diff --git a/Makefile b/Makefile
index dceb860743251042c8d8a66691c36b0ea2a397dc..784e9a7ac85058671e648b6125bd1ef359bca1bf 100644
--- a/Makefile
+++ b/Makefile
@@ -306,7 +306,7 @@ MOD_SUBDIRS_MENUSELECT_TREE:=$(MOD_SUBDIRS:%=%-menuselect-tree)
 ifneq ($(findstring darwin,$(OSARCH)),)
   _ASTCFLAGS+=-D__Darwin__
   SOLINK=-bundle -Xlinker -macosx_version_min -Xlinker 10.4 -Xlinker -undefined -Xlinker dynamic_lookup -force_flat_namespace /usr/lib/bundle1.o
-  _ASTLDFLAGS+= /usr/lib/bundle1.o -L/usr/local/lib
+  _ASTLDFLAGS+=  -L/usr/local/lib
 else
 # These are used for all but Darwin
   SOLINK=-shared
diff --git a/channels/chan_sip.c b/channels/chan_sip.c
index c1d5adefaa32ade441534a356d9169d5b7356f74..092d82f78632ac458ba53e5f02870125b4bceff5 100644
--- a/channels/chan_sip.c
+++ b/channels/chan_sip.c
@@ -696,6 +696,7 @@ enum xmittype {
 
 /*! \brief Results from the parse_register() function */
 enum parse_register_result {
+	PARSE_REGISTER_DENIED,
 	PARSE_REGISTER_FAILED,
 	PARSE_REGISTER_UPDATE,
 	PARSE_REGISTER_QUERY,
@@ -12757,10 +12758,10 @@ static enum parse_register_result parse_register_contact(struct sip_pvt *pvt, st
 	memcpy(&testsin.sin_addr, hp->h_addr, sizeof(testsin.sin_addr));
 	if (ast_apply_ha(sip_cfg.contact_ha, &testsin) != AST_SENSE_ALLOW ||
 			ast_apply_ha(peer->contactha, &testsin) != AST_SENSE_ALLOW) {
-		ast_log(LOG_WARNING, "Host '%s' disallowed by rule\n", host);
+		ast_log(LOG_WARNING, "Host '%s' disallowed by contact ACL (violating IP %s)\n", host, ast_inet_ntoa(testsin.sin_addr));
 		ast_string_field_set(peer, fullcontact, "");
 		ast_string_field_set(pvt, our_contact, "");
-		return PARSE_REGISTER_FAILED;
+		return PARSE_REGISTER_DENIED;
 	}
 
 	/*! \todo This could come before the checking of DNS earlier on, to avoid
@@ -13436,6 +13437,12 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 					/* We have a successful registration attempt with proper authentication,
 				   	now, update the peer */
 					switch (parse_register_contact(p, peer, req)) {
+					case PARSE_REGISTER_DENIED:
+						ast_log(LOG_WARNING, "Registration denied because of contact ACL\n");
+						transmit_response_with_date(p, "603 Denied", req);
+						peer->lastmsgssent = -1;
+						res = 0;
+						break;
 					case PARSE_REGISTER_FAILED:
 						ast_log(LOG_WARNING, "Failed to parse contact info\n");
 						transmit_response_with_date(p, "400 Bad Request", req);
@@ -13476,6 +13483,12 @@ static enum check_auth_result register_verify(struct sip_pvt *p, struct sockaddr
 			if (sip_cancel_destroy(p))
 				ast_log(LOG_WARNING, "Unable to cancel SIP destruction.  Expect bad things.\n");
 			switch (parse_register_contact(p, peer, req)) {
+			case PARSE_REGISTER_DENIED:
+				ast_log(LOG_WARNING, "Registration denied because of contact ACL\n");
+				transmit_response_with_date(p, "403 Forbidden (ACL)", req);
+				peer->lastmsgssent = -1;
+				res = 0;
+				break;
 			case PARSE_REGISTER_FAILED:
 				ast_log(LOG_WARNING, "Failed to parse contact info\n");
 				transmit_response_with_date(p, "400 Bad Request", req);