diff --git a/scripts/base/frameworks/netcontrol/plugins/debug.zeek b/scripts/base/frameworks/netcontrol/plugins/debug.zeek
index 8d9e7c700a..66cda5a056 100644
--- a/scripts/base/frameworks/netcontrol/plugins/debug.zeek
+++ b/scripts/base/frameworks/netcontrol/plugins/debug.zeek
@@ -12,7 +12,21 @@ export {
 	##
 	## do_something: If true, the plugin will claim it supports all operations; if
 	##               false, it will indicate it doesn't support any.
+	##
+	## name: Optional name that for the plugin.
 	global create_debug: function(do_something: bool, name: string &default="") : PluginState;
+
+	## Instantiates a debug plugin for the NetControl framework. This variation
+	## of the plugin will return "exists" to any rule operations.
+	##
+	## name: Name of this plugin.
+	global create_debug_exists: function(name: string) : PluginState;
+
+	## Instantiates a debug plugin for the NetControl framework. This variation
+	## of the plugin will return "error" to any rule operations.
+	##
+	## name: Name of this plugin.
+	global create_debug_error: function(name: string) : PluginState;
 }
 
 function do_something(p: PluginState) : bool
@@ -55,6 +69,34 @@ function debug_add_rule(p: PluginState, r: Rule) : bool
 	return F;
 	}
 
+function debug_add_rule_exists(p: PluginState, r: Rule) : bool
+	{
+	local s = fmt("add_rule_exists: %s", r);
+	debug_log(p, s);
+
+	if ( do_something(p) )
+		{
+		event NetControl::rule_exists(r, p);
+		return T;
+		}
+
+	return F;
+	}
+
+function debug_add_rule_error(p: PluginState, r: Rule) : bool
+	{
+	local s = fmt("add_rule_error: %s", r);
+	debug_log(p, s);
+
+	if ( do_something(p) )
+		{
+		event NetControl::rule_error(r, p, "debug error");
+		return T;
+		}
+
+	return F;
+	}
+
 function debug_remove_rule(p: PluginState, r: Rule, reason: string) : bool
 	{
 	local s = fmt("remove_rule (%s): %s", reason, r);
@@ -87,3 +129,21 @@ function create_debug(do_something: bool, name: string) : PluginState
 
 	return p;
 	}
+
+function create_debug_error(name: string) : PluginState
+	{
+	local p: PluginState = copy([$plugin=debug_plugin]);
+	p$config["name"] = name;
+	p$config["all"] = "1";
+	p$plugin$add_rule = debug_add_rule_error;
+	return p;
+	}
+
+function create_debug_exists(name: string) : PluginState
+	{
+	local p: PluginState = copy([$plugin=debug_plugin]);
+	p$config["name"] = name;
+	p$config["all"] = "1";
+	p$plugin$add_rule = debug_add_rule_exists;
+	return p;
+	}
diff --git a/scripts/policy/frameworks/netcontrol/catch-and-release.zeek b/scripts/policy/frameworks/netcontrol/catch-and-release.zeek
index f0e1008a78..fdbb7a99bd 100644
--- a/scripts/policy/frameworks/netcontrol/catch-and-release.zeek
+++ b/scripts/policy/frameworks/netcontrol/catch-and-release.zeek
@@ -73,6 +73,8 @@ export {
 		location: string &log &optional;
 		## Additional informational string by the catch and release framework about this log-line.
 		message: string &log &optional;
+		## Plugin triggering the log entry.
+		plugin: string		&log &optional;
 	};
 
 	## Stops all packets involving an IP address from being forwarded. This function
@@ -270,11 +272,40 @@ event rule_added(r: Rule, p: PluginState, msg: string)
 	local bi = blocks[ip];
 
 	local log = populate_log_record(ip, bi, DROPPED);
+	log$plugin = p$plugin$name(p);
 	if ( msg != "" )
 		log$message = msg;
 	Log::write(CATCH_RELEASE, log);
 	}
 
+event rule_exists(r: Rule, p: PluginState, msg: string)
+	{
+	if ( !cr_check_rule(r) )
+		return;
+
+	local ip = subnet_to_addr(r$entity$ip);
+	local bi = blocks[ip];
+
+	local log = populate_log_record(ip, bi, INFO);
+	log$plugin = p$plugin$name(p);
+	local infomsg = "Existing rule encountered while inserting rule";
+	log$message = msg + infomsg;
+	print p;
+	Log::write(CATCH_RELEASE, log);
+	}
+
+event rule_error(r: Rule, p: PluginState, msg: string)
+	{
+	if ( !cr_check_rule(r) )
+		return;
+
+	local ip = subnet_to_addr(r$entity$ip);
+	local bi = blocks[ip];
+
+	local log = populate_log_record(ip, bi, INFO);
+	log$message = "Error occurred during rule operation: " + msg;
+	Log::write(CATCH_RELEASE, log);
+	}
 
 event rule_timeout(r: Rule, i: FlowInfo, p: PluginState)
 	{
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log
index d89f95953a..bb48462316 100644
--- a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-2/netcontrol_catch_release.log
@@ -5,12 +5,12 @@
 #unset_field	-
 #path	netcontrol_catch_release
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message
-#types	time	string	addr	enum	interval	interval	time	time	count	string	string
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::ADDED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::ADDED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	Address already blocked outside of catch-and-release. Catch and release will monitor and only actively block if it appears in network traffic.	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	-	XXXXXXXXXX.XXXXXX	1	test drop	-	Debug-All
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	test drop	-	Debug-All
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	test drop	-	Debug-All
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log
index 5a9e366e16..1207875b1a 100644
--- a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-forgotten/netcontrol_catch_release.log
@@ -5,10 +5,10 @@
 #unset_field	-
 #path	netcontrol_catch_release
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message
-#types	time	string	addr	enum	interval	interval	time	time	count	string	string
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROP_REQUESTED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROPPED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::UNBLOCK	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::FORGOTTEN	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROP_REQUESTED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::DROPPED	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::UNBLOCK	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	10.0.0.1	NetControl::FORGOTTEN	1.000000	2.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log
new file mode 100644
index 0000000000..d5e910f497
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol.log
@@ -0,0 +1,49 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	exists
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	exists
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	error
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	error
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	exists
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	error
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	exists
+XXXXXXXXXX.XXXXXX	2	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	600.000000	-	error
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	600.000000	-	-
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	3	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	3600.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	3600.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	4	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	86400.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	86400.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	5	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	6	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::EXISTS	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	exists
+XXXXXXXXXX.XXXXXX	7	NetControl::ERROR	-	-	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	debug error	0	604800.000000	Re-drop by catch-and-release: 	error
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log
new file mode 100644
index 0000000000..ebe097d1fd
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins-2/netcontrol_catch_release.log
@@ -0,0 +1,35 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol_catch_release
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Error occurred during rule operation: debug error	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::INFO	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::INFO	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	Error occurred during rule operation: debug error	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::INFO	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::INFO	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	Error occurred during rule operation: debug error	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	-
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	Error occurred during rule operation: debug error	-
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	-
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	Error occurred during rule operation: debug error	-
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	-
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	Existing rule encountered while inserting rule	exists
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::INFO	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	Error occurred during rule operation: debug error	-
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	plugin-1
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log
new file mode 100644
index 0000000000..9e0843362f
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol.log
@@ -0,0 +1,35 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-1
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activating plugin with priority 0	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	activation finished	-	-	-	plugin-2
+0.000000	-	NetControl::MESSAGE	-	-	-	-	-	-	-	plugin initialization done	-	-	-	-
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	600.000000	-	plugin-2
+XXXXXXXXXX.XXXXXX	2	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	600.000000	-	-
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	3600.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	3	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	3600.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	86400.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	4	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	86400.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	5	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	6	NetControl::RULE	-	NetControl::REMOVED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	delete_rule: testing	0	604800.000000	Re-drop by catch-and-release: 	-
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::REQUESTED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-1
+XXXXXXXXXX.XXXXXX	7	NetControl::RULE	ADD	NetControl::SUCCEEDED	NetControl::DROP	NetControl::FORWARD	NetControl::ADDRESS	192.168.18.50/32	-	-	0	604800.000000	Re-drop by catch-and-release: 	plugin-2
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log
new file mode 100644
index 0000000000..79767e81ae
--- /dev/null
+++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release-two-plugins/netcontrol_catch_release.log
@@ -0,0 +1,29 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	netcontrol_catch_release
+#open XXXX-XX-XX-XX-XX-XX
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	-
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	-
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	plugin-2
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	-
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	plugin-1
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	plugin-2
+#close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log
index 3e6f6b6826..662a9965e7 100644
--- a/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log
+++ b/testing/btest/Baseline/scripts.policy.frameworks.netcontrol.catch-and-release/netcontrol_catch_release.log
@@ -5,19 +5,19 @@
 #unset_field	-
 #path	netcontrol_catch_release
 #open XXXX-XX-XX-XX-XX-XX
-#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message
-#types	time	string	addr	enum	interval	interval	time	time	count	string	string
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate
-XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-
-XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-
-XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-
-XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-
-XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-
-XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-
-XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-
-XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-
-XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-
+#fields	ts	rule_id	ip	action	block_interval	watch_interval	blocked_until	watched_until	num_blocked	location	message	plugin
+#types	time	string	addr	enum	interval	interval	time	time	count	string	string	string
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROP_REQUESTED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::INFO	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	Already blocked using catch-and-release - ignoring duplicate	-
+XXXXXXXXXX.XXXXXX	2	192.168.18.50	NetControl::DROPPED	600.000000	3600.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	1	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::SEEN_AGAIN	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	-
+XXXXXXXXXX.XXXXXX	3	192.168.18.50	NetControl::DROPPED	3600.000000	86400.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	2	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::SEEN_AGAIN	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	-
+XXXXXXXXXX.XXXXXX	4	192.168.18.50	NetControl::DROPPED	86400.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	3	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	-
+XXXXXXXXXX.XXXXXX	5	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	4	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	-
+XXXXXXXXXX.XXXXXX	6	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	5	-	-	Debug-All
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::SEEN_AGAIN	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	-
+XXXXXXXXXX.XXXXXX	7	192.168.18.50	NetControl::DROPPED	604800.000000	604800.000000	XXXXXXXXXX.XXXXXX	XXXXXXXXXX.XXXXXX	6	-	-	Debug-All
 #close XXXX-XX-XX-XX-XX-XX
diff --git a/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek
new file mode 100644
index 0000000000..5b2fe6c5a0
--- /dev/null
+++ b/testing/btest/scripts/policy/frameworks/netcontrol/catch-and-release-two-plugins.zeek
@@ -0,0 +1,77 @@
+# @TEST-EXEC: zeek -b -r $TRACES/tls/ecdhe.pcap %INPUT
+# @TEST-EXEC: TEST_DIFF_CANONIFIER='grep -v ^# | $SCRIPTS/diff-remove-timestamps' btest-diff netcontrol.log
+# @TEST-EXEC: btest-diff netcontrol_catch_release.log
+
+@load base/frameworks/netcontrol
+@load policy/frameworks/netcontrol/catch-and-release
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
+	local netcontrol_debug_two = NetControl::create_debug(T, "plugin-2");
+	NetControl::activate(netcontrol_debug, 0);
+	NetControl::activate(netcontrol_debug_two, 0);
+	}
+
+global i: count = 0;
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::drop_address_catch_release(id$orig_h);
+	# second one should be ignored because duplicate
+	NetControl::drop_address_catch_release(id$orig_h);
+	}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	if ( p$plugin$name(p) == "plugin-1" )
+		return;
+
+	if ( ++i >= 6 )
+		return;
+
+	# delete directly, without notifying anything.
+	NetControl::delete_rule(r$id, "testing");
+	NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
+	}
+
+
+@TEST-START-NEXT
+
+@load base/frameworks/netcontrol
+@load policy/frameworks/netcontrol/catch-and-release
+
+event NetControl::init()
+	{
+	local netcontrol_debug = NetControl::create_debug(T, "plugin-1");
+	local netcontrol_debug_two = NetControl::create_debug_exists("exists");
+	local netcontrol_debug_error = NetControl::create_debug_error("error");
+	NetControl::activate(netcontrol_debug_two, 0);
+	NetControl::activate(netcontrol_debug_error, 0);
+	NetControl::activate(netcontrol_debug, 0);
+	}
+
+global i: count = 0;
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	NetControl::drop_address_catch_release(id$orig_h);
+	# second one should be ignored because duplicate
+	NetControl::drop_address_catch_release(id$orig_h);
+	}
+
+event NetControl::rule_added(r: NetControl::Rule, p: NetControl::PluginState, msg: string)
+	{
+	if ( p$plugin$name(p) != "plugin-1" )
+		return;
+
+	if ( ++i >= 6 )
+		return;
+
+	# delete directly, without notifying anything.
+	NetControl::delete_rule(r$id, "testing");
+	NetControl::catch_release_seen(subnet_to_addr(r$entity$ip));
+	}
+