From 2f58d4e368a890e91452f8edaddefdb31874f1c8 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Mon, 6 Jul 2020 09:06:03 -0700
Subject: [PATCH] Don't create a zone forwarding chain for local zones

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Misc.pm  | 11 +++++++----
 Shorewall/Perl/Shorewall/Rules.pm |  3 +--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 87b804ae6..87e02e6ba 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -2288,10 +2288,13 @@ sub generate_matrix() {
     #
     for my $zone ( @zones ) {
 	my $zoneref = find_zone( $zone );
-	if ( @zones > 2 || $zoneref->{complex} ) {
-	    handle_complex_zone( $zone, $zoneref );
-	} else {
-	    new_standard_chain zone_forward_chain( $zone ) if @zones > 1;
+
+	unless ( $zoneref->{type} == LOCAL ) {
+	    if ( @zones > 2 || $zoneref->{complex} ) {
+		handle_complex_zone( $zone, $zoneref );
+	    } else {
+		new_standard_chain zone_forward_chain( $zone ) if @zones > 1;
+	    }
 	}
     }
     #
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index a321a2e54..208379ccb 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -3986,9 +3986,8 @@ sub process_rules() {
     #
     for my $zone ( @zones ) {
 	my $zoneref = find_zone( $zone );
-	my $simple  =  @zones <= 2 && ! $zoneref->{complex};
 
-	unless ( @zones <= 2 && ! $zoneref->{complex} ) {
+	unless ( $zoneref->{type} == LOCAL || ( @zones <= 2 && ! $zoneref->{complex} ) ) {
 	    #
 	    # Complex zone or we have more than one non-firewall zone -- create a zone forwarding chain
 	    #