_limit( 
 					       $loglevel ,
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index e9b3f2726..c7771ed23 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -2,6 +2,8 @@ Changes in Shorewall 4.4.0
 
 1)  Fix 'compile ... -' so that it no longer requires '-v-1'
 
+2)  Fix rule generation for logging nat rules with no exclusion.
+
 Changes in Shorewall 4.4.0-RC2
 
 1)  Fix capabilities file with Shorewall6.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index d8d90b6e5..517542d5e 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -133,7 +133,12 @@ None.
                 N E W   F E A T U R E S   I N   4 . 4 . 0
 ----------------------------------------------------------------------------
 
-None.
+1)  Perviously, a nat rule (DNAT, REDIRECT, etc.) with logging
+    specified could cause invalid iptables input to be generated.
+
+    Example of rule:
+
+    	    REDIRECT:ULOG   wall    82      tcp     80
 
 ----------------------------------------------------------------------------
                  N E W   F E A T U R E S   IN   4 . 4