diff --git a/Shorewall-common/lib.cli b/Shorewall-common/lib.cli
index c8c3f7ae6..ce0ba3efc 100644
--- a/Shorewall-common/lib.cli
+++ b/Shorewall-common/lib.cli
@@ -611,6 +611,10 @@ dump_command() {
 			    IPT_OPTIONS="-xnv"
 			    option=${option#x}
 			    ;;
+			m*)
+			    SHOWMACS=Yes
+			    option=${option#m}
+			    ;;
 			*)
 			    usage 1
 			    ;;
diff --git a/Shorewall-common/lib.dynamiczones b/Shorewall-common/lib.dynamiczones
index 8ca85ce73..7785a610f 100644
--- a/Shorewall-common/lib.dynamiczones
+++ b/Shorewall-common/lib.dynamiczones
@@ -401,11 +401,11 @@ delete_from_zone() # $1 = <interface>[:<hosts>] $2 = zone
 			hosts=${h#*:}
 
 			if [ "$iface" != "$interface" -o "$hosts" != "$host" ]; then
-				if is_ipsec_host $z1 $h; then
-				    qt_iptables -D ${z1}_dyn -o $interface $(match_dest_hosts $host) $(match_ipsec_out $z2 $delhost) -j $chain
-				else
-				    qt_iptables -D $(dynamic_fwd $iface) $(match_source_hosts $hosts) -o $interface $(match_dest_hosts $host)  $(match_ipsec_out $z2 $delhost) -j $chain
-				fi
+			    if is_ipsec_host $z1 $h; then
+				qt_iptables -D ${z1}_dyn -o $interface $(match_dest_hosts $host) $(match_ipsec_out $z2 $delhost) -j $chain
+			    else
+				qt_iptables -D $(dynamic_fwd $iface) $(match_source_hosts $hosts) -o $interface $(match_dest_hosts $host)  $(match_ipsec_out $z2 $delhost) -j $chain
+			    fi
 			fi
 		    done
 		fi