Issue a warning when a rule will be optimized away due to 'destonly'.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Rules.pm

@@ -2376,8 +2376,17 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 	#
 	# If we are processing an inline action, we need the source zone for NAT.
 	#
-	$sourceref = find_zone( $chainref->{sourcezone} ) if $chainref->{sourcezone}; 
+	if ( $chainref->{sourcezone} ) { 
+	    $sourceref = find_zone( $chainref->{sourcezone} );
+	    unless ( $wildcard ) {
+		warning_message "The SOURCE in this rule is 'destonly'" if $sourceref->{destonly} && ! $sourceref->{complex};
+	    }
+	}
     } else {
+	unless ( $wildcard ) {
+	    warning_message "The SOURCE zone in this rule is 'destonly'" if $sourceref->{destonly} && ! $sourceref->{complex};
+	}
+
 	unless ( $actiontype & NATONLY ) {
 	    #
 	    # Check for illegal bridge port rule

Shorewall/Perl/Shorewall/Zones.pm

@@ -747,8 +747,11 @@ sub add_group_to_zone($$$$$)
     my $zoneref  = $zones{$zone};
     my $zonetype = $zoneref->{type};
 
-
+    $interfaceref = $interfaces{$interface};
     $zoneref->{interfaces}{$interface} = 1;
+    $zoneref->{destonly} ||= $interfaceref->{options}{destonly};
+
+    $interfaceref->{zones}{$zone} = 1;
 
     my @newnetworks;
     my @exclusions = ();
@@ -757,10 +760,6 @@ sub add_group_to_zone($$$$$)
     my $allip    = 0;
 
     for my $host ( @$networks ) {
-	$interfaceref = $interfaces{$interface};
-
-	$interfaceref->{zones}{$zone} = 1;
-
 	$interfaceref->{nets}++;
 
 	fatal_error "Invalid Host List" unless supplied $host;