commit b2b5b88c56feffe09ddacf5ed348bc587f84160c
Author: Jiri Popelka <jpopelka@redhat.com>
Date:   Mon Jan 27 16:05:25 2014 +0100

    Stop default zone rules being applied to all zones (RHBZ#1057875)
    
    We had already fixed this once with 3253df5 but then
    I made incomplete 3e7b0da and made this regression.

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 407d21d..1e99fef 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -440,7 +440,10 @@ class FirewallZone:
                     opt = INTERFACE_ZONE_OPTS[chain]
                     target = DEFAULT_ZONE_TARGET.format(
                         chain=SHORTCUTS[chain], zone=zone)
-                    action = "-g" if "_ZONE_" in target else "-j"
+                    if self._zones[zone].target == DEFAULT_ZONE_TARGET:
+                        action = "-g"
+                    else:
+                        action = "-j"
                     rule = [ "%s_ZONES" % chain, "-t", table,
                              opt, interface, action, target ]
                     if enable and not append:
@@ -575,7 +578,10 @@ class FirewallZone:
                     # DROP is not supported in nat table
                     continue
                 # append rule
-                action = "-g" if "_ZONE_" in target else "-j"
+                if self._zones[zone].target == DEFAULT_ZONE_TARGET:
+                    action = "-g"
+                else:
+                    action = "-j"
                 rule = [ "%s_ZONES_SOURCE" % chain, "-t", table,
                          opt, source, action, target ]
                 rules.append((ipv, rule))