diff --git a/src/pf/pf.cpp b/src/pf/pf.cpp
index 5e16f28b1..cfa86517c 100644
--- a/src/pf/pf.cpp
+++ b/src/pf/pf.cpp
@@ -519,11 +519,6 @@ int main(int argc, char * const *argv)
                              options->getStr("pf_limit_table_entries"));
 
         if (limits.size() > 0)
-
-        if ( ! options->getStr("pf_optimization").empty() )
-            pf_file << "set optimization "
-                    << options->getStr("pf_optimization") << endl;
-
         {
             pf_file << "set limit ";
             if (limits.size() > 1 ) pf_file << "{ ";
@@ -534,6 +529,10 @@ int main(int argc, char * const *argv)
             pf_file << endl;
         }
 
+        if ( ! options->getStr("pf_optimization").empty() )
+            pf_file << "set optimization "
+                    << options->getStr("pf_optimization") << endl;
+
         pf_file << printTimeout(options,
                                 "pf_do_timeout_interval","pf_timeout_interval",
                                 "interval");
diff --git a/src/pflib/NATCompiler_pf.cpp b/src/pflib/NATCompiler_pf.cpp
index 3a6302212..0f724ffed 100644
--- a/src/pflib/NATCompiler_pf.cpp
+++ b/src/pflib/NATCompiler_pf.cpp
@@ -388,16 +388,17 @@ bool NATCompiler_pf::addVirtualAddress::processNext()
 	if (rule->getRuleType()==NATRule::DNAT) a=compiler->getFirstODst(rule);
 	else  return true;
     assert(a!=NULL);
+    const InetAddr *a_addr = a->getAddressPtr();
 
-    if ( ! a->isAny() && a->getId()!=compiler->getFwId() )
+    if ( ! a->isAny() && a->getId()!=compiler->getFwId() && a_addr)
     {
 	list<FWObject*> l2=compiler->fw->getByType(Interface::TYPENAME);
 	for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
         {
 	    Interface *iface=dynamic_cast<Interface*>(*i);
 	    assert(iface);
-
-	    if ( *(a->getAddressPtr()) == *(iface->getAddressPtr()) )
+            const InetAddr *iface_addr = iface->getAddressPtr();
+	    if (iface_addr && *a_addr == *iface_addr )
                 return true;
 	}
 	compiler->osconfigurator->addVirtualAddressForNAT( a );
@@ -418,7 +419,8 @@ bool NATCompiler_pf::splitForTSrc::processNext()
     {
         FWObject *o= *i;
         if (FWReference::cast(o)!=NULL) o=FWReference::cast(o)->getPointer();
-        Interface *iface = compiler->findInterfaceFor(Address::cast(o),compiler->fw);
+        Interface *iface = compiler->findInterfaceFor(Address::cast(o),
+                                                      compiler->fw);
         if (iface!=NULL)
             interfaceGroups[iface->getId()].push_back(o);
     }
diff --git a/src/pflib/NATCompiler_pf_writers.cpp b/src/pflib/NATCompiler_pf_writers.cpp
index 04d7b9372..ac39e4f5e 100644
--- a/src/pflib/NATCompiler_pf_writers.cpp
+++ b/src/pflib/NATCompiler_pf_writers.cpp
@@ -324,38 +324,39 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
         assert(atrt==NULL);
     }
 
-    Address *a = Address::cast(o);
-    const InetAddr *addr = a->getAddressPtr();
-    InetAddr mask = *(a->getNetmaskPtr());
-
     if (Interface::cast(o)!=NULL)
     {
-        Interface *interface_=Interface::cast(o);
-        if (interface_->isDyn())
+        Interface *iface=Interface::cast(o);
+        if (iface->isDyn())
         {
-            compiler->output << "(" << interface_->getName() << ") ";
+            compiler->output << "(" << iface->getName() << ") ";
             return;
         }
-
-        mask = InetAddr(InetAddr::getAllOnes());
     }
 
-    if (Address::cast(o)->dimension()==1)
+    Address *a = Address::cast(o);
+    const InetAddr *addr = a->getAddressPtr();
+    if (addr)
     {
-        mask = InetAddr(InetAddr::getAllOnes());
-    }
+        InetAddr mask = *(a->getNetmaskPtr());
 
-    if (addr->isAny() && mask.isAny())
-    {
-        compiler->output << "any ";
-    } else
-    {
-        compiler->output << addr->toString();
-        if (!mask.isHostMask())
+        if (Interface::cast(o)!=NULL || Address::cast(o)->dimension()==1)
         {
-            compiler->output << "/" << mask.getLength();
+            mask = InetAddr(InetAddr::getAllOnes());
+        }
+
+        if (addr->isAny() && mask.isAny())
+        {
+            compiler->output << "any ";
+        } else
+        {
+            compiler->output << addr->toString();
+            if (!mask.isHostMask())
+            {
+                compiler->output << "/" << mask.getLength();
+            }
+            compiler->output  << " ";
         }
-        compiler->output  << " ";
     }
 }
 
diff --git a/test/pf/objects-for-regression-tests.fwb b/test/pf/objects-for-regression-tests.fwb
index 4a2192604..27a8ac010 100644
--- a/test/pf/objects-for-regression-tests.fwb
+++ b/test/pf/objects-for-regression-tests.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="5" lastModified="1210452317" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="6" id="root">
   <Library color="#d2ffd0" comment="User defined objects" id="syslib001" name="User" ro="False">
     <ObjectGroup id="stdid01_1" name="Objects">
       <ObjectGroup id="stdid01_1_og_ats_1" name="Address Tables">
@@ -76,9 +76,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
         </Host>
@@ -92,9 +92,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
         </Host>
@@ -202,9 +202,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr_filter">True</Option>
           </HostOptions>
         </Host>
@@ -219,9 +219,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
         </Host>
@@ -235,9 +235,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr">False</Option>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
@@ -252,9 +252,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr">False</Option>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
@@ -269,9 +269,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr">False</Option>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
@@ -286,9 +286,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr">False</Option>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
@@ -303,9 +303,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr">False</Option>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
@@ -320,9 +320,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr">false</Option>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
@@ -337,9 +337,9 @@
             <PolicyInstallScript arguments="" command="" enabled="False"/>
           </Management>
           <HostOptions>
-            <Option name="snmp_contact"></Option>
-            <Option name="snmp_description"></Option>
-            <Option name="snmp_location"></Option>
+            <Option name="snmp_contact"/>
+            <Option name="snmp_description"/>
+            <Option name="snmp_location"/>
             <Option name="use_mac_addr">false</Option>
             <Option name="use_mac_addr_filter">False</Option>
           </HostOptions>
@@ -408,8 +408,7 @@
       <ServiceGroup id="stdid05_1_og_tag_1" name="TagServices">
         <TagService comment="" id="id43EC6B892355" name="ipsec_tag" tagcode="ipsec_tag"/>
         <TagService comment="" id="id43F4556A28869" name="INTNET" tagcode="INTNET"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid10_1" name="Groups">
+      </ServiceGroup><ServiceGroup id="stdid10_1" name="Groups">
         <ServiceGroup id="id3B457567" name="svcgroup1">
           <ServiceRef ref="id3B457561"/>
           <ServiceRef ref="ip-IPSEC"/>
@@ -463,39 +462,35 @@
           <ServiceRef ref="id3AECF776"/>
         </ServiceGroup>
         <ServiceGroup id="id3DE6946C" name="sgroup"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid07_1" name="ICMP">
+      </ServiceGroup><ServiceGroup id="stdid07_1" name="ICMP">
         <ICMPService code="-1" comment="" id="id3C1A5D46" name="any ICMP" type="-1"/>
         <ICMPService code="-1" comment="" id="id3D0E95E4" name="Any unreach." type="3"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid06_1" name="IP">
+      </ServiceGroup><ServiceGroup id="stdid06_1" name="IP">
         <IPService comment="" fragm="False" id="id3B457561" lsrr="False" name="ICMP" protocol_num="1" rr="False" short_fragm="False" ssrr="False" ts="False"/>
         <IPService comment="" fragm="False" id="id3B6659A5" lsrr="False" name="TS" protocol_num="0" rr="False" short_fragm="False" ssrr="False" ts="True"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid09_1" name="TCP">
+      </ServiceGroup><ServiceGroup id="stdid09_1" name="TCP">
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="6667" dst_range_start="6667" fin_flag="False" fin_flag_mask="False" id="tcp-IRC" name="irc" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="port range" dst_range_end="11000" dst_range_start="10000" fin_flag="False" fin_flag_mask="False" id="id3B20468D" name="test-TCP" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="3128" dst_range_start="3128" fin_flag="False" fin_flag_mask="False" id="id3B5009F7" name="squid" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="True" ack_flag_mask="True" comment="" dst_range_end="0" dst_range_start="0" fin_flag="True" fin_flag_mask="True" id="id3B58E3F1" name="xmas-tree" psh_flag="False" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" src_range_end="0" src_range_start="0" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="70" dst_range_start="70" fin_flag="False" fin_flag_mask="False" id="id3C1A66EF" name="gopher" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="1080" dst_range_start="1080" fin_flag="False" fin_flag_mask="False" id="id3E59AD29" name="tcp-1080" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid08_1" name="UDP"/>
-      <ServiceGroup id="stdid13_1" name="Custom">
+      </ServiceGroup><ServiceGroup id="stdid08_1" name="UDP"/><ServiceGroup id="stdid13_1" name="Custom">
         <CustomService comment="Talk support" id="id3B64FE22" name="talk">
-          <CustomServiceCommand platform="Undefined"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfilter"></CustomServiceCommand>
+          <CustomServiceCommand platform="Undefined"/>
+          <CustomServiceCommand platform="ipfilter"/>
           <CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
         </CustomService>
         <CustomService comment="" id="id41F9FFBA" name="natproto">
-          <CustomServiceCommand platform="ipf"></CustomServiceCommand>
-          <CustomServiceCommand platform="ipfw"></CustomServiceCommand>
-          <CustomServiceCommand platform="iptables"></CustomServiceCommand>
+          <CustomServiceCommand platform="ipf"/>
+          <CustomServiceCommand platform="ipfw"/>
+          <CustomServiceCommand platform="iptables"/>
           <CustomServiceCommand platform="pf">proto {tcp udp icmp gre}</CustomServiceCommand>
-          <CustomServiceCommand platform="pix"></CustomServiceCommand>
-          <CustomServiceCommand platform="unknown"></CustomServiceCommand>
+          <CustomServiceCommand platform="pix"/>
+          <CustomServiceCommand platform="unknown"/>
         </CustomService>
       </ServiceGroup>
+      <ServiceGroup id="stdid05_1_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="stdid12_1" name="Firewalls">
       <Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" host_OS="openbsd" id="fw-firewall2" inactive="False" lastCompiled="1157930800" lastInstalled="0" lastModified="1202682308" name="firewall" platform="pf" ro="False" version="">
@@ -694,9 +689,9 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_limit_suffix"></Option>
+              <Option name="log_limit_suffix"/>
               <Option name="log_prefix">** RULE %N</Option>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
@@ -740,10 +735,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Accept" direction="Both" disabled="True" id="id3BF1B44E" log="False" position="8">
@@ -763,10 +758,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Accept" comment="this rule is limited to 4 simultaneous&#10;connections by rule options" direction="Both" disabled="False" id="pol-firewall2-3" log="False" position="9">
@@ -789,10 +784,10 @@
               <IntervalRef ref="id3C63479E"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_rule_max_state">4</Option>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
@@ -815,10 +810,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_max_src_nodes">10</Option>
               <Option name="pf_max_src_states">10</Option>
               <Option name="pf_rule_max_state">0</Option>
@@ -843,18 +838,18 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">3</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">15</Option>
               <Option name="pf_max_src_nodes">10</Option>
               <Option name="pf_max_src_states">10</Option>
@@ -881,10 +876,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_max_src_nodes">75</Option>
               <Option name="pf_max_src_states">2</Option>
               <Option name="pf_rule_max_state">10</Option>
@@ -910,10 +905,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="pol-firewall2-4" log="False" position="14">
@@ -934,10 +929,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Accept" comment="this rule and the next one can be&#10;used to test shading" direction="Both" disabled="True" id="id3CE597E3" log="False" position="15">
@@ -957,10 +952,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id3CE591F6" log="False" position="16">
@@ -980,10 +975,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Accept" comment="illegal rule - object firewall8 has&#10;dynamic interface" direction="Both" disabled="True" id="id3EE2579E" log="False" position="17">
@@ -1024,10 +1019,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Deny" comment="Automatically generated 'catch all' rule" direction="Both" disabled="False" id="pol-firewall2-7" log="True" position="19">
@@ -1047,11 +1042,11 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_limit_suffix"></Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_limit_suffix"/>
+              <Option name="log_prefix"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -1075,26 +1070,26 @@
           <Option name="accept_established">False</Option>
           <Option name="accept_new_tcp_with_no_syn">False</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">True</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">True</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/second</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -1119,9 +1114,9 @@
           <Option name="openbsd_ip_forward">1</Option>
           <Option name="openbsd_ip_redirect">0</Option>
           <Option name="openbsd_ip_sourceroute">0</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">12000</Option>
           <Option name="pf_adaptive_start">6000</Option>
@@ -1140,7 +1135,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">1000000</Option>
           <Option name="pf_limit_tables">1000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">10</Option>
           <Option name="pf_other_multiple">10</Option>
           <Option name="pf_other_single">10</Option>
@@ -1183,11 +1178,11 @@
           <Option name="prolog_place">fw_file</Option>
           <Option name="prolog_script">echo 'This is prolog script'
 </Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
         </FirewallOptions>
@@ -1679,10 +1674,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="limit_suffix">/minute</Option>
               <Option name="limit_value">10</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -1704,10 +1699,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="limit_suffix">/minute</Option>
               <Option name="limit_value">10</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -1792,10 +1787,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="limit_suffix">/minute</Option>
               <Option name="limit_value">10</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -1925,26 +1920,26 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -1956,18 +1951,18 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -1980,7 +1975,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">1000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -2029,11 +2024,11 @@
 
 </Option>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -2183,19 +2178,19 @@
           <Option name="action_on_reject">ICMP net unreachable</Option>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">True</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/second</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -2207,7 +2202,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -2218,13 +2213,13 @@
           <Option name="openbsd_ip_forward">1</Option>
           <Option name="openbsd_ip_redirect">0</Option>
           <Option name="openbsd_ip_sourceroute">0</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_do_scrub">True</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_scrub_fragm_crop">False</Option>
           <Option name="pf_scrub_fragm_drop_ovl">False</Option>
           <Option name="pf_scrub_maxmss">1460</Option>
@@ -2236,10 +2231,10 @@
           <Option name="pf_timeout_frag">30</Option>
           <Option name="pf_timeout_interval">10</Option>
           <Option name="platform">iptables</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
         </FirewallOptions>
@@ -2267,7 +2262,7 @@
             </TSrv>
             <NATRuleOptions>
               <Option name="color">#C0BA44</Option>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule disabled="False" id="id3AFB66D6" position="1">
@@ -2292,7 +2287,7 @@
             </TSrv>
             <NATRuleOptions>
               <Option name="color">#C0BA44</Option>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule disabled="False" id="id3CABE6DF" position="2">
@@ -2340,7 +2335,7 @@
             </TSrv>
             <NATRuleOptions>
               <Option name="color">#C0BA44</Option>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule comment="" disabled="False" id="id40E9A83B" position="4">
@@ -2365,7 +2360,7 @@
             </TSrv>
             <NATRuleOptions>
               <Option name="color">#C0BA44</Option>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule comment="" disabled="False" id="id40E9A850" position="5">
@@ -2413,7 +2408,7 @@
             </TSrv>
             <NATRuleOptions>
               <Option name="color">#C0BA44</Option>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule comment="" disabled="False" id="id40E9A8F2" position="7">
@@ -2438,7 +2433,7 @@
             </TSrv>
             <NATRuleOptions>
               <Option name="color">#C0BA44</Option>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule comment="" disabled="False" id="id40E9A907" position="8">
@@ -2549,7 +2544,7 @@
               <ServiceRef ref="sysid1"/>
             </TSrv>
             <NATRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule disabled="True" id="id3BD6757E" position="13">
@@ -2928,8 +2923,8 @@
               <ObjectRef ref="id3AFB6706"/>
             </Itf>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
               <Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
               <Option name="stateless">True</Option>
@@ -2953,8 +2948,8 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
               <Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
               <Option name="stateless">True</Option>
@@ -2979,8 +2974,8 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
               <Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
               <Option name="stateless">True</Option>
@@ -3005,8 +3000,8 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
               <Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
               <Option name="stateless">True</Option>
@@ -3027,8 +3022,8 @@
               <ObjectRef ref="id3AFB6706"/>
             </Itf>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
               <Option name="log_prefix">Iface: %I RULE %N -- %A **</Option>
               <Option name="stateless">True</Option>
@@ -3051,7 +3046,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3073,7 +3068,7 @@
             </When>
             <PolicyRuleOptions>
               <Option name="action_on_reject">TCP RST</Option>
-              <Option name="limit_suffix"></Option>
+              <Option name="limit_suffix"/>
               <Option name="limit_value">0</Option>
               <Option name="log_prefix">IDENT</Option>
               <Option name="stateless">True</Option>
@@ -3134,7 +3129,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Accept" comment="host-fw2 has the same address as &#10;        one of the firewall's interfaces" direction="Both" disabled="True" id="id3C447B8D" log="True" position="11">
@@ -3193,7 +3188,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3223,27 +3218,27 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">False</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="id"></Option>
+          <Option name="id"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/second</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_accept_redirects">0</Option>
@@ -3270,9 +3265,9 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -3336,11 +3331,11 @@
 # prolog commands go after set commands
 </Option>
           <Option name="proxy_arp">True</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">True</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -3368,7 +3363,7 @@
               <ServiceRef ref="sysid1"/>
             </TSrv>
             <NATRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule disabled="False" id="id3B0C6390" position="1">
@@ -3391,7 +3386,7 @@
               <ServiceRef ref="sysid1"/>
             </TSrv>
             <NATRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </NATRuleOptions>
           </NATRule>
           <NATRule disabled="False" id="id3B202AFF" position="2">
@@ -3508,7 +3503,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Deny" comment="" direction="Both" disabled="False" id="id3B0C63B4" log="True" position="4">
@@ -3529,7 +3524,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3551,7 +3546,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3574,7 +3569,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3595,7 +3590,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Deny" comment="'catch all' rule" direction="Both" disabled="False" id="id3B0C63D5" log="True" position="8">
@@ -3615,7 +3610,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="id"></Option>
+              <Option name="id"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3645,27 +3640,27 @@
           <Option name="accept_established">False</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="id"></Option>
+          <Option name="id"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -3677,18 +3672,18 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -3701,7 +3696,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -3745,11 +3740,11 @@
           <Option name="prolog_script"># prolog commands go after table definitions
 </Option>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">False</Option>
         </FirewallOptions>
@@ -3797,10 +3792,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_limit_suffix"></Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_limit_suffix"/>
+              <Option name="log_prefix"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3822,10 +3817,10 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="limit_value">0</Option>
-              <Option name="log_limit_suffix"></Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_limit_suffix"/>
+              <Option name="log_prefix"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -3869,23 +3864,23 @@
           <Option name="accept_established">False</Option>
           <Option name="accept_new_tcp_with_no_syn">False</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">False</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">True</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/second</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -3897,7 +3892,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -3908,13 +3903,13 @@
           <Option name="openbsd_ip_forward">1</Option>
           <Option name="openbsd_ip_redirect">0</Option>
           <Option name="openbsd_ip_sourceroute">0</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_do_scrub">False</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_scrub_fragm_crop">False</Option>
           <Option name="pf_scrub_fragm_drop_ovl">False</Option>
           <Option name="pf_scrub_maxmss">1460</Option>
@@ -3927,10 +3922,10 @@
           <Option name="pf_timeout_frag">30</Option>
           <Option name="pf_timeout_interval">10</Option>
           <Option name="platform">iptables</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
         </FirewallOptions>
@@ -4003,19 +3998,19 @@
           <Option name="action_on_reject">ICMP net unreachable</Option>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -4027,20 +4022,20 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_do_scrub">True</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_scrub_fragm_crop">False</Option>
           <Option name="pf_scrub_fragm_drop_ovl">False</Option>
           <Option name="pf_scrub_maxmss">1460</Option>
@@ -4053,10 +4048,10 @@
           <Option name="pf_timeout_interval">10</Option>
           <Option name="platform">iptables</Option>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -4131,19 +4126,19 @@
           <Option name="action_on_reject">ICMP net unreachable</Option>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -4155,20 +4150,20 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_do_scrub">True</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_scrub_fragm_crop">False</Option>
           <Option name="pf_scrub_fragm_drop_ovl">False</Option>
           <Option name="pf_scrub_maxmss">1460</Option>
@@ -4181,10 +4176,10 @@
           <Option name="pf_timeout_interval">10</Option>
           <Option name="platform">iptables</Option>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -4517,14 +4512,14 @@
         </Management>
         <FirewallOptions>
           <Option name="check_shading">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="firewall_dir">/etc</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="manage_virtual_addr">False</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_optimisation">False</Option>
@@ -4535,7 +4530,7 @@
           <Option name="pf_do_scrub">True</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_scrub_fragm_crop">False</Option>
           <Option name="pf_scrub_fragm_drop_ovl">False</Option>
           <Option name="pf_scrub_maxmss">1460</Option>
@@ -4546,9 +4541,9 @@
           <Option name="pf_scrub_use_minttl">False</Option>
           <Option name="pf_timeout_frag">30</Option>
           <Option name="pf_timeout_interval">10</Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
           <Option name="use_tables">True</Option>
         </FirewallOptions>
       </Firewall>
@@ -4712,22 +4707,22 @@
           <Option name="action_on_reject">ICMP net unreachable</Option>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -4739,20 +4734,20 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_do_scrub">True</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_scrub_fragm_crop">False</Option>
           <Option name="pf_scrub_fragm_drop_ovl">False</Option>
           <Option name="pf_scrub_maxmss">1460</Option>
@@ -4765,10 +4760,10 @@
           <Option name="pf_timeout_interval">10</Option>
           <Option name="platform">iptables</Option>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -5107,50 +5102,50 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="bridging_fw">False</Option>
           <Option name="check_shading">False</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">True</Option>
           <Option name="debug">False</Option>
           <Option name="drop_invalid">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="epilog_script"/>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
-          <Option name="linux24_accept_redirects"></Option>
-          <Option name="linux24_accept_source_route"></Option>
-          <Option name="linux24_icmp_echo_ignore_all"></Option>
-          <Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
-          <Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
-          <Option name="linux24_ip_dynaddr"></Option>
-          <Option name="linux24_ip_forward"></Option>
-          <Option name="linux24_log_martians"></Option>
-          <Option name="linux24_path_ip"></Option>
-          <Option name="linux24_path_iptables"></Option>
-          <Option name="linux24_path_logger"></Option>
-          <Option name="linux24_path_lsmod"></Option>
-          <Option name="linux24_path_modprobe"></Option>
-          <Option name="linux24_rp_filter"></Option>
-          <Option name="linux24_tcp_ecn"></Option>
-          <Option name="linux24_tcp_fack"></Option>
+          <Option name="linux24_accept_redirects"/>
+          <Option name="linux24_accept_source_route"/>
+          <Option name="linux24_icmp_echo_ignore_all"/>
+          <Option name="linux24_icmp_echo_ignore_broadcasts"/>
+          <Option name="linux24_icmp_ignore_bogus_error_responses"/>
+          <Option name="linux24_ip_dynaddr"/>
+          <Option name="linux24_ip_forward"/>
+          <Option name="linux24_log_martians"/>
+          <Option name="linux24_path_ip"/>
+          <Option name="linux24_path_iptables"/>
+          <Option name="linux24_path_logger"/>
+          <Option name="linux24_path_lsmod"/>
+          <Option name="linux24_path_modprobe"/>
+          <Option name="linux24_rp_filter"/>
+          <Option name="linux24_tcp_ecn"/>
+          <Option name="linux24_tcp_fack"/>
           <Option name="linux24_tcp_fin_timeout">30</Option>
           <Option name="linux24_tcp_keepalive_interval">1800</Option>
-          <Option name="linux24_tcp_sack"></Option>
-          <Option name="linux24_tcp_syncookies"></Option>
-          <Option name="linux24_tcp_timestamps"></Option>
-          <Option name="linux24_tcp_window_scaling"></Option>
+          <Option name="linux24_tcp_sack"/>
+          <Option name="linux24_tcp_syncookies"/>
+          <Option name="linux24_tcp_timestamps"/>
+          <Option name="linux24_tcp_window_scaling"/>
           <Option name="load_modules">False</Option>
           <Option name="local_nat">False</Option>
           <Option name="log_all">False</Option>
@@ -5164,20 +5159,20 @@
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="output_file"></Option>
+          <Option name="output_file"/>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">top</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="ulog_cprange">0</Option>
           <Option name="ulog_nlgroup">1</Option>
           <Option name="ulog_qthreshold">1</Option>
@@ -5535,7 +5530,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">5</Option>
               <Option name="pf_max_src_conn_flush">True</Option>
@@ -5544,7 +5539,7 @@
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -5609,50 +5604,50 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="bridging_fw">False</Option>
           <Option name="check_shading">False</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">True</Option>
           <Option name="debug">False</Option>
           <Option name="drop_invalid">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="epilog_script"/>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
-          <Option name="linux24_accept_redirects"></Option>
-          <Option name="linux24_accept_source_route"></Option>
-          <Option name="linux24_icmp_echo_ignore_all"></Option>
-          <Option name="linux24_icmp_echo_ignore_broadcasts"></Option>
-          <Option name="linux24_icmp_ignore_bogus_error_responses"></Option>
-          <Option name="linux24_ip_dynaddr"></Option>
-          <Option name="linux24_ip_forward"></Option>
-          <Option name="linux24_log_martians"></Option>
-          <Option name="linux24_path_ip"></Option>
-          <Option name="linux24_path_iptables"></Option>
-          <Option name="linux24_path_logger"></Option>
-          <Option name="linux24_path_lsmod"></Option>
-          <Option name="linux24_path_modprobe"></Option>
-          <Option name="linux24_rp_filter"></Option>
-          <Option name="linux24_tcp_ecn"></Option>
-          <Option name="linux24_tcp_fack"></Option>
+          <Option name="linux24_accept_redirects"/>
+          <Option name="linux24_accept_source_route"/>
+          <Option name="linux24_icmp_echo_ignore_all"/>
+          <Option name="linux24_icmp_echo_ignore_broadcasts"/>
+          <Option name="linux24_icmp_ignore_bogus_error_responses"/>
+          <Option name="linux24_ip_dynaddr"/>
+          <Option name="linux24_ip_forward"/>
+          <Option name="linux24_log_martians"/>
+          <Option name="linux24_path_ip"/>
+          <Option name="linux24_path_iptables"/>
+          <Option name="linux24_path_logger"/>
+          <Option name="linux24_path_lsmod"/>
+          <Option name="linux24_path_modprobe"/>
+          <Option name="linux24_rp_filter"/>
+          <Option name="linux24_tcp_ecn"/>
+          <Option name="linux24_tcp_fack"/>
           <Option name="linux24_tcp_fin_timeout">30</Option>
           <Option name="linux24_tcp_keepalive_interval">1800</Option>
-          <Option name="linux24_tcp_sack"></Option>
-          <Option name="linux24_tcp_syncookies"></Option>
-          <Option name="linux24_tcp_timestamps"></Option>
-          <Option name="linux24_tcp_window_scaling"></Option>
+          <Option name="linux24_tcp_sack"/>
+          <Option name="linux24_tcp_syncookies"/>
+          <Option name="linux24_tcp_timestamps"/>
+          <Option name="linux24_tcp_window_scaling"/>
           <Option name="load_modules">False</Option>
           <Option name="local_nat">False</Option>
           <Option name="log_all">False</Option>
@@ -5666,20 +5661,20 @@
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="output_file"></Option>
+          <Option name="output_file"/>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">top</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="ulog_cprange">0</Option>
           <Option name="ulog_nlgroup">1</Option>
           <Option name="ulog_qthreshold">1</Option>
@@ -5753,12 +5748,12 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="classify_str"></Option>
-              <Option name="custom_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="classify_str"/>
+              <Option name="custom_str"/>
               <Option name="ipfw_pipe_method">0</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="tagvalue">INTNET</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -5925,14 +5920,14 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="classify_str">mail</Option>
-              <Option name="custom_str"></Option>
+              <Option name="custom_str"/>
               <Option name="ipfw_pipe_method">0</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">True</Option>
-              <Option name="tagvalue"></Option>
+              <Option name="tagvalue"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Deny" direction="Both" disabled="False" id="id43EC5E132355" log="True" position="10">
@@ -5976,29 +5971,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">False</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -6010,18 +6005,18 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -6034,7 +6029,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -6074,13 +6069,13 @@
           <Option name="pf_udp_multiple">0</Option>
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -6273,7 +6268,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
               <Option name="pf_rule_max_state">1000</Option>
@@ -6301,16 +6296,16 @@
         <FirewallOptions>
           <Option name="accept_established">true</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">True</Option>
           <Option name="debug">False</Option>
           <Option name="eliminate_duplicates">true</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc</Option>
           <Option name="firewall_is_part_of_any_and_networks">true</Option>
@@ -6326,11 +6321,11 @@
           <Option name="loopback_interface">lo0</Option>
           <Option name="macosx_ip_forward">1</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="modulate_state">False</Option>
           <Option name="openbsd_ip_forward">1</Option>
-          <Option name="output_file"></Option>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -6343,7 +6338,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -6401,7 +6396,7 @@
           <Option name="prompt1">$ </Option>
           <Option name="prompt2"> # </Option>
           <Option name="solaris_ip_forward">1</Option>
-          <Option name="sshArgs"></Option>
+          <Option name="sshArgs"/>
           <Option name="ulog_nlgroup">1</Option>
           <Option name="verify_interfaces">true</Option>
         </FirewallOptions>
@@ -6469,12 +6464,12 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="classify_str"></Option>
-              <Option name="custom_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="classify_str"/>
+              <Option name="custom_str"/>
               <Option name="ipfw_pipe_method">0</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="tagvalue">INTNET</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -6650,14 +6645,14 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
+              <Option name="action_on_reject"/>
               <Option name="classify_str">mail</Option>
-              <Option name="custom_str"></Option>
+              <Option name="custom_str"/>
               <Option name="ipfw_pipe_method">0</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">True</Option>
-              <Option name="tagvalue"></Option>
+              <Option name="tagvalue"/>
             </PolicyRuleOptions>
           </PolicyRule>
           <PolicyRule action="Deny" direction="Both" disabled="False" id="id445DB3C332739" log="True" position="10">
@@ -6801,29 +6796,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">False</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -6835,18 +6830,18 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -6859,7 +6854,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -6899,13 +6894,13 @@
           <Option name="pf_udp_multiple">0</Option>
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -6974,7 +6969,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
               <Option name="pf_rule_max_state">0</Option>
@@ -6999,7 +6994,7 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
               <Option name="pf_rule_max_state">0</Option>
@@ -7025,28 +7020,28 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_route_opt_addr">192.0.2.10</Option>
               <Option name="pf_route_opt_if">le1</Option>
               <Option name="pf_route_option">route_through</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -7067,28 +7062,28 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_route_opt_addr">192.0.3.10</Option>
               <Option name="pf_route_opt_if">le2</Option>
               <Option name="pf_route_option">route_through</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -7152,16 +7147,16 @@
         <FirewallOptions>
           <Option name="accept_established">true</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">True</Option>
           <Option name="debug">False</Option>
           <Option name="eliminate_duplicates">true</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc</Option>
           <Option name="firewall_is_part_of_any_and_networks">true</Option>
@@ -7177,11 +7172,11 @@
           <Option name="loopback_interface">lo0</Option>
           <Option name="macosx_ip_forward">1</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="modulate_state">True</Option>
           <Option name="openbsd_ip_forward">1</Option>
-          <Option name="output_file"></Option>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -7194,7 +7189,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -7245,11 +7240,11 @@
           <Option name="pix_security_fragguard_supported">true</Option>
           <Option name="pix_syslog_device_id_supported">false</Option>
           <Option name="pix_use_acl_remarks">true</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="prompt1">$ </Option>
           <Option name="prompt2"> # </Option>
           <Option name="solaris_ip_forward">1</Option>
-          <Option name="sshArgs"></Option>
+          <Option name="sshArgs"/>
           <Option name="ulog_nlgroup">1</Option>
           <Option name="verify_interfaces">true</Option>
         </FirewallOptions>
@@ -7453,16 +7448,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -7488,16 +7483,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">True</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -7544,29 +7539,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">False</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -7578,7 +7573,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -7587,9 +7582,9 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -7608,7 +7603,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">0</Option>
           <Option name="pf_limit_tables">0</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -7649,13 +7644,13 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -7745,16 +7740,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -7780,16 +7775,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">True</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -7836,29 +7831,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">False</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -7870,7 +7865,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -7879,9 +7874,9 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -7900,7 +7895,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">0</Option>
           <Option name="pf_limit_tables">0</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -7941,13 +7936,13 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -8037,16 +8032,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8072,16 +8067,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">True</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8128,29 +8123,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -8162,7 +8157,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -8171,9 +8166,9 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -8192,7 +8187,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">0</Option>
           <Option name="pf_limit_tables">0</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -8233,13 +8228,13 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -8329,16 +8324,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8364,16 +8359,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">True</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8420,29 +8415,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -8454,7 +8449,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -8463,9 +8458,9 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -8484,7 +8479,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">0</Option>
           <Option name="pf_limit_tables">0</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -8525,13 +8520,13 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -8600,16 +8595,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">True</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8656,16 +8651,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8691,16 +8686,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">True</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8747,29 +8742,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">False</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">False</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -8781,7 +8776,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -8790,9 +8785,9 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">True</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -8811,7 +8806,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">0</Option>
           <Option name="pf_limit_tables">0</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -8852,13 +8847,13 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -8948,16 +8943,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -8983,16 +8978,16 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_keep_state">True</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9039,29 +9034,29 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP net unreachable</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
-          <Option name="firewall_dir"></Option>
+          <Option name="firewall_dir"/>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">False</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -9073,7 +9068,7 @@
           <Option name="log_level">debug</Option>
           <Option name="log_limit_suffix">/second</Option>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">True</Option>
@@ -9082,9 +9077,9 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">True</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -9103,7 +9098,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">0</Option>
           <Option name="pf_limit_tables">0</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -9144,13 +9139,13 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="proxy_arp">False</Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -9219,35 +9214,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#8BC065</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9257,7 +9252,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9278,35 +9273,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#8BC065</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9316,7 +9311,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9337,35 +9332,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#8BC065</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9375,7 +9370,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9396,35 +9391,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#7694C0</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9434,7 +9429,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9455,35 +9450,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#7694C0</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9493,7 +9488,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9514,35 +9509,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#7694C0</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9552,7 +9547,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">True</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9573,35 +9568,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#C0BA44</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9611,7 +9606,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9632,35 +9627,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#C0BA44</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9670,7 +9665,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9691,35 +9686,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#C0BA44</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9729,7 +9724,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9750,35 +9745,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#C86E6E</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9788,7 +9783,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9809,35 +9804,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#C86E6E</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9847,7 +9842,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9868,35 +9863,35 @@
               <IntervalRef ref="sysid2"/>
             </When>
             <PolicyRuleOptions>
-              <Option name="action_on_reject"></Option>
-              <Option name="branch_anchor_name"></Option>
-              <Option name="branch_chain_name"></Option>
-              <Option name="classify_str"></Option>
+              <Option name="action_on_reject"/>
+              <Option name="branch_anchor_name"/>
+              <Option name="branch_chain_name"/>
+              <Option name="classify_str"/>
               <Option name="color">#C86E6E</Option>
-              <Option name="custom_str"></Option>
-              <Option name="ipf_route_opt_addr"></Option>
-              <Option name="ipf_route_opt_if"></Option>
+              <Option name="custom_str"/>
+              <Option name="ipf_route_opt_addr"/>
+              <Option name="ipf_route_opt_if"/>
               <Option name="ipf_route_option">route_through</Option>
               <Option name="ipfw_classify_method">2</Option>
               <Option name="ipfw_pipe_port_num">0</Option>
               <Option name="ipfw_pipe_queue_num">0</Option>
               <Option name="ipt_continue">False</Option>
-              <Option name="ipt_gw"></Option>
-              <Option name="ipt_iif"></Option>
+              <Option name="ipt_gw"/>
+              <Option name="ipt_iif"/>
               <Option name="ipt_mark_connections">False</Option>
-              <Option name="ipt_oif"></Option>
+              <Option name="ipt_oif"/>
               <Option name="ipt_tee">False</Option>
-              <Option name="log_prefix"></Option>
+              <Option name="log_prefix"/>
               <Option name="pf_fastroute">False</Option>
               <Option name="pf_keep_state">False</Option>
               <Option name="pf_max_src_conn">0</Option>
               <Option name="pf_max_src_conn_flush">False</Option>
               <Option name="pf_max_src_conn_global">False</Option>
-              <Option name="pf_max_src_conn_overload_table"></Option>
+              <Option name="pf_max_src_conn_overload_table"/>
               <Option name="pf_max_src_conn_rate_flush">False</Option>
               <Option name="pf_max_src_conn_rate_global">False</Option>
               <Option name="pf_max_src_conn_rate_num">0</Option>
-              <Option name="pf_max_src_conn_rate_overload_table"></Option>
+              <Option name="pf_max_src_conn_rate_overload_table"/>
               <Option name="pf_max_src_conn_rate_seconds">0</Option>
               <Option name="pf_max_src_nodes">0</Option>
               <Option name="pf_max_src_states">0</Option>
@@ -9906,7 +9901,7 @@
               <Option name="pf_route_option">route_through</Option>
               <Option name="pf_rule_max_state">0</Option>
               <Option name="pf_source_tracking">False</Option>
-              <Option name="rule_name_accounting"></Option>
+              <Option name="rule_name_accounting"/>
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
@@ -9932,16 +9927,16 @@
         <FirewallOptions>
           <Option name="accept_established">true</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
-          <Option name="activationCmd"></Option>
-          <Option name="admUser"></Option>
-          <Option name="altAddress"></Option>
+          <Option name="activationCmd"/>
+          <Option name="admUser"/>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">True</Option>
           <Option name="debug">False</Option>
           <Option name="eliminate_duplicates">true</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc</Option>
           <Option name="firewall_is_part_of_any_and_networks">true</Option>
@@ -9957,11 +9952,11 @@
           <Option name="loopback_interface">lo0</Option>
           <Option name="macosx_ip_forward">1</Option>
           <Option name="manage_virtual_addr">True</Option>
-          <Option name="mgmt_addr"></Option>
+          <Option name="mgmt_addr"/>
           <Option name="mgmt_ssh">False</Option>
           <Option name="modulate_state">True</Option>
           <Option name="openbsd_ip_forward">1</Option>
-          <Option name="output_file"></Option>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -9974,7 +9969,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -10025,11 +10020,11 @@
           <Option name="pix_security_fragguard_supported">true</Option>
           <Option name="pix_syslog_device_id_supported">false</Option>
           <Option name="pix_use_acl_remarks">true</Option>
-          <Option name="prolog_script"></Option>
+          <Option name="prolog_script"/>
           <Option name="prompt1">$ </Option>
           <Option name="prompt2"> # </Option>
           <Option name="solaris_ip_forward">1</Option>
-          <Option name="sshArgs"></Option>
+          <Option name="sshArgs"/>
           <Option name="ulog_nlgroup">1</Option>
           <Option name="verify_interfaces">true</Option>
         </FirewallOptions>
@@ -10051,14 +10046,9 @@
         <ObjectGroup id="id40E233F9" name="Address Ranges"/>
       </ObjectGroup>
       <ServiceGroup id="id40E233FA" name="Services">
-        <ServiceGroup id="id40E233FA_og_tag_1" name="TagServices"/>
-        <ServiceGroup id="id40E233FB" name="Groups"/>
-        <ServiceGroup id="id40E233FC" name="ICMP"/>
-        <ServiceGroup id="id40E233FD" name="IP"/>
-        <ServiceGroup id="id40E233FE" name="TCP"/>
-        <ServiceGroup id="id40E233FF" name="UDP"/>
-        <ServiceGroup id="id40E23400" name="Custom"/>
-      </ServiceGroup>
+      <ServiceGroup id="id40E233FA_og_tag_1" name="TagServices"/><ServiceGroup id="id40E233FB" name="Groups"/><ServiceGroup id="id40E233FC" name="ICMP"/><ServiceGroup id="id40E233FD" name="IP"/><ServiceGroup id="id40E233FE" name="TCP"/><ServiceGroup id="id40E233FF" name="UDP"/><ServiceGroup id="id40E23400" name="Custom"/>
+      <ServiceGroup id="id40E233FA_userservices" name="User"/>
+    </ServiceGroup>
       <ObjectGroup id="id40E23401" name="Firewalls"/>
       <IntervalGroup id="id40E23402" name="Time"/>
     </Library>
@@ -10077,14 +10067,9 @@
         <ObjectGroup id="id40D07E80" name="Address Ranges"/>
       </ObjectGroup>
       <ServiceGroup id="id40D07E81" name="Services">
-        <ServiceGroup id="id40D07E81_og_tag_1" name="TagServices"/>
-        <ServiceGroup id="id40D07E82" name="Groups"/>
-        <ServiceGroup id="id40D07E83" name="ICMP"/>
-        <ServiceGroup id="id40D07E84" name="IP"/>
-        <ServiceGroup id="id40D07E85" name="TCP"/>
-        <ServiceGroup id="id40D07E86" name="UDP"/>
-        <ServiceGroup id="id40D07E87" name="Custom"/>
-      </ServiceGroup>
+      <ServiceGroup id="id40D07E81_og_tag_1" name="TagServices"/><ServiceGroup id="id40D07E82" name="Groups"/><ServiceGroup id="id40D07E83" name="ICMP"/><ServiceGroup id="id40D07E84" name="IP"/><ServiceGroup id="id40D07E85" name="TCP"/><ServiceGroup id="id40D07E86" name="UDP"/><ServiceGroup id="id40D07E87" name="Custom"/>
+      <ServiceGroup id="id40D07E81_userservices" name="User"/>
+    </ServiceGroup>
       <ObjectGroup id="id40D07E88" name="Firewalls"/>
       <IntervalGroup id="id40D07E89" name="Time"/>
     </Library>
@@ -10111,14 +10096,9 @@
         <ObjectGroup id="id44EC14038791" name="Address Ranges"/>
       </ObjectGroup>
       <ServiceGroup id="id44EC14048791" name="Services">
-        <ServiceGroup id="id44EC14058791" name="Groups"/>
-        <ServiceGroup id="id44EC14068791" name="ICMP"/>
-        <ServiceGroup id="id44EC14078791" name="IP"/>
-        <ServiceGroup id="id44EC14088791" name="TCP"/>
-        <ServiceGroup id="id44EC14098791" name="UDP"/>
-        <ServiceGroup id="id44EC140A8791" name="Custom"/>
-        <ServiceGroup id="id44EC140B8791" name="TagServices"/>
-      </ServiceGroup>
+      <ServiceGroup id="id44EC14058791" name="Groups"/><ServiceGroup id="id44EC14068791" name="ICMP"/><ServiceGroup id="id44EC14078791" name="IP"/><ServiceGroup id="id44EC14088791" name="TCP"/><ServiceGroup id="id44EC14098791" name="UDP"/><ServiceGroup id="id44EC140A8791" name="Custom"/><ServiceGroup id="id44EC140B8791" name="TagServices"/>
+      <ServiceGroup id="id44EC14048791_userservices" name="User"/>
+    </ServiceGroup>
       <ObjectGroup id="id44EC140C8791" name="Firewalls"/>
       <IntervalGroup id="id44EC140D8791" name="Time"/>
     </Library>
@@ -10145,13 +10125,8 @@
       <ObjectGroup id="id4386458B18448" name="DNS Names"/>
     </ObjectGroup>
     <ServiceGroup id="id415276CF" name="Services">
-      <ServiceGroup id="id415276CF_og_tag_1" name="TagServices"/>
-      <ServiceGroup id="id415276D0" name="Groups"/>
-      <ServiceGroup id="id415276D1" name="ICMP"/>
-      <ServiceGroup id="id415276D2" name="IP"/>
-      <ServiceGroup id="id415276D3" name="TCP"/>
-      <ServiceGroup id="id415276D4" name="UDP"/>
-      <ServiceGroup id="id415276D5" name="Custom"/>
+      <ServiceGroup id="id415276CF_og_tag_1" name="TagServices"/><ServiceGroup id="id415276D0" name="Groups"/><ServiceGroup id="id415276D1" name="ICMP"/><ServiceGroup id="id415276D2" name="IP"/><ServiceGroup id="id415276D3" name="TCP"/><ServiceGroup id="id415276D4" name="UDP"/><ServiceGroup id="id415276D5" name="Custom"/>
+      <ServiceGroup id="id415276CF_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="id415276D6" name="Firewalls">
       <Firewall comment="firewall protects host it is running on&#10;&#10;Note that we set output file name to  /tmp/labfw.fw to test what compiler is going to do (since it generates three files rather than one), as well as to test installer in this case&#10;" host_OS="openbsd" id="id3AF5A2BA" inactive="False" lastCompiled="1172032243" lastInstalled="1172032344" lastModified="1172032234" name="labfw-openbsd" platform="pf" ro="False" version="">
@@ -10410,26 +10385,26 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP host prohibited</Option>
-          <Option name="activationCmd"></Option>
+          <Option name="activationCmd"/>
           <Option name="admUser">root</Option>
           <Option name="altAddress">labfw</Option>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc/fw</Option>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -10439,9 +10414,9 @@
           <Option name="log_all_dropped">False</Option>
           <Option name="log_ip_opt">False</Option>
           <Option name="log_level">debug</Option>
-          <Option name="log_limit_suffix"></Option>
+          <Option name="log_limit_suffix"/>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">False</Option>
@@ -10450,13 +10425,13 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_ip_directed_broadcast"></Option>
+          <Option name="openbsd_ip_directed_broadcast"/>
           <Option name="openbsd_ip_forward">1</Option>
-          <Option name="openbsd_ip_redirect"></Option>
-          <Option name="openbsd_ip_sourceroute"></Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_ip_redirect"/>
+          <Option name="openbsd_ip_sourceroute"/>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -10469,7 +10444,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -10510,12 +10485,12 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="prolog_script"/>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -10702,33 +10677,33 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP host prohibited</Option>
-          <Option name="activationCmd"></Option>
+          <Option name="activationCmd"/>
           <Option name="admUser">root</Option>
           <Option name="altAddress">10.3.14.121</Option>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">False</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc/fw</Option>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="freebsd_ip_forward">1</Option>
-          <Option name="freebsd_ip_redirect"></Option>
-          <Option name="freebsd_ip_sourceroute"></Option>
-          <Option name="freebsd_path_ipf"></Option>
-          <Option name="freebsd_path_ipfw"></Option>
-          <Option name="freebsd_path_ipnat"></Option>
-          <Option name="freebsd_path_sysctl"></Option>
+          <Option name="freebsd_ip_redirect"/>
+          <Option name="freebsd_ip_sourceroute"/>
+          <Option name="freebsd_path_ipf"/>
+          <Option name="freebsd_path_ipfw"/>
+          <Option name="freebsd_path_ipnat"/>
+          <Option name="freebsd_path_sysctl"/>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -10738,9 +10713,9 @@
           <Option name="log_all_dropped">False</Option>
           <Option name="log_ip_opt">False</Option>
           <Option name="log_level">debug</Option>
-          <Option name="log_limit_suffix"></Option>
+          <Option name="log_limit_suffix"/>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">False</Option>
@@ -10749,13 +10724,13 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_ip_directed_broadcast"></Option>
+          <Option name="openbsd_ip_directed_broadcast"/>
           <Option name="openbsd_ip_forward">1</Option>
-          <Option name="openbsd_ip_redirect"></Option>
-          <Option name="openbsd_ip_sourceroute"></Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_ip_redirect"/>
+          <Option name="openbsd_ip_sourceroute"/>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -10768,7 +10743,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -10808,12 +10783,12 @@
           <Option name="pf_udp_multiple">0</Option>
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
-          <Option name="prolog_script"></Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="prolog_script"/>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -11004,26 +10979,26 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP host prohibited</Option>
-          <Option name="activationCmd"></Option>
+          <Option name="activationCmd"/>
           <Option name="admUser">root</Option>
-          <Option name="altAddress"></Option>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">True</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc/fw</Option>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -11033,9 +11008,9 @@
           <Option name="log_all_dropped">False</Option>
           <Option name="log_ip_opt">False</Option>
           <Option name="log_level">debug</Option>
-          <Option name="log_limit_suffix"></Option>
+          <Option name="log_limit_suffix"/>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">False</Option>
@@ -11044,13 +11019,13 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_ip_directed_broadcast"></Option>
+          <Option name="openbsd_ip_directed_broadcast"/>
           <Option name="openbsd_ip_forward">1</Option>
-          <Option name="openbsd_ip_redirect"></Option>
-          <Option name="openbsd_ip_sourceroute"></Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_ip_redirect"/>
+          <Option name="openbsd_ip_sourceroute"/>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -11063,7 +11038,7 @@
           <Option name="pf_icmp_first">0</Option>
           <Option name="pf_limit_frags">5000</Option>
           <Option name="pf_limit_states">10000</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -11104,12 +11079,12 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="prolog_script"/>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -11300,26 +11275,26 @@
           <Option name="accept_established">True</Option>
           <Option name="accept_new_tcp_with_no_syn">True</Option>
           <Option name="action_on_reject">ICMP host prohibited</Option>
-          <Option name="activationCmd"></Option>
+          <Option name="activationCmd"/>
           <Option name="admUser">root</Option>
-          <Option name="altAddress"></Option>
+          <Option name="altAddress"/>
           <Option name="check_shading">True</Option>
           <Option name="clamp_mss_to_mtu">False</Option>
-          <Option name="cmdline"></Option>
-          <Option name="compiler"></Option>
+          <Option name="cmdline"/>
+          <Option name="compiler"/>
           <Option name="configure_interfaces">False</Option>
           <Option name="debug">True</Option>
           <Option name="dyn_addr">False</Option>
-          <Option name="epilog_script"></Option>
+          <Option name="epilog_script"/>
           <Option name="fallback_log">False</Option>
           <Option name="firewall_dir">/etc/fw</Option>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
-          <Option name="inst_cmdline"></Option>
-          <Option name="inst_script"></Option>
-          <Option name="install_script"></Option>
+          <Option name="inst_cmdline"/>
+          <Option name="inst_script"/>
+          <Option name="install_script"/>
           <Option name="limit_suffix">/day</Option>
           <Option name="limit_value">0</Option>
           <Option name="linux24_ip_forward">0</Option>
@@ -11329,9 +11304,9 @@
           <Option name="log_all_dropped">False</Option>
           <Option name="log_ip_opt">False</Option>
           <Option name="log_level">debug</Option>
-          <Option name="log_limit_suffix"></Option>
+          <Option name="log_limit_suffix"/>
           <Option name="log_limit_value">0</Option>
-          <Option name="log_prefix"></Option>
+          <Option name="log_prefix"/>
           <Option name="log_tcp_opt">False</Option>
           <Option name="log_tcp_seq">False</Option>
           <Option name="manage_virtual_addr">False</Option>
@@ -11340,13 +11315,13 @@
           <Option name="modulate_state">False</Option>
           <Option name="no_iochains_for_any">False</Option>
           <Option name="no_optimisation">False</Option>
-          <Option name="openbsd_ip_directed_broadcast"></Option>
+          <Option name="openbsd_ip_directed_broadcast"/>
           <Option name="openbsd_ip_forward">1</Option>
-          <Option name="openbsd_ip_redirect"></Option>
-          <Option name="openbsd_ip_sourceroute"></Option>
-          <Option name="openbsd_path_pfctl"></Option>
-          <Option name="openbsd_path_sysctl"></Option>
-          <Option name="output_file"></Option>
+          <Option name="openbsd_ip_redirect"/>
+          <Option name="openbsd_ip_sourceroute"/>
+          <Option name="openbsd_path_pfctl"/>
+          <Option name="openbsd_path_sysctl"/>
+          <Option name="output_file"/>
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">0</Option>
           <Option name="pf_adaptive_start">0</Option>
@@ -11365,7 +11340,7 @@
           <Option name="pf_limit_states">10000</Option>
           <Option name="pf_limit_table_entries">0</Option>
           <Option name="pf_limit_tables">0</Option>
-          <Option name="pf_optimization"></Option>
+          <Option name="pf_optimization"/>
           <Option name="pf_other_first">0</Option>
           <Option name="pf_other_multiple">0</Option>
           <Option name="pf_other_single">0</Option>
@@ -11406,12 +11381,12 @@
           <Option name="pf_udp_single">0</Option>
           <Option name="platform">iptables</Option>
           <Option name="prolog_place">fw_file</Option>
-          <Option name="prolog_script"></Option>
-          <Option name="script_env_path"></Option>
-          <Option name="snmp_contact"></Option>
-          <Option name="snmp_description"></Option>
-          <Option name="snmp_location"></Option>
-          <Option name="sshArgs"></Option>
+          <Option name="prolog_script"/>
+          <Option name="script_env_path"/>
+          <Option name="snmp_contact"/>
+          <Option name="snmp_description"/>
+          <Option name="snmp_location"/>
+          <Option name="sshArgs"/>
           <Option name="use_ip_tool">False</Option>
           <Option name="use_numeric_log_levels">False</Option>
           <Option name="use_tables">True</Option>
@@ -11431,13 +11406,8 @@
       <ObjectGroup id="id4387B43F18346" name="Address Ranges"/>
     </ObjectGroup>
     <ServiceGroup id="id4387B44018346" name="Services">
-      <ServiceGroup id="id4387B44018346_og_tag_1" name="TagServices"/>
-      <ServiceGroup id="id4387B44118346" name="Groups"/>
-      <ServiceGroup id="id4387B44218346" name="ICMP"/>
-      <ServiceGroup id="id4387B44318346" name="IP"/>
-      <ServiceGroup id="id4387B44418346" name="TCP"/>
-      <ServiceGroup id="id4387B44518346" name="UDP"/>
-      <ServiceGroup id="id4387B44618346" name="Custom"/>
+      <ServiceGroup id="id4387B44018346_og_tag_1" name="TagServices"/><ServiceGroup id="id4387B44118346" name="Groups"/><ServiceGroup id="id4387B44218346" name="ICMP"/><ServiceGroup id="id4387B44318346" name="IP"/><ServiceGroup id="id4387B44418346" name="TCP"/><ServiceGroup id="id4387B44518346" name="UDP"/><ServiceGroup id="id4387B44618346" name="Custom"/>
+      <ServiceGroup id="id4387B44018346_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="id4387B44718346" name="Firewalls"/>
     <IntervalGroup id="id4387B44818346" name="Time"/>
@@ -11451,8 +11421,7 @@
         <IPService comment="All sorts of Source Routing Packets" fragm="False" id="ip-SRR" lsrr="True" name="SRR" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False"/>
         <IPService comment="Generic Routing Encapsulation&#10;" fragm="False" id="id3D703C8F" lsrr="False" name="GRE" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False"/>
         <IPService comment="IPSEC Authentication Header Protocol" fragm="False" id="id3CB12797" lsrr="False" name="AH" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid09" name="TCP">
+      </ServiceGroup><ServiceGroup id="stdid09" name="TCP">
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="113" dst_range_start="113" fin_flag="False" fin_flag_mask="False" id="tcp-Auth" name="auth" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="53" dst_range_start="53" fin_flag="False" fin_flag_mask="False" id="tcp-DNS_zone_transf" name="dns-tcp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="21" dst_range_start="21" fin_flag="False" fin_flag_mask="False" id="tcp-FTP" name="ftp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
@@ -11490,13 +11459,11 @@
         <TCPService ack_flag="False" ack_flag_mask="False" comment="FTP data channel.&#10;  Note: FTP protocol does not really require server to use source port 20 for the data channel, &#10;  but many ftp server implementations do so." dst_range_end="65535" dst_range_start="1024" fin_flag="False" fin_flag_mask="False" id="tcp-FTP_data" name="ftp data" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="20" src_range_start="20" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="3128" dst_range_start="3128" fin_flag="False" fin_flag_mask="False" id="id3B4FF09A" name="squid" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="0" dst_range_start="0" fin_flag="False" fin_flag_mask="False" id="tcp-All_TCP" name="All TCP" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid08" name="UDP">
+      </ServiceGroup><ServiceGroup id="stdid08" name="UDP">
         <UDPService comment="" dst_range_end="53" dst_range_start="53" id="udp-DNS" name="domain" src_range_end="0" src_range_start="0"/>
         <UDPService comment="" dst_range_end="0" dst_range_start="0" id="udp-All_UDP" name="All UDP" src_range_end="0" src_range_start="0"/>
         <UDPService comment="" dst_range_end="68" dst_range_start="68" id="udp-bootpc" name="bootpc" src_range_end="0" src_range_start="0"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid10" name="Groups">
+      </ServiceGroup><ServiceGroup id="stdid10" name="Groups">
         <ServiceGroup comment="" id="sg-Useful_ICMP" name="Useful_ICMP">
           <ServiceRef ref="icmp-Time_exceeded"/>
           <ServiceRef ref="icmp-Time_exceeded_in_transit"/>
@@ -11507,8 +11474,7 @@
           <ServiceRef ref="id3CB12797"/>
           <ServiceRef ref="ip-IPSEC"/>
         </ServiceGroup>
-      </ServiceGroup>
-      <ServiceGroup id="stdid07" name="ICMP">
+      </ServiceGroup><ServiceGroup id="stdid07" name="ICMP">
         <ICMPService code="0" comment="" id="icmp-ping_request" name="ping request" type="8"/>
         <ICMPService code="-1" comment="" id="icmp-Unreachables" name="all ICMP unreachables" type="3"/>
         <ICMPService code="-1" comment="" id="id3C20EEB5" name="any ICMP" type="-1"/>
@@ -11516,6 +11482,7 @@
         <ICMPService code="1" comment="" id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" type="11"/>
         <ICMPService code="0" comment="" id="icmp-ping_reply" name="ping reply" type="0"/>
       </ServiceGroup>
+      <ServiceGroup id="stdid05_userservices" name="User"/>
     </ServiceGroup>
     <AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyInterval comment="Any Interval" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" id="sysid2" name="Any" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
diff --git a/test/pf/run.all b/test/pf/run.all
index 670f8606e..9c372c813 100755
--- a/test/pf/run.all
+++ b/test/pf/run.all
@@ -8,6 +8,8 @@ while (<>) {
   while ( $str=~ /<Firewall / ) {
     $str=~ /<Firewall [^>]+name="([^"]*).*$"/;
     $fw=$1;
+    printf "\n";
+    printf "echo '********* $fw'\n";
     printf "fwb_pf -v -f $XMLFILE $fw\n";
     $str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//;
   }