diff --git a/Shorewall/Perl/Shorewall/Accounting.pm b/Shorewall/Perl/Shorewall/Accounting.pm
index 960d42adf..32efb166e 100644
--- a/Shorewall/Perl/Shorewall/Accounting.pm
+++ b/Shorewall/Perl/Shorewall/Accounting.pm
@@ -103,11 +103,14 @@ sub process_accounting_rule( ) {
 	if ( $action eq 'DONE' ) {
 	    $target = 'RETURN';
 	} elsif ( $action =~ /^ACCOUNT\((.+)\)$/ ) {
-	    my ( $table, $net ) = split/,/, $1;
 	    require_capability 'ACCOUNT_TARGET' , 'ACCOUNT Rules' , '';
-	    fatal_error "Invalid or Missing Table Name ($table)" unless $table =~ /^([-\w.]+)$/;
-	    fatal_error "Invalid Network Address" unless $net =~ '/(\d+)$';
-	    fatal_error "Netmask ($1) out of range" unless $1 >= 8;
+	    my ( $table, $net, $rest ) = split/,/, $1;
+	    fatal_error "Invalid Network Address (${net}${rest})" if defined $rest;
+	    fatal_error "Missing Table Name"             unless defined $table && $table ne '';;
+	    fatal_error "Invalid Table Name ($table)"    unless $table =~ /^([-\w.]+)$/;
+	    fatal_error "Missing Network Address"        unless defined $net;
+	    fatal_error "Invalid Network Address ($net)" unless defined $net   && $net =~ '/(\d+)$';
+	    fatal_error "Netmask ($1) out of range"      unless $1 >= 8;
 	    validate_net $net, 0;
 	    $target = "ACCOUNT --addr $net --tname $table";
 	} else {
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 139f27047..a7b2e5a3f 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -4,6 +4,8 @@ Changes in Shorewall 4.4.17 RC 1
 
 2)  Ensure that manual and accounting chains aren't too long.
 
+3)  Tighten up the editing of ACCOUNT(...).
+
 Changes in Shorewall 4.4.17 Beta 3
 
 1)  Allow run-time address variables in the masq file.