diff --git a/Shorewall/changelog.txt b/Shorewall/changelog.txt
index 5f01a4eae..f5ca17350 100755
--- a/Shorewall/changelog.txt
+++ b/Shorewall/changelog.txt
@@ -15,3 +15,7 @@ Changes since 1.4.9
    limiting (with an assist from Steven Jan Springl).
 
 7) Silently drop smurfs and broadcasts in the 'reject' chain.
+
+8) Add multicast to 'detectnets' zones.
+
+9) Don't add broadcasts to /0 groups.
diff --git a/Shorewall/firewall b/Shorewall/firewall
index 577814482..746c1026c 100755
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@@ -4888,14 +4888,17 @@ activate_rules()
 	    [ -n "$complex" ] && \
 		run_iptables -A `forward_chain $interface` -s $subnet -j $frwd_chain
 
-	    if ! list_search $interface $need_broadcast ; then
-		eval options=\$`chain_base ${interface}`_options
-		list_search detectnets $options && need_broadcast="$need_broadcast $interface"
+	    if [ "$subnet" != 0.0.0.0/0 ]; then
+		if ! list_search $interface $need_broadcast ; then
+		    eval options=\$`chain_base ${interface}`_options
+		    list_search detectnets $options && need_broadcast="$need_broadcast $interface"
+		fi
 	    fi
 	done
 
 	for interface in $need_broadcast ; do
 	    run_iptables -A OUTPUT -o $interface -d 255.255.255.255 -j $chain1
+	    run_iptables -A OUTPUT -o $interface -d 224.0.0.0/4     -j $chain1
 	done
    
 	for zone1 in $zones; do