diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index bf5a245a7..a35c6ab8c 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -1589,7 +1589,7 @@ sub process_rule ( ) {
 	if ( $anydest ) {
 	    @dest = ( all_parent_zones );
 	} else {
-	    @dest = ( non_firewall_zones, vserver_zones )
+	    @dest = ( non_firewall_zones )
 	}
 
 	unshift @dest, firewall_zone if $includedstfw;
@@ -1841,7 +1841,7 @@ sub generate_matrix() {
     my $preroutingref = ensure_chain 'nat', 'dnat';
     my $fw = firewall_zone;
     my $notrackref = $raw_table->{notrack_chain $fw};
-    my @zones = non_firewall_zones;
+    my @zones = off_firewall_zones;
     my @vservers = vserver_zones;
     my $interface_jumps_added = 0;
     our %input_jump_added   = ();
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 1eaeea4c3..894b02b1c 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -54,6 +54,7 @@ our @EXPORT = qw( NOTHING
 		  all_parent_zones
 		  complex_zones
 		  vserver_zones
+		  off_firewall_zones
 		  non_firewall_zones
 		  single_interface
 		  chain_base
@@ -730,10 +731,14 @@ sub all_zones() {
     @zones;
 }
 
-sub non_firewall_zones() {
+sub off_firewall_zones() {
    grep ( ! ( $zones{$_}{type} == FIREWALL || $zones{$_}{type} == VSERVER )  ,  @zones );
 }
 
+sub non_firewall_zones() {
+   grep (  $zones{$_}{type} != FIREWALL  ,  @zones );
+}
+
 sub all_parent_zones() {
    grep ( ! @{$zones{$_}{parents}} ,  @zones );
 }