--- a/defaults.c
+++ b/defaults.c
@@ -49,7 +49,7 @@ const struct fw3_option fw3_flag_opts[]
 	FW3_OPT("synflood_rate",       limit,    defaults, syn_flood_rate),
 	FW3_OPT("synflood_burst",      int,      defaults, syn_flood_rate.burst),
 	
-	FW3_OPT("fullcone",           bool,     defaults, fullcone),
+	FW3_OPT("fullcone",           int,     defaults, fullcone),
 	
 	FW3_OPT("tcp_syncookies",      bool,     defaults, tcp_syncookies),
 	FW3_OPT("tcp_ecn",             int,      defaults, tcp_ecn),
--- a/options.h
+++ b/options.h
@@ -98,6 +98,13 @@ enum fw3_reject_code
 	__FW3_REJECT_CODE_MAX
 };
 
+enum fullcone_code
+{
+	FULLCONE_DISABLED = 0,
+	FULLCONE_CHION = 1,
+	FULLCONE_BCM = 2,
+};
+
 extern const char *fw3_flag_names[__FW3_FLAG_MAX];
 
 
@@ -297,7 +304,7 @@ struct fw3_defaults
 	enum fw3_reject_code any_reject_code;
 
 	bool syn_flood;
-	bool fullcone;
+	int fullcone;
 	struct fw3_limit syn_flood_rate;
 
 	bool tcp_syncookies;
--- a/zones.c
+++ b/zones.c
@@ -757,7 +757,7 @@ print_zone_rule(struct fw3_ipt_handle *h
 					r = fw3_ipt_rule_new(handle);
 					fw3_ipt_rule_src_dest(r, msrc, mdest);
 					/*FIXME: Workaround for FULLCONE-NAT*/
-					if(defs->fullcone)
+					if(defs->fullcone == FULLCONE_CHION)
 					{
 						warn("%s will enable FULLCONE-NAT", zone->name);
 						fw3_ipt_rule_target(r, "FULLCONENAT");
@@ -767,6 +767,12 @@ print_zone_rule(struct fw3_ipt_handle *h
 						fw3_ipt_rule_target(r, "FULLCONENAT");
 						fw3_ipt_rule_append(r, "zone_%s_prerouting", zone->name);
 					}
+					else if (defs->fullcone == FULLCONE_BCM)
+					{
+						fw3_ipt_rule_target(r, "MASQUERADE");
+						fw3_ipt_rule_extra(r, "--mode fullcone");
+						fw3_ipt_rule_append(r, "zone_%s_postrouting", zone->name);
+					}
 					else
 					{
 						fw3_ipt_rule_target(r, "MASQUERADE");