From 3253df596ab6f5e43d22dff3049600fc0de9c41b Mon Sep 17 00:00:00 2001
From: Jiri Popelka <jpopelka@redhat.com>
Date: Wed, 20 Feb 2013 14:58:40 +0100
Subject: [PATCH 1/2] Stop default zone rules being applied to all zones
 (RHBZ#912782)

See https://bugzilla.redhat.com/show_bug.cgi?id=912782
for description.

Patch from Quentin Armitage
---
 src/firewall/core/fw_zone.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 6d874e5..0fd0267 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -272,8 +272,9 @@ class FirewallZone:
                     if target == "DROP" and table == "nat":
                         # DROP is not supported in nat table
                         continue
+                    action = "-g" if "_ZONE_" in target else "-j"
                     rule = [ "%s_ZONES" % src_chain, "-t", table,
-                             opt, interface, "-j", target ]
+                             opt, interface, action, target ]
                     if enable and not append:
                         rule.insert(1, "1")
                     rules.append((ipv, rule))
-- 
1.8.1.2