diff --git a/Shorewall-perl/Shorewall/Hosts.pm b/Shorewall-perl/Shorewall/Hosts.pm
index efefcbb7d..447bcf70c 100644
--- a/Shorewall-perl/Shorewall/Hosts.pm
+++ b/Shorewall-perl/Shorewall/Hosts.pm
@@ -125,11 +125,11 @@ sub validate_hosts_file()
 	progress_message "   Host \"$line\" validated";
     }
 
-    $capabilities{POLICY_MATCH} = '' unless $ipsec or $zones{ipsec};
+    $capabilities{POLICY_MATCH} = '' unless $ipsec || ipseczones;
 }
 #
 # Returns a reference to a array of host entries. Each entry is a
-# reference to an array containing ( interface , group type {ipsec|none} , network );
+# reference to an array containing ( interface , polciy match type {ipsec|none} , network );
 #
 sub find_hosts_by_option( $ ) {
     my $option = $_[0];
@@ -141,7 +141,7 @@ sub find_hosts_by_option( $ ) {
 		for my $host ( @{$arrayref} ) {
 		    if ( $host->{options}{$option} ) {
 			for my $net ( @{$host->{hosts}} ) {
-			    push @hosts, [ $interface, $type eq 'ipsec4' ? 'ipsec' : 'none' , $net ];
+			    push @hosts, [ $interface, $host->{ipsec} , $net ];
 			}
 		    }
 		}
diff --git a/Shorewall-perl/Shorewall/Zones.pm b/Shorewall-perl/Shorewall/Zones.pm
index 3d9608600..e14beb6a4 100644
--- a/Shorewall-perl/Shorewall/Zones.pm
+++ b/Shorewall-perl/Shorewall/Zones.pm
@@ -39,6 +39,7 @@ our @EXPORT = qw( NOTHING
 		  determine_zones
 		  zone_report
 		  dump_zone_contents
+		  ipseczones
 
 		  @zones
 		  %zones
@@ -282,6 +283,17 @@ sub determine_zones()
     }
 }
 
+#
+# Return true of we have any ipsec zones
+#
+sub ipseczones() {
+    for my $zoneref ( values %zones ) {
+	return 1 if $zoneref->{type} eq 'ipsec4';
+    }
+
+    0;
+}
+
 #
 # Report about zones.
 #