iptables rules not removed after network deletion

[mfedv]

when a network definition is deleted entirely in vuurmuur_conf, the corresponding iptables rules remain after "Apply changes" (F11). If I just unset the "Active" flag, the rules are deleted correctly on "Apply changes".

In this example I had 2 networks, 192.168.248.0/24 and 192.168.249.0/24 in zone "Server", and an SNAT rule for all traffic originating from that zone.

iptables -t nat -nL POSTROUTING: Chain POSTROUTING (policy ACCEPT) target prot opt source destination PRE-VRMR-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 NFLOG all -- 192.168.249.0/24 0.0.0.0/0 limit: avg 20/sec burst 40 nflog-prefix "vrmr: SNAT srv " nflog-group 9 SNAT all -- 192.168.249.0/24 0.0.0.0/0 to:10.110.110.92 NFLOG all -- 192.168.248.0/24 0.0.0.0/0 limit: avg 20/sec burst 40 nflog-prefix "vrmr: SNAT srv " nflog-group 9 SNAT all -- 192.168.248.0/24 0.0.0.0/0 to:10.110.110.92

After deleting the network definition for 192.168.248.0/24 and pressing F11 for "Apply changes", the rules for 192.168.248.0/24 stay in place:

Chain POSTROUTING (policy ACCEPT) target prot opt source destination PRE-VRMR-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 NFLOG all -- 192.168.249.0/24 0.0.0.0/0 limit: avg 20/sec burst 40 nflog-prefix "vrmr: SNAT srv " nflog-group 9 SNAT all -- 192.168.249.0/24 0.0.0.0/0 to:10.110.110.92 NFLOG all -- 192.168.248.0/24 0.0.0.0/0 limit: avg 20/sec burst 40 nflog-prefix "vrmr: SNAT srv " nflog-group 9 SNAT all -- 192.168.248.0/24 0.0.0.0/0 to:10.110.110.92

but after /etc/init.d/vuurmuur restart the rules are correct: Chain POSTROUTING (policy ACCEPT) target prot opt source destination PRE-VRMR-POSTROUTING all -- 0.0.0.0/0 0.0.0.0/0 NFLOG all -- 192.168.249.0/24 0.0.0.0/0 limit: avg 20/sec burst 40 nflog-prefix "vrmr: SNAT srv " nflog-group 9 SNAT all -- 192.168.249.0/24 0.0.0.0/0 to:10.110.110.92