Omit fw->fw jumps when there is a local zone.

Signed-off-by: Tom Eastep <teastep@shorewall.net>

Shorewall/Perl/Shorewall/Misc.pm

@@ -1427,6 +1427,7 @@ sub handle_loopback_traffic() {
     my $natout  = $nat_table->{OUTPUT};
     my $rawout  = $raw_table->{OUTPUT};
     my $rulenum = 0;
+    my $local   = local_zone;
 
     my $outchainref;
     my @rule;
@@ -1455,6 +1456,8 @@ sub handle_loopback_traffic() {
 	#
 	if ( $type1 == FIREWALL ) {
 	    for my $z2 ( @zones ) {
+		next if $local && $z1 eq $z2;
+
 		my $chain = rules_target( $z1, $z2 );
 
 		generate_dest_rules( $outchainref, $chain, $z2, @rule ) if $chain;

Shorewall/Perl/Shorewall/Rules.pm

@@ -2448,8 +2448,9 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
 	    warning_message( "The SOURCE zone in this rule is 'destonly'" )                   if $sourceref->{destonly};
 
 	    if ( $destref ) {
-		warning_message( "The SOURCE zone is local and the DEST zone is off-firewall" )   if $sourceref->{type} == LOCAL && ! ( $destref->{type}   & ( FIREWALL | VSERVER ) );
-		warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'local'" ) if $destref->{type}   == LOCAL && ! ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
+		warning_message( "The SOURCE zone is local and the DEST zone is off-firewall" )          if $sourceref->{type} == LOCAL && ! ( $destref->{type}   & ( FIREWALL | VSERVER ) );
+		warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'local'" )        if $destref->{type}   == LOCAL && ! ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
+		warning_message( "\$FW to \$FW rules are ignored when there is a defined 'local' zone" ) if local_zone && $sourceref->{type} == FIREWALL && $destref->{type} == FIREWALL;
 	    }
 	}
     }

Shorewall/manpages/shorewall-zones.xml

@@ -246,10 +246,6 @@ c:a,b     ipv4</programlisting>
 
                 <para>Only one <emphasis role="bold">local</emphasis> zone may
                 be defined.</para>
-
-                <para>When a local zone is defined, you should ensure that the
-                $FW -&gt; $FW policy is ACCEPT; otherwise, extraneous chains
-                and rules will be created.</para>
               </listitem>
             </varlistentry>
           </variablelist>

Shorewall6/manpages/shorewall6-zones.xml

@@ -244,10 +244,6 @@ c:a,b     ipv6</programlisting>
 
                 <para>Only one <emphasis role="bold">local</emphasis> zone may
                 be defined.</para>
-
-                <para>When a local zone is defined, you should ensure that the
-                $FW -&gt; $FW policy is ACCEPT; otherwise, extraneous chains
-                and rules will be created.</para>
               </listitem>
             </varlistentry>
           </variablelist>