diff --git a/firewall/config.info b/firewall/config.info
index a7291eaee..763aa32c5 100644
--- a/firewall/config.info
+++ b/firewall/config.info
@@ -11,4 +11,4 @@ after_apply_cmd=Command to run after applying configuration,3,None
 line1=System configuration,11
 save_file=IPtables save file to edit,3,Use operating system or Webmin default
 direct=Directly edit firewall rules instead of save file?,1,1-Yes,0-No
-filter_chain=Comma sepeated list of regexes to filter out chains not managed by firewall,0
+filter_chain=List of regexes to filter out chains not managed by firewall. You must activate "direct edit firewall rules" to use this feature,0
diff --git a/firewall/config.info.de b/firewall/config.info.de
index 648bb0c94..cb71f039d 100644
--- a/firewall/config.info.de
+++ b/firewall/config.info.de
@@ -11,4 +11,4 @@ after_apply_cmd=Befehle zum Anwendung der Konfiguration,3,Keiner
 line1=System Konfiguration,11
 save_file=IPtables Speicherdatei zum Bearbeiten,3,Verwendung des Betriebssystems oder Webmin Standard
 direct=Direktes Bearbeiten der Firewall-Regeln anstatt von gespeicherter Datei?,1,1-Ja,0-Nein
-filter_chain=Komma getrennte Liste von Regex zum Ausfiltern von Ketten die nicht von Firewall verwaltet werden,0
+filter_chain=Liste von RegEx zum Ausfiltern von Ketten die nicht von Firewall verwaltet werden. Die Option "Direktes Bearbeiten der Firewall-Regeln" muss aktiv sein,0
diff --git a/firewall/firewall-lib.pl b/firewall/firewall-lib.pl
index 974dcee5b..c5735ec6b 100755
--- a/firewall/firewall-lib.pl
+++ b/firewall/firewall-lib.pl
@@ -58,16 +58,13 @@ while(<FILE>) {
         local $read_comment;
         s/\r|\n//g;
         # regex to filter out chains not managed by firewall, i.e. fail2ban
-        if ($config{'filter_chain'}) {
+        if ($config{'direct'} && $config{'filter_chain'}) {
              foreach $filter (split(',', $config{'filter_chain'})) {
-                 # :chain ... -> skip line if machtes filter_chain
-                 if (/^.?:(\S+)\s+.*/) {
-                         next LINE if($1 =~ /^$filter$/);
-                    }
+                 # NOTE: keep ":chain ..." as reference to avoid error when rebuild active config
                  # -A|-I chain ... -j chain -> skip line if machtes filter_chain
                  if (/^.?-(A|I)\s+(\S+).*\s+-j\s+(.*)/) {
                          next LINE if($2 =~ /^$filter$/);
-                         next LINE if($3 =~ /^$filter$/);
+                         #next LINE if($3 =~ /^$filter$/);
                     }
                 }
             }