diff --git a/ban2fail.c b/ban2fail.c
index ee544d9..ad147ce 100644
--- a/ban2fail.c
+++ b/ban2fail.c
@@ -86,7 +86,7 @@ struct Global G= {
    .version= {
       .major= 0,
       .minor= 10,
-      .patch= 1
+      .patch= 2
    }
 };
 
@@ -336,6 +336,11 @@ main(int argc, char **argv)
 
       /* List by address. Make a addr_map of LOGENTRY objects with composite counts */
       MAP_visitAllEntries(&G.logType_map, (int(*)(void*,void*))LOGTYPE_map_addr, &S.addr_map);
+
+      /* Augment list of all blocked IP's by those which currently have not match in the log files */
+      IPTABLES_fill_in_missing(&S.addr_map);
+
+      /* Count up total */
       unsigned nItems= MAP_numItems(&S.addr_map);
 
       {
@@ -357,15 +362,16 @@ main(int argc, char **argv)
              if(-1 == nAllowed)
                 flags |= WHITELIST_FLG;
 
-             if((-1 == nAllowed || e->count <= nAllowed) &&
-                (flags & BLOCKED_FLG)) {
+             if((flags & WHITELIST_FLG || e->count <= nAllowed) &&
+                (flags & BLOCKED_FLG))
+             {
 
                   flags |= UNJUST_BLOCK_FLG;
                   PTRVEC_addTail(&S.toUnblock_vec, e->addr);
              }
 
              if(!(flags & BLOCKED_FLG) &&
-                -1 != nAllowed &&
+                !(flags & WHITELIST_FLG) &&
                 e->count > nAllowed)
              {
 
diff --git a/ban2fail.h b/ban2fail.h
index fbf1015..f319f60 100644
--- a/ban2fail.h
+++ b/ban2fail.h
@@ -33,7 +33,7 @@
  * work with a much larger number.  The command line maximum
  * is something like 200K characters.
  */
-#define IPTABLES_BATCH_SZ 10
+#define IPTABLES_BATCH_SZ 100
 
 /* Where to find stuff */
 #define CONFIGFILE "/etc/ban2fail/ban2fail.cfg"
diff --git a/iptables.c b/iptables.c
index f38dc81..eb686f3 100644
--- a/iptables.c
+++ b/iptables.c
@@ -17,6 +17,7 @@
  *   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.             *
  ***************************************************************************/
 #include <assert.h>
+#include <stdlib.h>
 #include <string.h>
 #include <sys/types.h>
 #include <unistd.h>
@@ -24,6 +25,7 @@
 #include "ban2fail.h"
 #include "ez_stdio.h"
 #include "iptables.h"
+#include "logEntry.h"
 #include "map.h"
 #include "util.h"
 
@@ -47,18 +49,20 @@ initialize (void)
    static char lbuf[1024];
    static char addr[64];
    FILE *fh= ez_popen(IPTABLES " -nL INPUT 2>/dev/null", "r");
-   for(unsigned i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
+
+   unsigned i;
+   for(i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
       if(0 == i || 1 == i) continue;
       if(1 != sscanf(lbuf, "DROP all -- %63s 0.0.0.0/0", addr)) {
          eprintf("ERROR: scanning pattern");
          continue;
       }
-      MAP_addStrKey(&S.addr_map, addr, (void*)-1);
+      MAP_addStrKey(&S.addr_map, addr, strdup(addr));
    }
    ez_pclose(fh);
 
    fh= ez_popen(IP6TABLES " -nL INPUT 2>/dev/null", "r");
-   for(unsigned i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
+   for(i= 0; ez_fgets(lbuf, sizeof(lbuf)-1, fh); ++i) {
       if(0 == i || 1 == i) continue;
 
 // DROP       all      2607:5300:60:653b::  ::/0
@@ -66,7 +70,7 @@ initialize (void)
          eprintf("ERROR: scanning pattern");
          continue;
       }
-      MAP_addStrKey(&S.addr_map, addr, (void*)-1);
+      MAP_addStrKey(&S.addr_map, addr, strdup(addr));
    }
    ez_pclose(fh);
 
@@ -233,3 +237,43 @@ IPTABLES_unblock_addresses(PTRVEC *h_vec, unsigned batch_sz)
    return _control_addresses('D', h_vec, batch_sz);
 
 }
+
+static int
+fill_in_missing(char *blocked_addr, MAP *h_rtn_map)
+/**************************************************************
+ * If blocked_addr is not in h_rtn_map, create an object and
+ * place it their.
+ */
+{
+   if( MAP_findStrItem(h_rtn_map, blocked_addr)) return 0;
+
+   /* Create a new faux logentry object */
+   LOGENTRY *e;
+   LOGENTRY_addr_create(e, blocked_addr);
+   assert(e);
+
+   /* Place in the return map */
+   MAP_addStrKey(h_rtn_map, blocked_addr, e);
+
+   return 0;
+}
+
+int
+IPTABLES_fill_in_missing(MAP *h_rtn_map)
+/**************************************************************
+ * Fill in all blocked IP's which are not already in *h_map.
+ */
+{
+   if(!S.is_init)
+      initialize();
+
+   int rtn= -1;
+
+   MAP_visitAllEntries(&S.addr_map, (int(*)(void*,void*))fill_in_missing, h_rtn_map);
+
+
+
+   rtn= 0;
+abort:
+   return rtn;
+}
diff --git a/iptables.h b/iptables.h
index 58a7f9d..7219986 100644
--- a/iptables.h
+++ b/iptables.h
@@ -48,6 +48,11 @@ IPTABLES_unblock_addresses(PTRVEC *h_vec, unsigned batch_sz);
  * Unblock addresses in batches of batch_sz.
  */
 
+int
+IPTABLES_fill_in_missing(MAP *h_rtn_map);
+/**************************************************************
+ * Fill in all blocked IP's which are not already in *h_map.
+ */
 
 #ifdef __cplusplus
 }