diff --git a/VERSION b/VERSION
index 035149dd8..539c28e1c 100644
--- a/VERSION
+++ b/VERSION
@@ -7,13 +7,13 @@ FWB_MICRO_VERSION=0
 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3477"
+BUILD_NUM="3477a"
 
 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"
 
 GENERATION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION"
 
 # Data format version
-FWBUILDER_XML_VERSION=17
+FWBUILDER_XML_VERSION=18
 
 
diff --git a/VERSION.h b/VERSION.h
index d902075eb..1a56d760e 100644
--- a/VERSION.h
+++ b/VERSION.h
@@ -1,2 +1,2 @@
-#define VERSION      "4.2.0.3477"
+#define VERSION      "4.2.0.3477a"
 #define GENERATION   "4.2"
diff --git a/doc/ChangeLog b/doc/ChangeLog
index d998a7d4f..cf6fd7043 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -9,6 +9,12 @@
 	Terminating rules generate "pass quick" commands, while
 	non-terminating rules generate "pass" commands (no "quick" option).
 
+	* libfwbuilder/migration/FWObjectDatabase_17.xslt: see #133
+	Working on adding interfaces to the NAT rule model. There will be
+	two inetrfaces per NAT rule: "inbound interface" and "outbound
+	interface". DTD version changes to "18", old data files need to
+	be upgraded.
+
 2011-02-14  vadim  <vadim@netcitadel.com>
 
 	* OSConfigurator_bsd_interfaces.cpp (configureInterfaces): fixes
diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec
index b468bce59..ba15f0680 100644
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@@ -3,7 +3,7 @@
 
 
 %define name    fwbuilder
-%define version 4.2.0.3477
+%define version 4.2.0.3477a
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control
index 74786ed98..72c7728cd 100644
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
 Priority: extra
 Section: checkinstall
 Maintainer: vadim@fwbuilder.org
-Version: 4.2.0.3477-1
+Version: 4.2.0.3477a-1
 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
 Description: Firewall Builder GUI and policy compilers
diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec
index 9614221b6..0c0d17e26 100644
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@@ -1,6 +1,6 @@
 
 %define name    fwbuilder
-%define version 4.2.0.3477
+%define version 4.2.0.3477a
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/src/libfwbuilder/etc/fwbuilder.dtd b/src/libfwbuilder/etc/fwbuilder.dtd
index eba3858b0..97bcff7b0 100644
--- a/src/libfwbuilder/etc/fwbuilder.dtd
+++ b/src/libfwbuilder/etc/fwbuilder.dtd
@@ -2,13 +2,8 @@
 <!--
      Firewall Builder Document Type Definition
      http://www.fwbuilder.org/
-     Version: $Revision: 1023 $
      Authors:  Friedhelm Duesterhoeft, Vadim Zaliva, Vadim Kurland, Tidei Maurizio
 
-TODO:
-
-1. Allow groups of unrelated objects.
-
 -->
 
 <!ENTITY % BOOLEAN   "(False|True)">
@@ -84,7 +79,7 @@ TODO:
 <!ELEMENT FWObjectDatabase (Library*)>
 <!ATTLIST FWObjectDatabase
  xmlns        CDATA     #FIXED "http://www.fwbuilder.org/1.0/"
- version      %STRING;  #FIXED "17"
+ version      %STRING;  #FIXED "18"
  lastModified %NUMBER;  #IMPLIED
  id           ID        #REQUIRED
 >
@@ -188,7 +183,7 @@ own compiler) we do not define content model for this element.
       **** Document structure, rest ****
 -->
 
-<!ELEMENT NATRule (OSrc,ODst,OSrv,TSrc,TDst,TSrv,When?, NATRuleOptions?)>
+<!ELEMENT NATRule (OSrc,ODst,OSrv,TSrc,TDst,TSrv,ItfInb,ItfOutb,When?, NATRuleOptions?)>
 <!ATTLIST NATRule
  id      ID       #REQUIRED
  action    %NAT_ACTION; #REQUIRED
@@ -292,6 +287,16 @@ own compiler) we do not define content model for this element.
  neg %BOOLEAN; #REQUIRED
 >
 
+<!ELEMENT ItfInb (ObjectRef*)>
+<!ATTLIST ItfInb
+ neg %BOOLEAN; #REQUIRED
+>
+
+<!ELEMENT ItfOutb (ObjectRef*)>
+<!ATTLIST ItfOutb
+ neg %BOOLEAN; #REQUIRED
+>
+
 
 <!--
    hardware or physical address (MAC, DLCI etc.)
diff --git a/src/libfwbuilder/etc/fwbuilder.dtd.in b/src/libfwbuilder/etc/fwbuilder.dtd.in
index a58f9ad55..4041567df 100644
--- a/src/libfwbuilder/etc/fwbuilder.dtd.in
+++ b/src/libfwbuilder/etc/fwbuilder.dtd.in
@@ -2,13 +2,8 @@
 <!--
      Firewall Builder Document Type Definition
      http://www.fwbuilder.org/
-     Version: $Revision: 1023 $
      Authors:  Friedhelm Duesterhoeft, Vadim Zaliva, Vadim Kurland, Tidei Maurizio
 
-TODO:
-
-1. Allow groups of unrelated objects.
-
 -->
 
 <!ENTITY % BOOLEAN   "(False|True)">
@@ -188,7 +183,7 @@ own compiler) we do not define content model for this element.
       **** Document structure, rest ****
 -->
 
-<!ELEMENT NATRule (OSrc,ODst,OSrv,TSrc,TDst,TSrv,When?, NATRuleOptions?)>
+<!ELEMENT NATRule (OSrc,ODst,OSrv,TSrc,TDst,TSrv,ItfInb,ItfOutb,When?, NATRuleOptions?)>
 <!ATTLIST NATRule
  id      ID       #REQUIRED
  action    %NAT_ACTION; #REQUIRED
@@ -292,6 +287,16 @@ own compiler) we do not define content model for this element.
  neg %BOOLEAN; #REQUIRED
 >
 
+<!ELEMENT ItfInb (ObjectRef*)>
+<!ATTLIST ItfInb
+ neg %BOOLEAN; #REQUIRED
+>
+
+<!ELEMENT ItfOutb (ObjectRef*)>
+<!ATTLIST ItfOutb
+ neg %BOOLEAN; #REQUIRED
+>
+
 
 <!--
    hardware or physical address (MAC, DLCI etc.)
diff --git a/src/libfwbuilder/migration/FWObjectDatabase_17.xslt b/src/libfwbuilder/migration/FWObjectDatabase_17.xslt
new file mode 100644
index 000000000..d73f28f6d
--- /dev/null
+++ b/src/libfwbuilder/migration/FWObjectDatabase_17.xslt
@@ -0,0 +1,84 @@
+<!--
+   FWObjectDatabase_17.xslt 2011-02-15 
+   Author:       Vadim Kurland
+   Description:  translates fwbuilder object database from v17 to 18
+                 Adds NAT rule elements ItfInb and ItfOutb
+                 
+-->
+
+<xsl:stylesheet version="1.0"
+    xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+    xmlns:fwb="http://www.fwbuilder.org/1.0/"
+    exclude-result-prefixes="fwb">
+
+
+<xsl:output method="xml" version="1.0" 
+   doctype-system="fwbuilder.dtd" indent="yes" encoding="utf-8"/>
+
+<xsl:template match="*" mode="copy">
+  <xsl:copy>
+    <xsl:copy-of select="@*"/>
+    <xsl:apply-templates mode="copy"/>
+  </xsl:copy>
+</xsl:template>
+
+<xsl:template match="//fwb:NATRule" mode="copy">
+  <xsl:element name="NATRule" namespace="http://www.fwbuilder.org/1.0/">
+    <xsl:copy-of select="@*"/> 
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:OSrc" mode="copy"/>
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:ODst" mode="copy"/>
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:OSrv" mode="copy"/>
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:TSrc" mode="copy"/>
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:TDst" mode="copy"/>
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:TSrv" mode="copy"/>
+    <xsl:text>
+            </xsl:text>
+    <xsl:element name="ItfInb" namespace="http://www.fwbuilder.org/1.0/">
+      <xsl:attribute name="neg">False</xsl:attribute>
+      <xsl:element name="ObjectRef" namespace="http://www.fwbuilder.org/1.0/">
+        <xsl:attribute name="ref">sysid0</xsl:attribute>
+      </xsl:element>
+    </xsl:element>
+    <xsl:text>
+            </xsl:text>
+    <xsl:element name="ItfOutb" namespace="http://www.fwbuilder.org/1.0/">
+      <xsl:attribute name="neg">False</xsl:attribute>
+      <xsl:element name="ObjectRef" namespace="http://www.fwbuilder.org/1.0/">
+        <xsl:attribute name="ref">sysid0</xsl:attribute>
+      </xsl:element>
+    </xsl:element>
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:When" mode="copy"/>
+    <xsl:text>
+            </xsl:text>
+    <xsl:apply-templates select="fwb:NATRuleOptions" mode="copy"/>
+    <xsl:text>
+          </xsl:text>
+  </xsl:element>
+</xsl:template>
+
+<xsl:template match="*[attribute::id='root']">
+  <FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/">
+    <xsl:attribute name="version">18</xsl:attribute>
+    <xsl:attribute name="lastModified"><xsl:value-of select="@lastModified"/></xsl:attribute>
+    <xsl:attribute name="id">root</xsl:attribute>
+    <xsl:apply-templates select="*" mode="copy"/>
+  </FWObjectDatabase>
+</xsl:template>
+
+</xsl:stylesheet>
+
+
diff --git a/src/libfwbuilder/migration/migration.pro b/src/libfwbuilder/migration/migration.pro
index 3ce263faf..cb317f0f5 100644
--- a/src/libfwbuilder/migration/migration.pro
+++ b/src/libfwbuilder/migration/migration.pro
@@ -91,5 +91,6 @@ target.files  = FWObjectDatabase_0.8.7.xslt \
                 FWObjectDatabase_14.xslt \
                 FWObjectDatabase_15.xslt \
                 FWObjectDatabase_16.xslt \
+                FWObjectDatabase_17.xslt \
 
 
diff --git a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.h b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.h
index e4e9eaa5f..ea8ff63b5 100644
--- a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.h
+++ b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase.h
@@ -97,6 +97,8 @@ namespace libfwbuilder
     class RuleElementDst;
     class RuleElementInterval;
     class RuleElementItf;
+    class RuleElementItfInb;
+    class RuleElementItfOutb;
     class RuleElementODst;
     class RuleElementOSrc;
     class RuleElementOSrv;
@@ -162,6 +164,8 @@ namespace libfwbuilder
     DECLARE_CREATE_OBJ_METHOD(RuleElementDst);
     DECLARE_CREATE_OBJ_METHOD(RuleElementInterval);
     DECLARE_CREATE_OBJ_METHOD(RuleElementItf);
+    DECLARE_CREATE_OBJ_METHOD(RuleElementItfInb);
+    DECLARE_CREATE_OBJ_METHOD(RuleElementItfOutb);
     DECLARE_CREATE_OBJ_METHOD(RuleElementODst);
     DECLARE_CREATE_OBJ_METHOD(RuleElementOSrc);
     DECLARE_CREATE_OBJ_METHOD(RuleElementOSrv);
@@ -511,6 +515,8 @@ public:
     DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementDst);
     DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementInterval);
     DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementItf);
+    DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementItfInb);
+    DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementItfOutb);
     DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementODst);
     DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementOSrc);
     DECLARE_CREATE_OBJ_CLASS_METHOD(RuleElementOSrv);
diff --git a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_create_object.cpp b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_create_object.cpp
index 793e477b1..1000d8dea 100644
--- a/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_create_object.cpp
+++ b/src/libfwbuilder/src/fwbuilder/FWObjectDatabase_create_object.cpp
@@ -212,6 +212,10 @@ void FWObjectDatabase::init_create_methods_table()
                            &create_RuleElementInterval);
         registerObjectType("Itf",
                            &create_RuleElementItf);
+        registerObjectType("ItfInb",
+                           &create_RuleElementItfInb);
+        registerObjectType("ItfOutb",
+                           &create_RuleElementItfOutb);
         registerObjectType("ODst",
                            &create_RuleElementODst);
         registerObjectType("OSrc",
@@ -368,6 +372,8 @@ CREATE_OBJ_METHOD(RoutingRuleOptions);
 CREATE_OBJ_METHOD(RuleElementDst);
 CREATE_OBJ_METHOD(RuleElementInterval);
 CREATE_OBJ_METHOD(RuleElementItf);
+CREATE_OBJ_METHOD(RuleElementItfInb);
+CREATE_OBJ_METHOD(RuleElementItfOutb);
 CREATE_OBJ_METHOD(RuleElementODst);
 CREATE_OBJ_METHOD(RuleElementOSrc);
 CREATE_OBJ_METHOD(RuleElementOSrv);
diff --git a/src/libfwbuilder/src/fwbuilder/Rule.cpp b/src/libfwbuilder/src/fwbuilder/Rule.cpp
index 478d37c99..f24d98203 100644
--- a/src/libfwbuilder/src/fwbuilder/Rule.cpp
+++ b/src/libfwbuilder/src/fwbuilder/Rule.cpp
@@ -577,6 +577,8 @@ NATRule::NATRule() : Rule()
     tsrc_re = NULL;
     tdst_re = NULL;
     tsrv_re = NULL;
+    itf_inb_re = NULL;
+    itf_outb_re = NULL;
     when_re = NULL;
 }
 
@@ -585,13 +587,29 @@ void NATRule::init(FWObjectDatabase *root)
     FWObject *re = getFirstByType(RuleElementOSrc::TYPENAME);
     if (re == NULL)
     {
-        re = root->createRuleElementOSrc();  assert(re!=NULL); add(re);
-        re = root->createRuleElementODst();  assert(re!=NULL); add(re);
-        re = root->createRuleElementOSrv();  assert(re!=NULL); add(re);
+        re = root->createRuleElementOSrc();  assert(re!=NULL);
+        add(re); osrc_re = RuleElementOSrc::cast(re);
+
+        re = root->createRuleElementODst();  assert(re!=NULL);
+        add(re); odst_re = RuleElementODst::cast(re);
+
+        re = root->createRuleElementOSrv();  assert(re!=NULL);
+        add(re); osrv_re = RuleElementOSrv::cast(re);
     
-        re = root->createRuleElementTSrc();  assert(re!=NULL); add(re);
-        re = root->createRuleElementTDst();  assert(re!=NULL); add(re);
-        re = root->createRuleElementTSrv();  assert(re!=NULL); add(re);
+        re = root->createRuleElementTSrc();  assert(re!=NULL);
+        add(re); tsrc_re = RuleElementTSrc::cast(re);
+
+        re = root->createRuleElementTDst();  assert(re!=NULL);
+        add(re); tdst_re = RuleElementTDst::cast(re);
+
+        re = root->createRuleElementTSrv();  assert(re!=NULL);
+        add(re); tsrv_re = RuleElementTSrv::cast(re);
+
+        re = root->createRuleElementItfInb();  assert(re!=NULL);
+        add(re); itf_inb_re = RuleElementItfInb::cast(re);
+
+        re = root->createRuleElementItfOutb();  assert(re!=NULL);
+        add(re); itf_outb_re = RuleElementItfOutb::cast(re);
 
         add( root->createNATRuleOptions() );
     }
@@ -677,6 +695,21 @@ RuleElementInterval* NATRule::getWhen()
     return when_re;
 }
 
+RuleElementItfInb* NATRule::getItfInb()
+{
+    if (itf_inb_re) return itf_inb_re;
+    itf_inb_re = RuleElementItfInb::cast(getFirstByType(RuleElementItfInb::TYPENAME));
+    return itf_inb_re;
+}
+
+RuleElementItfOutb* NATRule::getItfOutb()
+{
+    if (itf_outb_re) return itf_outb_re;
+    itf_outb_re = RuleElementItfOutb::cast(getFirstByType(RuleElementItfOutb::TYPENAME));
+    return itf_outb_re;
+}
+
+
 string NATRule::getActionAsString() const
 {
     return getActionAsString(action);
@@ -699,15 +732,20 @@ void NATRule::setAction(const string& act)
 
 bool NATRule::isEmpty()
 {
-    RuleElement *osrc=getOSrc();
-    RuleElement *odst=getODst();
-    RuleElement *osrv=getOSrv();
+    RuleElement *osrc = getOSrc();
+    RuleElement *odst = getODst();
+    RuleElement *osrv = getOSrv();
 
-    RuleElement *tsrc=getTSrc();
-    RuleElement *tdst=getTDst();
-    RuleElement *tsrv=getTSrv();
+    RuleElement *tsrc = getTSrc();
+    RuleElement *tdst = getTDst();
+    RuleElement *tsrv = getTSrv();
 
-    return (osrc->isAny() && odst->isAny() && osrv->isAny() && tsrc->isAny() && tdst->isAny() && tsrv->isAny());
+    RuleElement *itf_inb = getItfInb();
+    RuleElement *itf_outb = getItfOutb();
+
+    return (osrc->isAny() && odst->isAny() && osrv->isAny() &&
+            tsrc->isAny() && tdst->isAny() && tsrv->isAny() &&
+            itf_inb->isAny() && itf_outb->isAny());
 }
 
 void NATRule::fromXML(xmlNodePtr root) throw(FWException)
@@ -773,6 +811,12 @@ xmlNodePtr NATRule::toXML(xmlNodePtr parent) throw(FWException)
     if ( (o=getFirstByType( RuleElementTSrv::TYPENAME ))!=NULL )
 	o->toXML(me);
 
+    if ( (o=getFirstByType( RuleElementItfInb::TYPENAME ))!=NULL )
+	o->toXML(me);
+
+    if ( (o=getFirstByType( RuleElementItfOutb::TYPENAME ))!=NULL )
+	o->toXML(me);
+
     if ( (o=getFirstByType( RuleElementInterval::TYPENAME ))!=NULL )
 	o->toXML(me);
 
@@ -861,6 +905,8 @@ FWObject& NATRule::shallowDuplicate(const FWObject *x,
     tsrc_re = NULL;
     tdst_re = NULL;
     tsrv_re = NULL;
+    itf_inb_re = NULL;
+    itf_outb_re = NULL;
     when_re = NULL;
 
     return  Rule::shallowDuplicate(x, preserve_id);
diff --git a/src/libfwbuilder/src/fwbuilder/Rule.h b/src/libfwbuilder/src/fwbuilder/Rule.h
index 981419a31..71227a559 100644
--- a/src/libfwbuilder/src/fwbuilder/Rule.h
+++ b/src/libfwbuilder/src/fwbuilder/Rule.h
@@ -45,6 +45,8 @@ namespace libfwbuilder
     class RuleElementTSrc;
     class RuleElementTDst;
     class RuleElementTSrv;
+    class RuleElementItfInb;
+    class RuleElementItfOutb;
     class RuleElementInterval;
     class RuleElementRDst;
     class RuleElementRGtw;
@@ -338,6 +340,8 @@ private:
     libfwbuilder::RuleElementTSrc*      tsrc_re;
     libfwbuilder::RuleElementTDst*      tdst_re;
     libfwbuilder::RuleElementTSrv*      tsrv_re;
+    libfwbuilder::RuleElementItfInb*    itf_inb_re;
+    libfwbuilder::RuleElementItfOutb*   itf_outb_re;
     libfwbuilder::RuleElementInterval* when_re;
     NATAction action;
     NATRuleTypes  rule_type;
@@ -384,6 +388,8 @@ public:
     libfwbuilder::RuleElementTSrc* getTSrc();
     libfwbuilder::RuleElementTDst* getTDst();
     libfwbuilder::RuleElementTSrv* getTSrv();
+    libfwbuilder::RuleElementItfInb* getItfInb();
+    libfwbuilder::RuleElementItfOutb* getItfOutb();
     libfwbuilder::RuleElementInterval* getWhen();
 
     NATAction getAction() const { return action; }
diff --git a/src/libfwbuilder/src/fwbuilder/RuleElement.cpp b/src/libfwbuilder/src/fwbuilder/RuleElement.cpp
index d56e7c38f..22fd82021 100644
--- a/src/libfwbuilder/src/fwbuilder/RuleElement.cpp
+++ b/src/libfwbuilder/src/fwbuilder/RuleElement.cpp
@@ -2,13 +2,10 @@
 
                           Firewall Builder
 
-                 Copyright (C) 2000 NetCitadel, LLC
+                 Copyright (C) 2000-2011 NetCitadel, LLC
 
   Author:  Vadim Kurland     vadim@fwbuilder.org
 
-  $Id$
-
-
   This program is free software which we release under the GNU General Public
   License. You may redistribute and/or modify this program under the terms
   of that license as published by the Free Software Foundation; either
@@ -330,6 +327,12 @@ bool RuleElementItf::checkItfChildOfThisFw(FWObject *o)
     return (fw1 != NULL && fw1 == fw2);
 }
 
+const char *RuleElementItfInb::TYPENAME={"ItfInb"};
+RuleElementItfInb::RuleElementItfInb() {}
+
+const char *RuleElementItfOutb::TYPENAME={"ItfOutb"};
+RuleElementItfOutb::RuleElementItfOutb() {}
+
 
 const char *RuleElementOSrc::TYPENAME={"OSrc"};
 RuleElementOSrc::RuleElementOSrc() {}
diff --git a/src/libfwbuilder/src/fwbuilder/RuleElement.h b/src/libfwbuilder/src/fwbuilder/RuleElement.h
index 2ce051875..51b47cf8d 100644
--- a/src/libfwbuilder/src/fwbuilder/RuleElement.h
+++ b/src/libfwbuilder/src/fwbuilder/RuleElement.h
@@ -147,6 +147,23 @@ class RuleElementItf : public ObjectGroup, public RuleElement {
     virtual bool isPrimaryObject() const { return false; }
 };
 
+class RuleElementItfInb : public RuleElementItf
+{
+    public:
+    DECLARE_FWOBJECT_SUBTYPE(RuleElementItfInb);
+    DECLARE_DISPATCH_METHODS(RuleElementItfInb);
+    RuleElementItfInb();
+};
+
+class RuleElementItfOutb : public RuleElementItf
+{
+    public:
+    DECLARE_FWOBJECT_SUBTYPE(RuleElementItfOutb);
+    DECLARE_DISPATCH_METHODS(RuleElementItfOutb);
+    RuleElementItfOutb();
+   
+};
+
 class RuleElementInterval : public IntervalGroup, public RuleElement {
     public:
     DECLARE_FWOBJECT_SUBTYPE(RuleElementInterval);
diff --git a/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp b/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp
index 614c2abc4..9d02dc792 100644
--- a/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp
+++ b/src/libfwbuilder/src/fwcompiler/NATCompiler.cpp
@@ -644,6 +644,55 @@ bool NATCompiler::ConvertToAtomicForTSrv::processNext()
     return true;
 }
 
+bool NATCompiler::ConvertToAtomicForItfInb::processNext()
+{
+    NATRule *rule=getNext(); if (rule==NULL) return false;
+
+    RuleElementItfInb *itf_inb_re=rule->getItfInb();    assert(itf_inb_re);
+
+    for (FWObject::iterator i1=itf_inb_re->begin(); i1!=itf_inb_re->end(); ++i1) 
+    {
+        NATRule *r = compiler->dbcopy->createNATRule();
+        r->duplicate(rule);
+        compiler->temp_ruleset->add(r);
+
+        FWObject *s;
+
+        s = r->getItfInb();	assert(s);
+        s->clearChildren();
+        s->addCopyOf( *i1 );
+
+        tmp_queue.push_back(r);
+    }
+
+    return true;
+}
+
+bool NATCompiler::ConvertToAtomicForItfOutb::processNext()
+{
+    NATRule *rule=getNext(); if (rule==NULL) return false;
+
+    RuleElementItfOutb *itf_outb_re=rule->getItfOutb();    assert(itf_outb_re);
+
+    for (FWObject::iterator i1=itf_outb_re->begin(); i1!=itf_outb_re->end(); ++i1) 
+    {
+        NATRule *r = compiler->dbcopy->createNATRule();
+        r->duplicate(rule);
+        compiler->temp_ruleset->add(r);
+
+        FWObject *s;
+
+        s = r->getItfOutb();	assert(s);
+        s->clearChildren();
+        s->addCopyOf( *i1 );
+
+        tmp_queue.push_back(r);
+    }
+
+    return true;
+}
+
+
 
 
 
diff --git a/src/libfwbuilder/src/fwcompiler/NATCompiler.h b/src/libfwbuilder/src/fwcompiler/NATCompiler.h
index a11568a05..183e9971d 100644
--- a/src/libfwbuilder/src/fwcompiler/NATCompiler.h
+++ b/src/libfwbuilder/src/fwcompiler/NATCompiler.h
@@ -170,6 +170,16 @@ namespace fwcompiler {
 	 */
         DECLARE_NAT_RULE_PROCESSOR(ConvertToAtomicForTSrv);
 
+	/**
+	 * this processor converts to atomic rules only for ItfInb
+	 */
+        DECLARE_NAT_RULE_PROCESSOR(ConvertToAtomicForItfInb);
+
+	/**
+	 * this processor converts to atomic rules only for ItfOutb
+	 */
+        DECLARE_NAT_RULE_PROCESSOR(ConvertToAtomicForItfOutb);
+
 	/**
 	 * this processor converts to atomic rules using all combinations
 	 * of OSrc,ODst,OSrv,TSrc,TDst,TSrv
diff --git a/src/libgui/ColDesc.cpp b/src/libgui/ColDesc.cpp
index 637c8526a..eb5a5332b 100755
--- a/src/libgui/ColDesc.cpp
+++ b/src/libgui/ColDesc.cpp
@@ -26,14 +26,17 @@
 #include "ColDesc.h"
 #include "platforms.h"
 
+using namespace std;
+
+
 ColDesc::ColDesc()
 {
     this->type = Unknown;
 }
 
-ColDesc::ColDesc(QString origin, ColumnType type)
+ColDesc::ColDesc(const string &platform, const string &origin, ColumnType type)
 {
-    this->origin = origin;
-    this->name = getReadableRuleElementName(origin.toStdString());
+    this->origin = origin.c_str();
+    this->name = getReadableRuleElementName(platform, origin);
     this->type = type;
 }
diff --git a/src/libgui/ColDesc.h b/src/libgui/ColDesc.h
index 443291a7c..b715e15c1 100755
--- a/src/libgui/ColDesc.h
+++ b/src/libgui/ColDesc.h
@@ -26,25 +26,28 @@
 #ifndef COLDESC_H
 #define COLDESC_H
 
- #include <QMetaType>
+#include <QMetaType>
+
+#include <string>
+
 
 class ColDesc
 {
 public:
-     enum ColumnType
-     {
-         GroupHandle,
-          RuleOp,
-          Object,
-          Action,
-          Direction,
-          Options,
-          Time,
-          Comment,
-          Metric,
-          Unknown
-      };
-    ColDesc(QString origin, ColumnType type);
+    enum ColumnType
+    {
+        GroupHandle,
+        RuleOp,
+        Object,
+        Action,
+        Direction,
+        Options,
+        Time,
+        Comment,
+        Metric,
+        Unknown
+    };
+    ColDesc(const std::string &platform, const std::string &origin, ColumnType type);
     ColDesc();
     QString name;
     QString origin;
diff --git a/src/libgui/FindWhereUsedWidget.cpp b/src/libgui/FindWhereUsedWidget.cpp
index 1e3ee3e26..80673ca20 100644
--- a/src/libgui/FindWhereUsedWidget.cpp
+++ b/src/libgui/FindWhereUsedWidget.cpp
@@ -312,7 +312,8 @@ QTreeWidgetItem* FindWhereUsedWidget::createQTWidgetItem(FWObject* o,
 
         if (RuleElement::cast(container)!=NULL)
             rule_element_name =
-                getReadableRuleElementName(container->getParent()->getTypeName());
+                getReadableRuleElementName(
+                    fw->getStr("platform"), container->getParent()->getTypeName());
 
         if (Rule::cast(container)!=NULL)
             rule_element_name = "Action";
diff --git a/src/libgui/RuleNode.h b/src/libgui/RuleNode.h
index 75a5191e1..dc1ec30fb 100644
--- a/src/libgui/RuleNode.h
+++ b/src/libgui/RuleNode.h
@@ -29,7 +29,7 @@
 #include <QObject>
 #include <QSize>
 
-#define MAX_COLUMNS 10
+#define MAX_COLUMNS 20
 
 namespace libfwbuilder {
     class Rule;
diff --git a/src/libgui/RuleSetModel.cpp b/src/libgui/RuleSetModel.cpp
index 417a6f431..baf37893b 100644
--- a/src/libgui/RuleSetModel.cpp
+++ b/src/libgui/RuleSetModel.cpp
@@ -1350,32 +1350,36 @@ void PolicyModel::configure()
     supports_logging      = false;
     supports_rule_options = false;
     supports_time         = false;
+    
+    string platform;
 
     if (getFirewall())
     {
+        platform = getFirewall()->getStr("platform");
+
         try {
             supports_logging = Resources::getTargetCapabilityBool(
-                    getFirewall()->getStr("platform"), "logging_in_policy");
+                    platform, "logging_in_policy");
             supports_rule_options = Resources::getTargetCapabilityBool(
-                    getFirewall()->getStr("platform"), "options_in_policy");
+                    platform, "options_in_policy");
             supports_time = Resources::getTargetCapabilityBool(
-                    getFirewall()->getStr("platform"), "supports_time");
+                    platform, "supports_time");
         } catch(FWException &ex)    {    }
     }
 
-    header  << ColDesc(RuleElementSrc::TYPENAME, ColDesc::Object)   // 1
-            << ColDesc(RuleElementDst::TYPENAME, ColDesc::Object)   // 2
-            << ColDesc(RuleElementSrv::TYPENAME, ColDesc::Object)   // 3
-            << ColDesc(RuleElementItf::TYPENAME, ColDesc::Object)   // 4
-            << ColDesc("Direction", ColDesc::Direction)             // 5
-            << ColDesc("Action", ColDesc::Action);                  // 6
+    header  << ColDesc(platform, RuleElementSrc::TYPENAME, ColDesc::Object)   // 1
+            << ColDesc(platform, RuleElementDst::TYPENAME, ColDesc::Object)   // 2
+            << ColDesc(platform, RuleElementSrv::TYPENAME, ColDesc::Object)   // 3
+            << ColDesc(platform, RuleElementItf::TYPENAME, ColDesc::Object)   // 4
+            << ColDesc(platform, "Direction", ColDesc::Direction)             // 5
+            << ColDesc(platform, "Action", ColDesc::Action);                  // 6
     if (supports_time)
-        header << ColDesc(RuleElementInterval::TYPENAME, ColDesc::Time);  // 7
+        header << ColDesc(platform, RuleElementInterval::TYPENAME, ColDesc::Time);  // 7
 
     if (supports_logging && supports_rule_options)
-        header << ColDesc("Options", ColDesc::Options);
+        header << ColDesc(platform, "Options", ColDesc::Options);
 
-    header << ColDesc("Comment", ColDesc::Comment);
+    header << ColDesc(platform, "Comment", ColDesc::Comment);
 }
 
 QVariant PolicyModel::getRuleDataForDisplayRole(const QModelIndex &index, RuleNode* node) const
@@ -1463,27 +1467,42 @@ bool PolicyModel::checkRuleType(libfwbuilder::Rule *rule)
 void NatModel::configure()
 {
     supports_actions = false;
+    supports_inbound_interface = false;
+    supports_outbound_interface = false;
 
+    string platform;
+    
     if (getFirewall())
     {
+        platform = getFirewall()->getStr("platform");
+
         try {
             supports_actions = Resources::getTargetCapabilityBool(
-                getFirewall()->getStr("platform"), "actions_in_nat");
+                platform, "actions_in_nat");
+            supports_inbound_interface = Resources::getTargetCapabilityBool(
+                platform, "inbound_interface_in_nat");
+            supports_outbound_interface = Resources::getTargetCapabilityBool(
+                platform, "outbound_interface_in_nat");
         } catch(FWException &ex)    {    }
     }
 
-    header  << ColDesc(RuleElementOSrc::TYPENAME, ColDesc::Object)   // 1
-            << ColDesc(RuleElementODst::TYPENAME, ColDesc::Object)   // 2
-            << ColDesc(RuleElementOSrv::TYPENAME, ColDesc::Object)   // 3
-            << ColDesc(RuleElementTSrc::TYPENAME, ColDesc::Object)   // 4
-            << ColDesc(RuleElementTDst::TYPENAME, ColDesc::Object)   // 5
-            << ColDesc(RuleElementTSrv::TYPENAME, ColDesc::Object);   // 6
+    header  << ColDesc(platform, RuleElementOSrc::TYPENAME, ColDesc::Object)   // 1
+            << ColDesc(platform, RuleElementODst::TYPENAME, ColDesc::Object)   // 2
+            << ColDesc(platform, RuleElementOSrv::TYPENAME, ColDesc::Object)   // 3
+            << ColDesc(platform, RuleElementTSrc::TYPENAME, ColDesc::Object)   // 4
+            << ColDesc(platform, RuleElementTDst::TYPENAME, ColDesc::Object)   // 5
+            << ColDesc(platform, RuleElementTSrv::TYPENAME, ColDesc::Object);   // 6
+
+    if (supports_inbound_interface)
+        header << ColDesc(platform, RuleElementItfInb::TYPENAME, ColDesc::Object);
+    if (supports_outbound_interface)
+        header << ColDesc(platform, RuleElementItfOutb::TYPENAME, ColDesc::Object);
 
     if (supports_actions)
-        header << ColDesc("Action", ColDesc::Action);
+        header << ColDesc(platform, "Action", ColDesc::Action);
 
-    header << ColDesc("Options", ColDesc::Options)                  // 7
-           << ColDesc("Comment", ColDesc::Comment);                 // 8
+    header << ColDesc(platform, "Options", ColDesc::Options)                  // 7
+           << ColDesc(platform, "Comment", ColDesc::Comment);                 // 8
 }
 
 QVariant NatModel::getRuleDataForDisplayRole(const QModelIndex &index, RuleNode* node) const
@@ -1556,28 +1575,33 @@ void RoutingModel::configure()
     supports_routing_itf  = false;
     supports_metric  = false;
 
+    string platform;
+    string host_os;
+
     if (getFirewall())
     {
+        platform = getFirewall()->getStr("platform");
+        host_os = getFirewall()->getStr("host_OS");
+
         try {
-            supports_routing_itf =
-                Resources::getTargetCapabilityBool(
-                        getFirewall()->getStr("host_OS"), "supports_routing_itf");
+            supports_routing_itf = Resources::getTargetCapabilityBool(
+                host_os, "supports_routing_itf");
             supports_metric = Resources::getTargetCapabilityBool(
-                    getFirewall()->getStr("host_OS"), "supports_metric");
+                host_os, "supports_metric");
         } catch(FWException &ex)    {    }
     }
 
-    header  << ColDesc(RuleElementRDst::TYPENAME, ColDesc::Object)   // 1
-            << ColDesc(RuleElementRGtw::TYPENAME, ColDesc::Object);  // 2
+    header  << ColDesc(platform, RuleElementRDst::TYPENAME, ColDesc::Object)   // 1
+            << ColDesc(platform, RuleElementRGtw::TYPENAME, ColDesc::Object);  // 2
 
     if (supports_routing_itf)
-        header << ColDesc(RuleElementRItf::TYPENAME, ColDesc::Object);
+        header << ColDesc(platform, RuleElementRItf::TYPENAME, ColDesc::Object);
 
     if (supports_metric)
-        header  << ColDesc("Metric", ColDesc::Metric);
+        header  << ColDesc(platform, "Metric", ColDesc::Metric);
 
-    header << ColDesc("Options", ColDesc::Options)
-           << ColDesc("Comment", ColDesc::Comment);
+    header << ColDesc(platform, "Options", ColDesc::Options)
+           << ColDesc(platform, "Comment", ColDesc::Comment);
 }
 
 QVariant RoutingModel::getRuleDataForDisplayRole(const QModelIndex &index, RuleNode* node) const
diff --git a/src/libgui/RuleSetModel.h b/src/libgui/RuleSetModel.h
index 738b41748..24c0f4b6d 100644
--- a/src/libgui/RuleSetModel.h
+++ b/src/libgui/RuleSetModel.h
@@ -246,7 +246,9 @@ public:
 
 private:
     bool supports_actions;
-
+    bool supports_inbound_interface;
+    bool supports_outbound_interface;
+    
     QVariant getRuleDataForDisplayRole(const QModelIndex &index, RuleNode* node) const;
     QStringList getRuleOptions(libfwbuilder::Rule* r) const;
     void configure();
diff --git a/src/libgui/RuleSetView.cpp b/src/libgui/RuleSetView.cpp
index b926f9aa8..526e34706 100644
--- a/src/libgui/RuleSetView.cpp
+++ b/src/libgui/RuleSetView.cpp
@@ -2279,6 +2279,7 @@ bool RuleSetView::validateForInsertion(RuleElement *re, FWObject *obj, bool quie
         }
     }
 
+    // This includes RuleElementItfInb and RuleElementItfOutb of nat rules
     if (RuleElementItf::cast(re) || RuleElementRItf::cast(re))
         return validateForInsertionToInterfaceRE(RuleElementItf::cast(re), obj);
 
diff --git a/src/libgui/RuleSetViewDelegate.cpp b/src/libgui/RuleSetViewDelegate.cpp
index 837975641..078921c85 100644
--- a/src/libgui/RuleSetViewDelegate.cpp
+++ b/src/libgui/RuleSetViewDelegate.cpp
@@ -569,6 +569,9 @@ QString RuleSetViewDelegate::objectText(RuleElement *re,FWObject *obj) const
         if (RuleElementRGtw::isA(re) ||
             RuleElementRItf::isA(re))  return QString("");
         if (RuleElementItf::isA(re))   return QString(tr("All"));
+        if (RuleElementItfInb::isA(re))   return QString(tr("Auto"));
+        if (RuleElementItfOutb::isA(re))   return QString(tr("Auto"));
+
         return any_object_name;
     }
 
diff --git a/src/libgui/platforms.cpp b/src/libgui/platforms.cpp
index 8f90f9a5f..5f38e74c1 100644
--- a/src/libgui/platforms.cpp
+++ b/src/libgui/platforms.cpp
@@ -763,7 +763,8 @@ bool getStatelessFlagForAction(PolicyRule *rule)
 /**
  * Returns translatable string - name of the corresponding rule element.
  */
-QString getReadableRuleElementName(const string &rule_element_type_name)
+QString getReadableRuleElementName(const string &platform,
+                                   const string &rule_element_type_name)
 {
     // The following map TYPENAME of RuleElement classes to readable
     // translatable names.
@@ -781,6 +782,18 @@ QString getReadableRuleElementName(const string &rule_element_type_name)
     if (rule_element_type_name == "TDst") return QObject::tr("Translated Dst");
     if (rule_element_type_name == "TSrv") return QObject::tr("Translated Srv");
 
+    if (platform == "pf")
+    {
+        // For PF I hide inbound interface and show outbound interface
+        // column with header "Interface"
+        if (rule_element_type_name == "ItfInb") return QObject::tr("Interface");
+        if (rule_element_type_name == "ItfOutb") return QObject::tr("Interface");
+    } else
+    {
+        if (rule_element_type_name == "ItfInb") return QObject::tr("Inbound Interface");
+        if (rule_element_type_name == "ItfOutb") return QObject::tr("Outbound Interface");
+    }
+
     if (rule_element_type_name == "RDst") return QObject::tr("Destination");
     if (rule_element_type_name == "RGtw") return QObject::tr("Gateway");
     if (rule_element_type_name == "RItf") return QObject::tr("Interface");
diff --git a/src/libgui/platforms.h b/src/libgui/platforms.h
index 1b69d8ac7..b122ab85c 100644
--- a/src/libgui/platforms.h
+++ b/src/libgui/platforms.h
@@ -149,7 +149,8 @@ QString getActionNameForPlatform(libfwbuilder::Firewall *fw,
 
 bool getStatelessFlagForAction(libfwbuilder::PolicyRule *rule);
 
-QString getReadableRuleElementName(const std::string &rule_element_type_name);
+QString getReadableRuleElementName(const std::string &platform,
+                                   const std::string &rule_element_type_name);
 
 /*
  * convenience method that calls Resourcess::getPlatforms() and
diff --git a/src/pflib/NATCompiler_pf.cpp b/src/pflib/NATCompiler_pf.cpp
index b6ff4af1a..0008713d1 100644
--- a/src/pflib/NATCompiler_pf.cpp
+++ b/src/pflib/NATCompiler_pf.cpp
@@ -707,8 +707,8 @@ bool NATCompiler_pf::assignInterfaceToNATRule(Rule *rule, Address *addr)
 
 bool NATCompiler_pf::AssignInterface::processNext()
 {
-    NATCompiler_pf *pf_comp=dynamic_cast<NATCompiler_pf*>(compiler);
-    NATRule *rule=getNext(); if (rule==NULL) return false;
+    NATCompiler_pf *pf_comp = dynamic_cast<NATCompiler_pf*>(compiler);
+    NATRule *rule = getNext(); if (rule==NULL) return false;
 
     if (rule->getInterfaceStr() != "")
     {
@@ -716,6 +716,31 @@ bool NATCompiler_pf::AssignInterface::processNext()
         return true;
     }
 
+    RuleElementItfOutb *itf_re = rule->getItfOutb();
+    assert(itf_re!=NULL);
+    if (!itf_re->isAny())
+    {
+        Interface *intf = Interface::cast(
+            FWObjectReference::getObject(itf_re->front()));
+        assert(intf!=NULL);
+
+        if (intf->isFailoverInterface())
+        {
+            FailoverClusterGroup *fg = FailoverClusterGroup::cast(
+                intf->getFirstByType(FailoverClusterGroup::TYPENAME));
+            if (fg)
+                intf = fg->getInterfaceForMemberFirewall(compiler->fw);
+        }
+
+        if (intf->isChildOf(compiler->fw))
+        {
+            rule->setInterfaceId(intf->getId());
+            rule->setInterfaceStr(intf->getName());
+            tmp_queue.push_back(rule);
+            return true;
+        }
+    }
+
     switch ( rule->getRuleType() )
     {
     case NATRule::SNAT:
@@ -1251,6 +1276,8 @@ void NATCompiler_pf::compile()
     //add( new ConvertToAtomicForTSrc( "convert to atomic rules" ) );
     add( new splitForTSrc(
              "split if addresses in TSrc belong to different networks" ));
+    add( new ConvertToAtomicForItfOutb(
+             "convert to atomic for Interface rule element"));
     add( new AssignInterface( "assign rules to interfaces" ) );
     add( new convertInterfaceIdToStr("prepare interface assignments") );
 
diff --git a/src/res/objects_init.xml b/src/res/objects_init.xml
index 418fb2c70..bb668299e 100644
--- a/src/res/objects_init.xml
+++ b/src/res/objects_init.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1265059184" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1265059184" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
diff --git a/src/res/platform/fwsm.xml b/src/res/platform/fwsm.xml
index 61940a7b7..47e8eda0f 100644
--- a/src/res/platform/fwsm.xml
+++ b/src/res/platform/fwsm.xml
@@ -233,6 +233,8 @@ nameif %in %il security%sl
         <options_in_policy>True</options_in_policy>
         <supports_nat>True</supports_nat>
         <actions_in_nat>False</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>False</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>False</supports_accounting>
         <security_levels>True</security_levels>
diff --git a/src/res/platform/iosacl.xml b/src/res/platform/iosacl.xml
index d25588e12..c922474bb 100644
--- a/src/res/platform/iosacl.xml
+++ b/src/res/platform/iosacl.xml
@@ -109,6 +109,8 @@ interface %in
         <options_in_policy>True</options_in_policy>
         <supports_nat>False</supports_nat>
         <actions_in_nat>False</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>False</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>False</supports_accounting>
         <security_levels>False</security_levels>
diff --git a/src/res/platform/ipf.xml b/src/res/platform/ipf.xml
index 8e66c1e05..50f4be2e3 100644
--- a/src/res/platform/ipf.xml
+++ b/src/res/platform/ipf.xml
@@ -30,6 +30,8 @@
         <options_in_policy>True</options_in_policy>
         <supports_nat>True</supports_nat>
         <actions_in_nat>False</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>False</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>True</supports_accounting>
         <security_levels>False</security_levels>
diff --git a/src/res/platform/ipfw.xml b/src/res/platform/ipfw.xml
index 658b03f25..0f40e1c14 100644
--- a/src/res/platform/ipfw.xml
+++ b/src/res/platform/ipfw.xml
@@ -28,6 +28,8 @@
         <options_in_policy>True</options_in_policy>
         <supports_nat>False</supports_nat>
         <actions_in_nat>False</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>False</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>True</supports_accounting>
         <security_levels>False</security_levels>
diff --git a/src/res/platform/pf.xml b/src/res/platform/pf.xml
index 5b74c3ff5..e753dedec 100644
--- a/src/res/platform/pf.xml
+++ b/src/res/platform/pf.xml
@@ -33,6 +33,8 @@
         <options_in_policy>True</options_in_policy>
         <supports_nat>True</supports_nat>
         <actions_in_nat>True</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>True</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>True</supports_accounting>
         <security_levels>False</security_levels>
diff --git a/src/res/platform/pix.xml b/src/res/platform/pix.xml
index b48200cde..1e4a74818 100644
--- a/src/res/platform/pix.xml
+++ b/src/res/platform/pix.xml
@@ -646,6 +646,8 @@
         <options_in_policy>True</options_in_policy>
         <supports_nat>True</supports_nat>
         <actions_in_nat>False</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>False</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>False</supports_accounting>
         <security_levels>True</security_levels>
diff --git a/src/res/platform/procurve_acl.xml b/src/res/platform/procurve_acl.xml
index 424958d72..83699b055 100644
--- a/src/res/platform/procurve_acl.xml
+++ b/src/res/platform/procurve_acl.xml
@@ -46,6 +46,8 @@ interface %in
         <options_in_policy>True</options_in_policy>
         <supports_nat>False</supports_nat>
         <actions_in_nat>False</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>False</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>False</supports_accounting>
         <security_levels>False</security_levels>
diff --git a/src/res/platform/unknown.xml b/src/res/platform/unknown.xml
index 5cca9fdf6..705c98381 100644
--- a/src/res/platform/unknown.xml
+++ b/src/res/platform/unknown.xml
@@ -20,6 +20,8 @@
         <options_in_policy>False</options_in_policy>
         <supports_nat>False</supports_nat>
         <actions_in_nat>False</actions_in_nat>
+        <inbound_interface_in_nat>False</inbound_interface_in_nat>
+        <outbound_interface_in_nat>False</outbound_interface_in_nat>
         <supports_time>False</supports_time>
         <supports_accounting>False</supports_accounting>
         <security_levels>False</security_levels>
diff --git a/src/res/templates.xml b/src/res/templates.xml
index 22a33ec00..9af31fc18 100644
--- a/src/res/templates.xml
+++ b/src/res/templates.xml
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="17" lastModified="1270752748" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1270752748" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>