From 2fb01bec8d9381247a9220f648de10edf1b44804 Mon Sep 17 00:00:00 2001
From: Tom Eastep <teastep@shorewall.net>
Date: Sun, 12 May 2013 09:58:37 -0700
Subject: [PATCH] Don't assume 'destonly' with 'local'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>
---
 Shorewall/Perl/Shorewall/Misc.pm  | 2 +-
 Shorewall/Perl/Shorewall/Zones.pm | 2 --
 2 files changed, 1 insertion(+), 3 deletions(-)

diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index 7e6ab13d7..ca226e530 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -2168,7 +2168,7 @@ sub generate_matrix() {
 			    #
 			    # FORWARDING Jump for non-IPSEC host group
 			    #
-			    add_forward_jump( $zone, $interface, $hostref, $net, $exclusions, $frwd_ref, $isport, $bridge ) if $frwd_ref && $hostref->{ipsec} ne 'ipsec';
+			    add_forward_jump( $zone, $interface, $hostref, $net, $exclusions, $frwd_ref, $isport, $bridge ) if $frwd_ref && ( $hostref->{ipsec} ne 'ipsec' && ! $hostref->{options}{local} );
 			}
 		    } # Subnet Loop
 		} # Hostref Loop
diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index d73acf828..f7dbedf39 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -1270,8 +1270,6 @@ sub process_interface( $$ ) {
 	$options{ignore} ||= 0;
     }
 
-    $hostoptionsref->{destonly} = 1 if $hostoptionsref->{local};
-
     $physical{$physical} = $interfaces{$interface} = { name       => $interface ,
 						       bridge     => $bridge ,
 						       filter     => $filterref ,