commit 7f1f7e7983d6f7a84bdff7d2c78eda07090b8bcb
Author: Thomas Woerner <twoerner@redhat.com>
Date:   Thu Jan 16 19:57:30 2014 +0100

    Fixed missing rule in zones not using the default target (RHBZ#1053932)

diff --git a/src/firewall/core/fw_zone.py b/src/firewall/core/fw_zone.py
index 8921bba..fc1c418 100644
--- a/src/firewall/core/fw_zone.py
+++ b/src/firewall/core/fw_zone.py
@@ -206,10 +206,11 @@ class FirewallZone:
                 #   called from those chains
                 # - DROP is not supported in nat table
                 target = self._zones[zone].target
-                if target != DEFAULT_ZONE_TARGET and \
-                   ((target in [ "REJECT", "%%REJECT%%" ] and chain in
-                     [ "INPUT", "FORWARD_IN", "FORWARD_OUT", "OUTPUT" ]) or \
-                    (target == "DROP" and table != "nat")):
+                if target != DEFAULT_ZONE_TARGET and not \
+                   ((target in [ "REJECT", "%%REJECT%%" ] and \
+                     chain not in [ "INPUT", "FORWARD_IN", "FORWARD_OUT",
+                                    "OUTPUT" ]) or \
+                    (target == "DROP" and table == "nat")):
                     rules.append((ipv, [ _zone, 4, "-t", table,
                                          "-j", self._zones[zone].target ]))