diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index c4d7eaa73..d24895fa4 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -9,6 +9,8 @@ Changes in 2.5.3
 
 4) Allow exclusion lists in actions.
 
+5) Make intra-zone policies more rational.
+
 Changes in 2.5.2
 
 1) Allow port lists in /etc/sorewall/accounting.
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 751f30f72..f5f01e371 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -1480,7 +1480,11 @@ validate_policy()
 	chain=${client}2${server}
 
 	if is_policy_chain $chain ; then
-	    startup_error "Duplicate policy: $client $server $policy"
+	    if eval test \$${chain}_is_optional = Yes ; then
+		eval ${chain}_is_optional=
+	    else
+		startup_error "Duplicate policy: $client $server $policy"
+	    fi
 	fi
 
 	[ "x$loglevel"  = "x-" ] && loglevel=
diff --git a/Shorewall/policy b/Shorewall/policy
index 2eaecd34c..450104e77 100644
--- a/Shorewall/policy
+++ b/Shorewall/policy
@@ -13,8 +13,10 @@
 #	                INTRA-ZONE POLICIES ARE PRE-DEFINED
 #
 #	For $FW and for all of the zoned defined in /etc/shorewall/zones,
-#	the POLICY for connections from the zone to itself is ACCEPT and may
-#	not be modified by entries in this file. 
+#	the POLICY for connections from the zone to itself is ACCEPT (with no
+#	logging or TCP connection rate limiting but may be overridden by an
+#	entry in this file. The overriding entry must be explicit (cannot use
+#	"all" in the SOURCE or DEST).
 #
 # Columns are:
 #
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index b1df55613..ef136d270 100755
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -17,6 +17,26 @@ New Features in Shorewall 2.5.3
     scripts. The value of this variable is sometimes of interest to
     programmers providing custom /etc/shorewall/tcstart scripts.
 
+4)  Previously, if you defined any intra-zone rule(s) then any traffic
+    not matching the rule(s) was subject to normal policies (which
+    usually turned out to involve the all->all REJECT policy). Now, the
+    intra-zone ACCEPT policy will still be in effect in the presense of
+    intra-zone rules. That policy can still be overridden by an
+    explicit policy in your /etc/shorewall/policy file.
+
+    Example:
+
+    /etc/shorewall/rules:
+
+    DNAT	fw	 loc:192.168.1.4:3128	tcp	80
+
+    Any other fw->fw traffic will still be accepted. If you want to
+    also log that fw->fw traffic at the info log level then add this to
+    /etc/shorewall/policy:
+
+    #SOURCE	DEST	POLICY	LOG LEVEL
+    fw		fw	ACCEPT	info
+
 Problems Corrected in 2.5.2:
 
 1) You may now include port lists in in the /etc/shorewall/accounting