diff --git a/Shorewall/Perl/Shorewall/Compiler.pm b/Shorewall/Perl/Shorewall/Compiler.pm
index 96865d65c..5fc887f19 100644
--- a/Shorewall/Perl/Shorewall/Compiler.pm
+++ b/Shorewall/Perl/Shorewall/Compiler.pm
@@ -709,10 +709,6 @@ sub compiler {
     # Proxy Arp/Ndp
     #
     setup_proxy_arp;
-    #
-    # Handle MSS settings in the zones file
-    #
-    setup_zone_mss;
 
     if ( $scriptfilename || $debug ) {
 	emit 'return 0';
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 20a5880c3..c231cbb8d 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2458,6 +2458,13 @@ sub process_rule ( ) {
     progress_message qq(   Rule "$thisline" $done);
 }
 
+sub intrazone_allowed( $$ ) {
+    my ( $zone, $zoneref ) = @_;
+
+    $zoneref->{options}{complex} && 
+	$filter_table->{rules_chain( $zone, $zone )}{policy} ne 'NONE';
+}
+
 #
 # Add jumps to the blacklst and blackout chains
 #
@@ -2484,7 +2491,7 @@ sub classic_blacklist() {
 		    my $ruleschain    = rules_chain( $zone, $zone1 );
 		    my $ruleschainref = $filter_table->{$ruleschain};
 
-		    if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) {
+		    if ( $zone ne $zone1 || intrazone_allowed( $zone, $zoneref ) ) {
 			add_ijump( ensure_rules_chain( $ruleschain ), j => $blackref, @state );
 		    }
 		}
@@ -2501,7 +2508,7 @@ sub classic_blacklist() {
 		my $ruleschain    = rules_chain( $zone1, $zone );
 		my $ruleschainref = $filter_table->{$ruleschain};
 
-		if ( ( $zone ne $zone1 || $ruleschainref->{referenced} ) && $ruleschainref->{policy} ne 'NONE' ) {
+		if ( ( $zone ne $zone1 || intrazone_allowed( $zone, $zoneref ) ) ) {
 		    add_ijump( ensure_rules_chain( $ruleschain ), j => $blackref, @state );
 		}
 	    }
@@ -2568,6 +2575,11 @@ sub process_rules( $ ) {
 
     add_interface_options( $blrules );
 
+    #
+    # Handle MSS settings in the zones file
+    #
+    setup_zone_mss;
+
     $fn = open_file 'rules';
 
     if ( $fn ) {