diff --git a/Shorewall/Perl/Shorewall/Chains.pm b/Shorewall/Perl/Shorewall/Chains.pm
index 2260c5a9e..0d6f6f6a5 100644
--- a/Shorewall/Perl/Shorewall/Chains.pm
+++ b/Shorewall/Perl/Shorewall/Chains.pm
@@ -6070,7 +6070,7 @@ sub verify_dest_interface( $$$$ ) {
fatal_error "Unknown Interface ($diface)" unless known_interface $diface;
- if ( ( $restriction & PREROUTE_RESTRICT ) || ( $chainref->{table} eq 'raw' && ( $restriction & OUTPUT_RESTRICT ) ) ) {
+ if ( $restriction & PREROUTE_RESTRICT ) {
#
# Dest interface -- must use routing table
#
diff --git a/Shorewall/manpages/shorewall-conntrack.xml b/Shorewall/manpages/shorewall-conntrack.xml
index 985eeea2d..949bb954a 100644
--- a/Shorewall/manpages/shorewall-conntrack.xml
+++ b/Shorewall/manpages/shorewall-conntrack.xml
@@ -329,39 +329,13 @@
DEST ‒
- [interface|address-list]
+ {-|interface[:address-list]|address-list}
- where interface is the name of a
- network interface and address-list is a
+ where address-list is a
comma-separated list of addresses (may contain exclusion - see
- shorewall-exclusion
- (5)). If an interface is given:
-
-
-
- It must be up and configured with an IPv4 address when
- Shorewall is started or restarted.
-
-
-
- All routes out of the interface must be configured when
- Shorewall is started or restarted.
-
-
-
- Default routes out of the interface will result in a
- warning message and will be ignored.
-
-
-
- These restrictions are because Netfilter doesn't support
- NOTRACK rules that specify a destination interface (these rules are
- applied before packets are routed and hence the destination
- interface is unknown). Shorewall uses the routes out of the
- interface to replace the interface with an address list
- corresponding to the networks routed out of the named
- interface.
+ shorewall6-exclusion
+ (5)).
diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml
index a35ae0a79..1d44b13df 100644
--- a/Shorewall6/manpages/shorewall6-conntrack.xml
+++ b/Shorewall6/manpages/shorewall6-conntrack.xml
@@ -225,30 +225,13 @@
DEST ‒
- [interface|address-list]
+ {-|interface[:address-list]|address-list}
where address-list is a
comma-separated list of addresses (may contain exclusion - see
shorewall6-exclusion
- (5)). If an interface is given:
-
-
-
- It must be up and configured with an IPv6 address when
- Shorewall is started or restarted.
-
-
-
- All routes out of the interface must be configured when
- Shorewall is started or restarted.
-
-
-
- Default routes out of the interface will result in a
- warning message and will be ignored.
-
-
+ (5)).