diff --git a/Shorewall/Perl/Shorewall/Config.pm b/Shorewall/Perl/Shorewall/Config.pm
index a93251c0f..01d2ffb38 100644
--- a/Shorewall/Perl/Shorewall/Config.pm
+++ b/Shorewall/Perl/Shorewall/Config.pm
@@ -623,6 +623,7 @@ our %eliminated = ( LOGRATE          => 1,
 		    LOGBURST         => 1,
 		    EXPORTPARAMS     => 1,
 		    LEGACY_FASTSTART => 1,
+		    IPSECFILE        => 1,
 		  );
 #
 # Variables involved in ?IF, ?ELSE ?ENDIF processing
@@ -763,7 +764,6 @@ sub initialize( $;$$) {
 	  MODULESDIR => undef,
 	  CONFIG_PATH => undef,
 	  RESTOREFILE => undef,
-	  IPSECFILE => undef,
 	  LOCKFILE => undef,
 	  GEOIPDIR => undef,
 	  NFACCT => undef,
@@ -6011,7 +6011,6 @@ sub get_configuration( $$$$$ ) {
     }
 
     default 'RESTOREFILE'           , 'restore';
-    default 'IPSECFILE'             , 'zones';
     default 'DROP_DEFAULT'          , 'Drop';
     default 'REJECT_DEFAULT'        , 'Reject';
     default 'QUEUE_DEFAULT'         , 'none';
@@ -6019,9 +6018,6 @@ sub get_configuration( $$$$$ ) {
     default 'ACCEPT_DEFAULT'        , 'none';
     default 'OPTIMIZE'              , 0;
 
-    fatal_error 'IPSECFILE=ipsec is not supported by Shorewall ' . $globals{VERSION} if $config{IPSECFILE} eq 'ipsec';
-    fatal_error "Invalid IPSECFILE value ($config{IPSECFILE}"                    unless $config{IPSECFILE} eq 'zones';
-
     for my $default ( qw/DROP_DEFAULT REJECT_DEFAULT QUEUE_DEFAULT NFQUEUE_DEFAULT ACCEPT_DEFAULT/ ) {
 	$config{$default} = 'none' if "\L$config{$default}" eq 'none';
     }
diff --git a/Shorewall/Samples/Universal/shorewall.conf b/Shorewall/Samples/Universal/shorewall.conf
index b60db3036..a9eb6e0db 100644
--- a/Shorewall/Samples/Universal/shorewall.conf
+++ b/Shorewall/Samples/Universal/shorewall.conf
@@ -274,11 +274,4 @@ MASK_BITS=
 
 ZONE_BITS=0
 
-################################################################################
-#                            L E G A C Y  O P T I O N
-#                      D O  N O T  D E L E T E  O R  A L T E R
-################################################################################
-
-IPSECFILE=zones
-
 #LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall/Samples/one-interface/shorewall.conf b/Shorewall/Samples/one-interface/shorewall.conf
index 8b1c16081..40e409099 100644
--- a/Shorewall/Samples/one-interface/shorewall.conf
+++ b/Shorewall/Samples/one-interface/shorewall.conf
@@ -285,11 +285,4 @@ MASK_BITS=
 
 ZONE_BITS=0
 
-################################################################################
-#                            L E G A C Y  O P T I O N
-#                      D O  N O T  D E L E T E  O R  A L T E R
-################################################################################
-
-IPSECFILE=zones
-
 #LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall/Samples/three-interfaces/shorewall.conf b/Shorewall/Samples/three-interfaces/shorewall.conf
index ab12ca302..c26a08219 100644
--- a/Shorewall/Samples/three-interfaces/shorewall.conf
+++ b/Shorewall/Samples/three-interfaces/shorewall.conf
@@ -282,11 +282,4 @@ MASK_BITS=
 
 ZONE_BITS=0
 
-################################################################################
-#                            L E G A C Y  O P T I O N
-#                      D O  N O T  D E L E T E  O R  A L T E R
-################################################################################
-
-IPSECFILE=zones
-
 #LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall/Samples/two-interfaces/shorewall.conf b/Shorewall/Samples/two-interfaces/shorewall.conf
index 1e52da00c..c63a01c00 100644
--- a/Shorewall/Samples/two-interfaces/shorewall.conf
+++ b/Shorewall/Samples/two-interfaces/shorewall.conf
@@ -285,11 +285,4 @@ MASK_BITS=
 
 ZONE_BITS=0
 
-################################################################################
-#                            L E G A C Y  O P T I O N
-#                      D O  N O T  D E L E T E  O R  A L T E R
-################################################################################
-
-IPSECFILE=zones
-
 #LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall/configfiles/shorewall.conf b/Shorewall/configfiles/shorewall.conf
index 5bf52ea44..4fef45809 100644
--- a/Shorewall/configfiles/shorewall.conf
+++ b/Shorewall/configfiles/shorewall.conf
@@ -273,10 +273,3 @@ PROVIDER_OFFSET=
 MASK_BITS=
 
 ZONE_BITS=0
-
-################################################################################
-#			     L E G A C Y  O P T I O N
-#		       D O  N O T  D E L E T E	O R  A L T E R
-################################################################################
-
-IPSECFILE=zones
diff --git a/Shorewall/manpages/shorewall.conf.xml b/Shorewall/manpages/shorewall.conf.xml
index 51b60cea3..75a01b69a 100644
--- a/Shorewall/manpages/shorewall.conf.xml
+++ b/Shorewall/manpages/shorewall.conf.xml
@@ -1168,20 +1168,6 @@ net     all  DROP   info</programlisting>then the chain name is 'net-all'
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term><emphasis role="bold">IPSECFILE=zones</emphasis></term>
-
-        <listitem>
-          <para>This option indicates that zone-related ipsec information is
-          found in the zones file (<ulink
-          url="/manpages/shorewall-zones.html">shorewall-zones</ulink>(5)).
-          The option indicates to the compiler that this is not a legacy
-          configuration where the ipsec information was contained in a
-          separate file. The value of this option must not be changed and the
-          option must not be deleted.</para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term><emphasis
         role="bold">IPSET</emphasis>=[<emphasis>pathname</emphasis>]</term>
diff --git a/Shorewall6/Samples6/Universal/shorewall6.conf b/Shorewall6/Samples6/Universal/shorewall6.conf
index 55494447f..330440051 100644
--- a/Shorewall6/Samples6/Universal/shorewall6.conf
+++ b/Shorewall6/Samples6/Universal/shorewall6.conf
@@ -248,3 +248,5 @@ PROVIDER_OFFSET=
 MASK_BITS=
 
 ZONE_BITS=0
+
+#LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall6/Samples6/one-interface/shorewall6.conf b/Shorewall6/Samples6/one-interface/shorewall6.conf
index 5683d3930..6c3a987fc 100644
--- a/Shorewall6/Samples6/one-interface/shorewall6.conf
+++ b/Shorewall6/Samples6/one-interface/shorewall6.conf
@@ -249,3 +249,5 @@ PROVIDER_OFFSET=
 MASK_BITS=
 
 ZONE_BITS=0
+
+#LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall6/Samples6/three-interfaces/shorewall6.conf b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
index 67b11501b..45b9e3bcd 100644
--- a/Shorewall6/Samples6/three-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/three-interfaces/shorewall6.conf
@@ -248,3 +248,5 @@ PROVIDER_OFFSET=
 MASK_BITS=
 
 ZONE_BITS=0
+
+#LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall6/Samples6/two-interfaces/shorewall6.conf b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
index ce017cd8a..dd83091e4 100644
--- a/Shorewall6/Samples6/two-interfaces/shorewall6.conf
+++ b/Shorewall6/Samples6/two-interfaces/shorewall6.conf
@@ -248,3 +248,5 @@ PROVIDER_OFFSET=
 MASK_BITS=
 
 ZONE_BITS=0
+
+#LAST LINE -- DO NOT REMOVE
diff --git a/Shorewall6/configfiles/shorewall6.conf b/Shorewall6/configfiles/shorewall6.conf
index 196d65649..4aaaea0b9 100644
--- a/Shorewall6/configfiles/shorewall6.conf
+++ b/Shorewall6/configfiles/shorewall6.conf
@@ -248,3 +248,5 @@ PROVIDER_OFFSET=
 MASK_BITS=
 
 ZONE_BITS=0
+
+#LAST LINE -- DO NOT REMOVE