diff --git a/Shorewall/Perl/Shorewall/Zones.pm b/Shorewall/Perl/Shorewall/Zones.pm
index cf8bdd0b1..085894c65 100644
--- a/Shorewall/Perl/Shorewall/Zones.pm
+++ b/Shorewall/Perl/Shorewall/Zones.pm
@@ -838,6 +838,7 @@ sub process_interface( $ ) {
 		$hostoptions{$option} = $numval if $hostopt;
 	    } elsif ( $type == IPLIST_IF_OPTION ) {
 		fatal_error "The $option option requires a value" unless defined $value;
+		fatal_error q("nets=" may not be specified for a multi-zone interface) unless $zone;
 		fatal_error "Duplicate $option option" if $nets;
 		#
 		# Remove parentheses from address list if present
diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 604be7cc1..7cc2cc741 100644
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -5,6 +5,8 @@ Changes in Shorewall 4.4.0.2
 
 2)  Allow extension of zone definition with nets=.
 
+3)  Don't allow nets= in a multi-zone interface definition.
+
 Changes in Shorewall 4.4.0.1
 
 1)  Updated release versions.
diff --git a/Shorewall/releasenotes.txt b/Shorewall/releasenotes.txt
index 32462d684..b65afd68d 100644
--- a/Shorewall/releasenotes.txt
+++ b/Shorewall/releasenotes.txt
@@ -164,6 +164,10 @@ Shorewall 4.4.0 patch release 1.
     definition could not be extended by entries in
     /etc/shorewall/hosts.
 
+3)  Previously, "nets=" could be specified in a multi-zone interface
+    definition ("-" in the ZONES column) in /etc/shorewall/zones. This
+    now raises a fatal compilation error.
+
  ----------------------------------------------------------------------------
         P R O B L E M S   C O R R E C T E D   I N   4 . 4 . 0 . 1
 ----------------------------------------------------------------------------