--- a/options.h
+++ b/options.h
@@ -341,6 +341,8 @@ struct fw3_zone
 	struct list_head masq_src;
 	struct list_head masq_dest;
 
+	bool fullcone;
+
 	bool mtu_fix;
 
 	struct list_head cthelpers;
--- a/zones.c
+++ b/zones.c
@@ -77,6 +77,8 @@ const struct fw3_option fw3_zone_opts[]
 	FW3_LIST("masq_src",           network,  zone,     masq_src),
 	FW3_LIST("masq_dest",          network,  zone,     masq_dest),
 
+	FW3_OPT("fullcone",            bool,     zone,     fullcone),
+
 	FW3_OPT("extra",               string,   zone,     extra_src),
 	FW3_OPT("extra_src",           string,   zone,     extra_src),
 	FW3_OPT("extra_dest",          string,   zone,     extra_dest),
@@ -709,7 +711,16 @@ print_zone_rule(struct fw3_ipt_handle *h
 				     (mdest = next_addr(mdest, &zone->masq_dest,
 					                    handle->family, false)) || first_dest;
 				     first_dest = false)
-				{
+				if (zone->fullcone && (access("/usr/lib/iptables/libipt_FULLCONENAT.so", 0) == 0)) {
+					r = fw3_ipt_rule_new(handle);
+					fw3_ipt_rule_src_dest(r, msrc, mdest);
+					fw3_ipt_rule_target(r, "FULLCONENAT");
+					fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+					r = fw3_ipt_rule_new(handle);
+					fw3_ipt_rule_src_dest(r, msrc, mdest);
+					fw3_ipt_rule_target(r, "FULLCONENAT");
+					fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
+				} else {
 					r = fw3_ipt_rule_new(handle);
 					fw3_ipt_rule_src_dest(r, msrc, mdest);
 					fw3_ipt_rule_target(r, "MASQUERADE");