diff --git a/Shorewall2/firewall b/Shorewall2/firewall
index 4728ace15..1e4a94e0b 100755
--- a/Shorewall2/firewall
+++ b/Shorewall2/firewall
@@ -6244,7 +6244,9 @@ activate_rules()
 	    createchain $frwd_chain No
 
 	    if [ -n "$POLICY_MATCH" ]; then
-		eval source_hosts=\$${zone}_ipsec_hosts
+	        eval is_ipsec=\$${zone}_is_ipsec
+
+		[ -n "$is_ipsec" ] && eval source_hosts=\$${zone}_hosts || eval source_hosts=\$${zone}_ipsec_hosts
 	    
 		for host in $source_hosts; do
 		    interface=${host%%:*}