diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index 6660cc1f9..c2512ceae 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -740,7 +740,13 @@ sub non_firewall_zones() {
 }
 
 sub all_parent_zones() {
-   grep ( ! @{$zones{$_}{parents}} ,  @zones );
+    #
+    # Although the firewall zone is a parent zone, we let the caller decide
+    # if it is to be included or not.
+    #
+    grep ( ! ( $zones{$_}->{type} == FIREWALL ||
+	       $zones{$_}->{type} == VSERVER  ||
+	       @{$zones{$_}{parents}} ) ,  @zones );
 }
 
 sub complex_zones() {
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index e5eea2030..17e79a18d 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -1,3 +1,7 @@
+Changes in Shorewall 4.4.11.3
+
+1)  Fix duplicate rule generation with 'any'.
+
 Changes in Shorewall 4.4.11.2
 
 1)  Correct typo that caused hang after executing a stop, reset or
diff --git a/Shorewall/known_problems.txt b/Shorewall/known_problems.txt
index 764f8048d..a2d11e220 100644
--- a/Shorewall/known_problems.txt
+++ b/Shorewall/known_problems.txt
@@ -66,3 +66,7 @@
 8)  On systems running Upstart, Shorewall-init cannot reliably close
     the firewall before interfaces come up.
 
+9)  When 'any' is used in the SOURCE column of /etc/shorewall[6]/rules,
+    a duplicate rule is generated in all "fw2*" ("fw-* if
+    ZONE2ZONE="-"). If 'any' is used in the DEST column, then a
+    duplicate rule appears in all "*2fw" (*-fw) chains.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index f05b318ce..cc5d408a8 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -218,6 +218,13 @@ VI.   PROBLEMS CORRECTED AND NEW FEATURES IN PRIOR RELEASES
 I I I.  P R O B L E M S   C O R R E C T E D   I N   T H I S  R E L E A S E
 ----------------------------------------------------------------------------
 
+4.4.11.3
+
+1)  When 'any' was used in the rules SOURCE column, a duplicate rule
+    was generated in all "fw2*" ("fw-* if ZONE2ZONE="-"). If 'any' was
+    used in the DEST column, then a duplicate rule appeared in all "*2fw"
+    (*-fw) chains.
+
 4.4.11.2
 
 1)  A typo in /sbin/shorewall6-lite version 4.4.11.1 caused the