diff --git a/Shorewall/Perl/Shorewall/Misc.pm b/Shorewall/Perl/Shorewall/Misc.pm
index cc103c9d8..dd45b1bc1 100644
--- a/Shorewall/Perl/Shorewall/Misc.pm
+++ b/Shorewall/Perl/Shorewall/Misc.pm
@@ -2179,7 +2179,7 @@ sub generate_matrix() {
} # Interface Loop
} #Type Loop
- next if $type == LOOPBACK;
+ next if $type & ( LOOPBACK | LOCAL );
if ( $frwd_ref ) {
#
@@ -2203,10 +2203,7 @@ sub generate_matrix() {
next if $filter_table->{rules_chain( ${zone}, ${zone1} )}->{policy} eq 'NONE';
- next if $type1 == LOOPBACK;
-
- next if $type == LOCAL && $type1 != LOCAL;
- next if $type1 == LOCAL && $type != LOCAL;
+ next if $type1 & ( LOOPBACK | LOCAL );
my $chain = rules_target $zone, $zone1;
diff --git a/Shorewall/Perl/Shorewall/Rules.pm b/Shorewall/Perl/Shorewall/Rules.pm
index 788d7b214..d470fabde 100644
--- a/Shorewall/Perl/Shorewall/Rules.pm
+++ b/Shorewall/Perl/Shorewall/Rules.pm
@@ -2448,10 +2448,11 @@ sub process_rule ( $$$$$$$$$$$$$$$$$$$ ) {
warning_message( "The SOURCE zone in this rule is 'destonly'" ) if $sourceref->{destonly};
if ( $destref ) {
- warning_message( "The SOURCE zone is loopback and the DEST zone is off-firewall" ) if $sourceref->{type} == LOOPBACK && ! ( $destref->{type} & ( FIREWALL | VSERVER ) );
- warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'loopback'" ) if $destref->{type} == LOOPBACK && ! ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
- warning_message( "The SOURCE zone is 'local' and the DEST zone is off-firewall" ) if $sourceref->{type} == LOCAL && ! ( $destref->{type} & ( FIREWALL | VSERVER | LOCAL) );
- warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'loopback'" ) if $destref->{type} == LOCAL && ! ( $sourceref->{type} & ( FIREWALL | VSERVER | LOCAL) );
+ warning_message( "The SOURCE zone is loopback and the DEST zone is off-firewall" ) if $sourceref->{type} == LOOPBACK && ! ( $destref->{type} & ( FIREWALL | VSERVER ) );
+ warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'loopback'" ) if $destref->{type} == LOOPBACK && ! ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
+ warning_message( "The SOURCE zone is 'local' and the DEST zone is off-firewall" ) if $sourceref->{type} == LOCAL && ! ( $destref->{type} & ( FIREWALL | VSERVER ) );
+ warning_message( "The SOURCE zone is off-firewall and the DEST zone is 'local'" ) if $destref->{type} == LOCAL && ! ( $sourceref->{type} & ( FIREWALL | VSERVER ) );
+
warning_message( "\$FW to \$FW rules are ignored when there is a defined 'loopback' zone" ) if loopback_zones && $sourceref->{type} == FIREWALL && $destref->{type} == FIREWALL;
}
}
diff --git a/Shorewall/manpages/shorewall-zones.xml b/Shorewall/manpages/shorewall-zones.xml
index 0d8da7c43..0e6da0301 100644
--- a/Shorewall/manpages/shorewall-zones.xml
+++ b/Shorewall/manpages/shorewall-zones.xml
@@ -259,9 +259,8 @@ c:a,b ipv4
role="bold">local is the same as ipv4 with the exception that the zone
is only accessible from the firewall, vserver and other local zones.
+ role="bold">firewall and vserver zones.
diff --git a/Shorewall6/manpages/shorewall6-zones.xml b/Shorewall6/manpages/shorewall6-zones.xml
index 89acca77f..21e429928 100644
--- a/Shorewall6/manpages/shorewall6-zones.xml
+++ b/Shorewall6/manpages/shorewall6-zones.xml
@@ -257,9 +257,8 @@ c:a,b ipv6
role="bold">local is the same as ipv6 with the exception that the zone
is only accessible from the firewall, vserver and other local zones.
+ role="bold">firewall and vserver zones.