diff --git a/doc/ChangeLog b/doc/ChangeLog
index 49fbe587a..fadb6ac9d 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,7 +1,11 @@
 2008-07-05  Vadim Kurland  <vadim@vk.crocodile.org>
 
+	* PolicyCompiler_iosacl_writers.cpp (PrintRule::_printTOS):
+	Support for TOS and DSCP matching in IOS access lists.
+
 	* PolicyCompiler_pf_writers.cpp (PrintRule::_printDstService):
-	Support for tos matching in compiler for pf.
+	Support for tos matching in compiler for pf. PF does not support
+	DSCP matching.
 
 	* PolicyCompiler_PrintRule.cpp (PrintRule::_printIP): Support for
 	TOS and DSCP matching in compiler for iptables.
diff --git a/src/iosacl/PolicyCompiler_iosacl.h b/src/iosacl/PolicyCompiler_iosacl.h
index a2c224b3c..dcdfd844f 100644
--- a/src/iosacl/PolicyCompiler_iosacl.h
+++ b/src/iosacl/PolicyCompiler_iosacl.h
@@ -195,6 +195,7 @@ namespace fwcompiler {
             std::string _printACL(libfwbuilder::PolicyRule *r);
             std::string _printLog(libfwbuilder::PolicyRule *r);
             std::string _printFragm(libfwbuilder::Service *srv);
+            std::string _printTOS(libfwbuilder::Service *srv);
 
             std::string _printRule(libfwbuilder::PolicyRule *rule);
 
diff --git a/src/iosacl/PolicyCompiler_iosacl_writers.cpp b/src/iosacl/PolicyCompiler_iosacl_writers.cpp
index a5571f463..0cb3cebb6 100644
--- a/src/iosacl/PolicyCompiler_iosacl_writers.cpp
+++ b/src/iosacl/PolicyCompiler_iosacl_writers.cpp
@@ -262,6 +262,7 @@ string PolicyCompiler_iosacl::PrintRule::_printRule(PolicyRule *rule)
     aclstr << _printLog( rule );
     // "fragments" should be the last option in the access-list command
     aclstr << _printFragm( compiler->getFirstSrv(rule) );
+    aclstr << _printTOS( compiler->getFirstSrv(rule) );
 
 //    aclstr << endl;
 
@@ -331,12 +332,27 @@ string PolicyCompiler_iosacl::PrintRule::_printSrcService(libfwbuilder::Service
 
 string PolicyCompiler_iosacl::PrintRule::_printFragm(Service *srv)
 {
-    if (IPService::isA(srv) && (srv->getBool("fragm") || srv->getBool("short_fragm")))
+    if (IPService::isA(srv) && (
+            srv->getBool("fragm") || srv->getBool("short_fragm")))
         return "fragments ";
     
     return "";
 }
 
+string PolicyCompiler_iosacl::PrintRule::_printTOS(Service *srv)
+{
+    const IPService *ip;
+    if ((ip=IPService::constcast(srv))!=NULL)
+    {
+        string tos = ip->getTOSCode();
+        string dscp = ip->getDSCPCode();
+        if (!dscp.empty()) return string("dscp ") + dscp;
+        else
+            if (!tos.empty()) return string("tos ") + tos;
+    }
+    return "";
+}
+
 string PolicyCompiler_iosacl::PrintRule::_printDstService(Service *srv)
 {
     ostringstream  str;
diff --git a/test/iosacl/objects.fwb b/test/iosacl/objects.fwb
index 34b8fb391..d290fee03 100644
--- a/test/iosacl/objects.fwb
+++ b/test/iosacl/objects.fwb
@@ -1,5198 +1,2299 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" id="root"><Library color="#d2ffd0" id="id4511636323682" name="User">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="9" lastModified="1215311660" id="root">
+  <Library id="sysid99" name="Deleted Objects" ro="False">
+    <ICMP6Service id="idE0C27650" name="ipv6 dest unreachable" comment="No route to destination" code="0" type="1"/>
+    <IPv4 id="id463FF31019380" name="test-ipt:eth0:ip" address="10.10.10.1" netmask="255.255.255.0"/>
+    <Interface id="id4511651D23682" name="imq1" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="True" unprotected="False"/>
+    <Firewall id="id453D8A6D12118" name="ipf" comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." host_OS="freebsd" lastCompiled="0" lastInstalled="0" lastModified="1178678949" platform="ipf" ro="False" version="">
+      <NAT id="id453D8AE412118" name="NAT">
+        <NATRule id="id453D8AE512118" disabled="False" position="0">
+          <OSrc neg="False">
+            <ObjectRef ref="id3DC75CE7-1"/>
+          </OSrc>
+          <ODst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </ODst>
+          <OSrv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </OSrv>
+          <TSrc neg="False">
+            <ObjectRef ref="sysid0"/>
+          </TSrc>
+          <TDst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </TDst>
+          <TSrv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </TSrv>
+          <NATRuleOptions/>
+        </NATRule>
+      </NAT>
+      <Policy id="id453D8A7312118" name="Policy">
+        <PolicyRule id="id453D8A7412118" comment="anti spoofing rule" action="Deny" direction="Inbound" disabled="False" log="True" position="0">
+          <Src neg="False">
+            <ObjectRef ref="id3DC75CE7-1"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+        <PolicyRule id="id453D8A8112118" action="Accept" direction="Both" disabled="False" log="False" position="1">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions/>
+        </PolicyRule>
+        <PolicyRule id="id453D8A8D12118" comment="SSH Access to firewall is permitted&#10;only from internal network&#10;Also firewall serves DNS for internal&#10;network" action="Route" disabled="False" log="False" position="2">
+          <Src neg="False">
+            <ObjectRef ref="id3DC75CE7-1"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="tcp-SSH"/>
+            <ServiceRef ref="id3F530CC8"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="action_on_reject"></Option>
+            <Option name="classify_str"></Option>
+            <Option name="custom_str"></Option>
+            <Option name="ipf_route_opt_addr"></Option>
+            <Option name="ipf_route_opt_if">le1</Option>
+            <Option name="ipf_route_option">route_through</Option>
+            <Option name="ipfw_classify_method">2</Option>
+            <Option name="ipfw_pipe_port_num">0</Option>
+            <Option name="ipfw_pipe_queue_num">0</Option>
+            <Option name="ipt_continue">False</Option>
+            <Option name="ipt_gw"></Option>
+            <Option name="ipt_iif"></Option>
+            <Option name="ipt_mark_connections">False</Option>
+            <Option name="ipt_mark_prerouting">False</Option>
+            <Option name="ipt_oif"></Option>
+            <Option name="ipt_tee">False</Option>
+            <Option name="pf_fastroute">False</Option>
+            <Option name="pf_route_opt_addr"></Option>
+            <Option name="pf_route_opt_if"></Option>
+            <Option name="pf_route_option">route_through</Option>
+            <Option name="rule_name_accounting"></Option>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+        <PolicyRule id="id453D8A9A12118" comment="DHCP requests are permitted&#10;from internal network" action="Accept" disabled="False" log="False" position="3">
+          <Src neg="False">
+            <ObjectRef ref="id3DC75CE7-1"/>
+            <ObjectRef ref="id3F6D115D"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="id3F6D115C"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sg-DHCP"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions/>
+        </PolicyRule>
+        <PolicyRule id="id453D8AA812118" comment="DHCP replies" action="Accept" disabled="False" log="False" position="4">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="id3DC75CE7-1"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sg-DHCP"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions/>
+        </PolicyRule>
+        <PolicyRule id="id453D8AB412118" comment="Firewall should be able to send&#10;DNS queries to the Internet" action="Accept" disabled="False" log="True" position="5">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="id3F530CC8"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions/>
+        </PolicyRule>
+        <PolicyRule id="id453D8AC012118" comment="All other attempts to connect to&#10;the firewall are denied and logged" action="Deny" disabled="False" log="True" position="6">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+        <PolicyRule id="id453D8ACC12118" action="Accept" disabled="False" log="False" position="7">
+          <Src neg="False">
+            <ObjectRef ref="id3DC75CE7-1"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions/>
+        </PolicyRule>
+        <PolicyRule id="id453D8AD812118" action="Deny" disabled="False" log="True" position="8">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+      </Policy>
+      <Routing id="id453D8AF312118" name="Routing"/>
+      <Interface id="id453D8AF412118" name="le0" bridgeport="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False"/>
+      <Interface id="id453D8AF512118" name="le1" bridgeport="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False">
+        <IPv4 id="id453D8AF712118" name="ipf:le1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
+      </Interface>
+      <Interface id="id453D8AF812118" name="lo" bridgeport="False" dyn="False" label="loopback" mgmt="False" security_level="100" unnum="False" unprotected="False">
+        <IPv4 id="id453D8AFA12118" name="ipf:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
+      </Interface>
+      <Management address="0.0.0.0">
+        <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
+        <FWBDManagement enabled="False" identity="" port="-1"/>
+        <PolicyInstallScript arguments="" command="" enabled="False"/>
+      </Management>
+      <FirewallOptions>
+        <Option name="accept_established">true</Option>
+        <Option name="accept_new_tcp_with_no_syn">true</Option>
+        <Option name="add_check_state_rule">true</Option>
+        <Option name="check_shading">true</Option>
+        <Option name="configure_interfaces">true</Option>
+        <Option name="eliminate_duplicates">true</Option>
+        <Option name="firewall_dir">/etc</Option>
+        <Option name="firewall_is_part_of_any_and_networks">true</Option>
+        <Option name="freebsd_ip_forward">1</Option>
+        <Option name="in_out_code">true</Option>
+        <Option name="limit_value">0</Option>
+        <Option name="linux24_ip_forward">1</Option>
+        <Option name="load_modules">true</Option>
+        <Option name="local_nat">false</Option>
+        <Option name="log_level">info</Option>
+        <Option name="log_prefix">RULE %N -- %A </Option>
+        <Option name="loopback_interface">lo0</Option>
+        <Option name="macosx_ip_forward">1</Option>
+        <Option name="manage_virtual_addr">true</Option>
+        <Option name="openbsd_ip_forward">1</Option>
+        <Option name="pass_all_out">false</Option>
+        <Option name="pf_limit_frags">5000</Option>
+        <Option name="pf_limit_states">10000</Option>
+        <Option name="pf_scrub_maxmss">1460</Option>
+        <Option name="pf_timeout_frag">30</Option>
+        <Option name="pf_timeout_interval">10</Option>
+        <Option name="pix_add_clear_statements">true</Option>
+        <Option name="pix_assume_fw_part_of_any">true</Option>
+        <Option name="pix_default_logint">300</Option>
+        <Option name="pix_emblem_log_format">false</Option>
+        <Option name="pix_emulate_out_acl">true</Option>
+        <Option name="pix_floodguard">true</Option>
+        <Option name="pix_include_comments">true</Option>
+        <Option name="pix_route_dnat_supported">true</Option>
+        <Option name="pix_rule_syslog_settings">false</Option>
+        <Option name="pix_security_fragguard_supported">true</Option>
+        <Option name="pix_syslog_device_id_supported">false</Option>
+        <Option name="pix_use_acl_remarks">true</Option>
+        <Option name="prompt1">$ </Option>
+        <Option name="prompt2"> # </Option>
+        <Option name="solaris_ip_forward">1</Option>
+        <Option name="ulog_nlgroup">1</Option>
+        <Option name="verify_interfaces">true</Option>
+      </FirewallOptions>
+    </Firewall>
+    <Firewall id="id4511650E23682" name="test-ipt" host_OS="linux24" inactive="False" lastCompiled="1178591818" lastInstalled="0" lastModified="1178678953" platform="iptables" ro="False" version="">
+      <NAT id="id4511651223682" name="NAT"/>
+      <Policy id="id4511651123682" name="Policy">
+        <PolicyRule id="id463FE87E19380" action="Deny" direction="Inbound" disabled="False" log="False" position="0">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="True">
+            <ServiceRef ref="tcp-TCP-SYN"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions/>
+        </PolicyRule>
+        <PolicyRule id="id4511653623682" action="Route" direction="Both" disabled="False" log="False" position="1">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="action_on_reject"></Option>
+            <Option name="classify_str"></Option>
+            <Option name="custom_str"></Option>
+            <Option name="ipf_route_opt_addr"></Option>
+            <Option name="ipf_route_opt_if"></Option>
+            <Option name="ipf_route_option">Route through</Option>
+            <Option name="ipfw_classify_method">2</Option>
+            <Option name="ipfw_pipe_port_num">0</Option>
+            <Option name="ipfw_pipe_queue_num">0</Option>
+            <Option name="ipt_continue">False</Option>
+            <Option name="ipt_gw"></Option>
+            <Option name="ipt_iif"></Option>
+            <Option name="ipt_mark_connections">False</Option>
+            <Option name="ipt_mark_prerouting">False</Option>
+            <Option name="ipt_oif">vlan1</Option>
+            <Option name="ipt_tee">False</Option>
+            <Option name="pf_fastroute">False</Option>
+            <Option name="pf_route_opt_addr"></Option>
+            <Option name="pf_route_opt_if"></Option>
+            <Option name="pf_route_option">Route through</Option>
+            <Option name="rule_name_accounting"></Option>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+        <PolicyRule id="id453D868112036" action="Route" direction="Both" disabled="False" log="True" position="2">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="action_on_reject"></Option>
+            <Option name="classify_str"></Option>
+            <Option name="custom_str"></Option>
+            <Option name="ipf_route_opt_addr"></Option>
+            <Option name="ipf_route_opt_if"></Option>
+            <Option name="ipf_route_option">Route through</Option>
+            <Option name="ipfw_classify_method">2</Option>
+            <Option name="ipfw_pipe_port_num">0</Option>
+            <Option name="ipfw_pipe_queue_num">0</Option>
+            <Option name="ipt_continue">False</Option>
+            <Option name="ipt_gw"></Option>
+            <Option name="ipt_iif"></Option>
+            <Option name="ipt_mark_connections">False</Option>
+            <Option name="ipt_mark_prerouting">False</Option>
+            <Option name="ipt_oif">eth1</Option>
+            <Option name="ipt_tee">False</Option>
+            <Option name="pf_fastroute">False</Option>
+            <Option name="pf_route_opt_addr"></Option>
+            <Option name="pf_route_opt_if"></Option>
+            <Option name="pf_route_option">Route through</Option>
+            <Option name="rule_name_accounting"></Option>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+        <PolicyRule id="id453D896C12123" action="Deny" direction="Both" disabled="False" log="True" position="3">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+        <PolicyRule id="id4511654423682" action="Reject" direction="Both" disabled="False" log="False" position="4">
+          <Src neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Src>
+          <Dst neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Dst>
+          <Srv neg="False">
+            <ServiceRef ref="sysid1"/>
+          </Srv>
+          <Itf neg="False">
+            <ObjectRef ref="sysid0"/>
+          </Itf>
+          <When neg="False">
+            <IntervalRef ref="sysid2"/>
+          </When>
+          <PolicyRuleOptions>
+            <Option name="stateless">True</Option>
+          </PolicyRuleOptions>
+        </PolicyRule>
+      </Policy>
+      <Routing id="id4511651323682" name="Routing"/>
+      <Interface id="id4511651623682" name="lo" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False">
+        <IPv4 id="id4511651723682" name="test-ipt:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
+      </Interface>
+      <Interface id="id4511651923682" name="teql0" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="True" unprotected="False"/>
+      <Interface id="id4511651B23682" name="imq0" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False">
+        <IPv4 id="id463FFA2619380" name="test-ipt:imq0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
+      </Interface>
+      <Interface id="id4511652023682" name="eth0" bridgeport="False" dyn="True" label="" mgmt="False" security_level="100" unnum="False" unprotected="False">
+        <physAddress id="id4511652123682" name="test-ipt:eth0:mac" address="00:12:17:03:B9:81"/>
+      </Interface>
+      <Interface id="id4511652423682" name="eth1" bridgeport="False" dyn="True" label="" mgmt="False" security_level="100" unnum="False" unprotected="False">
+        <physAddress id="id4511652523682" name="test-ipt:eth1:mac" address="00:12:17:03:B9:83"/>
+      </Interface>
+      <Interface id="id4511652823682" name="vlan0" bridgeport="False" dyn="True" label="" mgmt="False" security_level="100" unnum="False" unprotected="False">
+        <physAddress id="id4511652923682" name="test-ipt:vlan0:mac" address="00:12:17:03:B9:81"/>
+      </Interface>
+      <Interface id="id4511652D23682" name="vlan1" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
+        <IPv4 id="id4511652F23682" name="test-ipt:vlan1:ip" address="24.6.139.57" netmask="255.255.248.0"/>
+        <physAddress id="id4511652E23682" name="test-ipt:vlan1:mac" address="00:E0:18:A8:80:1E"/>
+      </Interface>
+      <Interface id="id4511653223682" name="br0" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False">
+        <IPv4 id="id463FF31119380" name="test-ipt:br0:ip" address="10.10.10.2" netmask="255.255.255.0"/>
+        <physAddress id="id4511653323682" name="test-ipt:br0:mac" address="00:12:17:03:B9:81"/>
+      </Interface>
+      <Management address="10.10.10.2">
+        <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
+        <FWBDManagement enabled="False" identity="" port="-1"/>
+        <PolicyInstallScript arguments="" command="" enabled="False"/>
+      </Management>
+      <FirewallOptions>
+        <Option name="accept_established">True</Option>
+        <Option name="accept_new_tcp_with_no_syn">True</Option>
+        <Option name="action_on_reject"></Option>
+        <Option name="activationCmd"></Option>
+        <Option name="admUser"></Option>
+        <Option name="altAddress"></Option>
+        <Option name="bridging_fw">False</Option>
+        <Option name="check_shading">False</Option>
+        <Option name="clamp_mss_to_mtu">False</Option>
+        <Option name="classify_mark_terminating">False</Option>
+        <Option name="cmdline"></Option>
+        <Option name="compiler"></Option>
+        <Option name="configure_interfaces">True</Option>
+        <Option name="debug">False</Option>
+        <Option name="drop_invalid">False</Option>
+        <Option name="eliminate_duplicates">true</Option>
+        <Option name="epilog_script"></Option>
+        <Option name="firewall_dir">/etc</Option>
+        <Option name="firewall_is_part_of_any_and_networks">True</Option>
+        <Option name="freebsd_ip_forward">1</Option>
+        <Option name="ignore_empty_groups">False</Option>
+        <Option name="in_out_code">true</Option>
+        <Option name="limit_suffix"></Option>
+        <Option name="limit_value">0</Option>
+        <Option name="linux24_ip_forward">1</Option>
+        <Option name="load_modules">True</Option>
+        <Option name="local_nat">False</Option>
+        <Option name="log_all">False</Option>
+        <Option name="log_invalid">False</Option>
+        <Option name="log_ip_opt">False</Option>
+        <Option name="log_level">info</Option>
+        <Option name="log_prefix">RULE %N -- %A </Option>
+        <Option name="log_tcp_opt">False</Option>
+        <Option name="log_tcp_seq">False</Option>
+        <Option name="loopback_interface">lo0</Option>
+        <Option name="macosx_ip_forward">1</Option>
+        <Option name="manage_virtual_addr">True</Option>
+        <Option name="mgmt_addr"></Option>
+        <Option name="mgmt_ssh">False</Option>
+        <Option name="openbsd_ip_forward">1</Option>
+        <Option name="output_file"></Option>
+        <Option name="pass_all_out">false</Option>
+        <Option name="pf_limit_frags">5000</Option>
+        <Option name="pf_limit_states">10000</Option>
+        <Option name="pf_scrub_maxmss">1460</Option>
+        <Option name="pf_timeout_frag">30</Option>
+        <Option name="pf_timeout_interval">10</Option>
+        <Option name="pix_add_clear_statements">true</Option>
+        <Option name="pix_assume_fw_part_of_any">true</Option>
+        <Option name="pix_default_logint">300</Option>
+        <Option name="pix_emblem_log_format">false</Option>
+        <Option name="pix_emulate_out_acl">true</Option>
+        <Option name="pix_floodguard">true</Option>
+        <Option name="pix_include_comments">true</Option>
+        <Option name="pix_route_dnat_supported">true</Option>
+        <Option name="pix_rule_syslog_settings">false</Option>
+        <Option name="pix_security_fragguard_supported">true</Option>
+        <Option name="pix_syslog_device_id_supported">false</Option>
+        <Option name="pix_use_acl_remarks">true</Option>
+        <Option name="prolog_place">top</Option>
+        <Option name="prolog_script"></Option>
+        <Option name="prompt1">$ </Option>
+        <Option name="prompt2"> # </Option>
+        <Option name="snmp_contact">root</Option>
+        <Option name="snmp_description">Linux SVEASOFT 2.4.20 #2 Wed Nov 17 11:49:43 CET 2004 mips</Option>
+        <Option name="snmp_location">Unknown</Option>
+        <Option name="solaris_ip_forward">1</Option>
+        <Option name="sshArgs"></Option>
+        <Option name="ulog_cprange">0</Option>
+        <Option name="ulog_nlgroup">1</Option>
+        <Option name="ulog_qthreshold">1</Option>
+        <Option name="use_ULOG">False</Option>
+        <Option name="use_iptables_restore">False</Option>
+        <Option name="use_numeric_log_levels">False</Option>
+        <Option name="verify_interfaces">True</Option>
+      </FirewallOptions>
+    </Firewall>
+    <ServiceRef ref="sysid1"/>
+    <ServiceRef ref="sysid1"/>
+    <ServiceRef ref="id151F20845"/>
+    <ServiceRef ref="sysid1"/>
+    <ServiceRef ref="sysid1"/>
+    <ServiceRef ref="sysid1"/>
+  </Library>
+  <Library id="id4511636323682" name="User" color="#d2ffd0">
     <ObjectGroup id="id4511636423682" name="Objects">
       <ObjectGroup id="id4511636523682" name="Addresses">
         <IPv4 id="id451164E423682" name="baby.vk.crocodile.org" address="10.3.14.10" netmask="255.255.255.255"/>
-
-
         <IPv4 id="id451164F923682" name="h-10.3.14.102" address="10.3.14.102" netmask="255.255.255.255"/>
-
-
         <IPv4 id="id451164FA23682" name="h-10.3.14.255" address="10.3.14.255" netmask="255.255.255.255"/>
-
-
         <IPv4 id="id451164FB23682" name="h-10.3.14.53" address="10.3.14.53" netmask="255.255.255.255"/>
-
-
         <IPv4 id="id451164FC23682" name="h-10.3.14.65" address="10.3.14.65" netmask="255.255.255.255"/>
-
-
         <IPv4 id="id451164FD23682" name="neo.vk.crocodile.org" address="10.3.14.43" netmask="255.255.255.255"/>
-
-
         <IPv4 id="id4511653423682" name="tower.vk.crocodile.org" address="10.3.14.30" netmask="255.255.255.255"/>
-
-
         <IPv4 id="id4511653523682" name="x1.vk.crocodile.org" address="10.3.14.41" netmask="255.255.255.255"/>
-
-
       </ObjectGroup>
-
-
       <ObjectGroup id="id4511636623682" name="DNS Names"/>
-
-
       <ObjectGroup id="id4511636723682" name="Address Tables"/>
-
-
       <ObjectGroup id="id4511636823682" name="Groups">
-        <ObjectGroup comment="" id="id46412C4226611" name="networks behind router">
+        <ObjectGroup id="id46412C4226611" name="networks behind router">
           <ObjectRef ref="id46412C4126611"/>
-
-
           <ObjectRef ref="id46412C3F26611"/>
-
-
           <ObjectRef ref="id46412C4026611"/>
-
-
         </ObjectGroup>
-
-
-        <ObjectGroup comment="" id="id4641456929061" name="networks outside">
+        <ObjectGroup id="id4641456929061" name="networks outside">
           <ObjectRef ref="id4641456629061"/>
-
-
           <ObjectRef ref="id4641456729061"/>
-
-
           <ObjectRef ref="id4641456829061"/>
-
-
         </ObjectGroup>
-
-
       </ObjectGroup>
-
-
       <ObjectGroup id="id4511636923682" name="Hosts">
         <Host id="id451164EB23682" name="beaver">
-          <Interface bridgeport="False" dyn="False" id="id451164EF23682" name="lo" security_level="100" unnum="False" unprotected="False">
+          <Interface id="id451164EF23682" name="lo" bridgeport="False" dyn="False" security_level="100" unnum="False" unprotected="False">
             <IPv4 id="id451164F023682" name="beaver:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
-
-
           </Interface>
-
-
-          <Interface bridgeport="False" dyn="False" id="id451164F523682" name="eth0" security_level="0" unnum="False" unprotected="False">
+          <Interface id="id451164F523682" name="eth0" bridgeport="False" dyn="False" security_level="0" unnum="False" unprotected="False">
             <IPv4 id="id451164F723682" name="beaver:eth0:ip1" address="10.3.14.40" netmask="255.255.255.0"/>
-
-
             <IPv4 id="id451164F823682" name="beaver:eth0:ip2" address="192.168.123.123" netmask="255.255.255.0"/>
-
-
-            <physAddress address="00:30:48:20:16:10" id="id451164F623682" name="beaver:eth0:mac"/>
-
-
+            <physAddress id="id451164F623682" name="beaver:eth0:mac" address="00:30:48:20:16:10"/>
           </Interface>
-
-
           <HostOptions>
             <Option name="snmp_contact">Root &lt;root@localhost&gt; (configure /etc/snmp/snmp.local.conf)</Option>
-
-
             <Option name="snmp_description">Linux beaver 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686</Option>
-
-
             <Option name="snmp_location">Unknown (edit /etc/snmp/snmpd.conf)</Option>
-
-
           </HostOptions>
-
-
         </Host>
-
-
       </ObjectGroup>
-
-
       <ObjectGroup id="id4511636A23682" name="Networks">
         <Network id="id451164E323682" name="10.3.14.0/255.255.255.0" address="10.3.14.0" netmask="255.0.0.0"/>
-
-
-        <Network comment="" id="id46412C3F26611" name="net-10.10.10" address="10.10.10.0" netmask="255.255.255.0"/>
-
-
-        <Network comment="" id="id46412C4026611" name="net-10.10.11" address="10.10.11.0" netmask="255.255.255.0"/>
-
-
-        <Network comment="" id="id46412C4126611" name="net-10.10.12" address="10.10.12.0" netmask="255.255.255.0"/>
-
-
-        <Network comment="" id="id4641456629061" name="network_outside_1" address="22.22.21.0" netmask="255.255.255.0"/>
-
-
-        <Network comment="" id="id4641456729061" name="network_outside_2" address="22.22.22.0" netmask="255.255.255.0"/>
-
-
-        <Network comment="" id="id4641456829061" name="network_outside_3" address="22.22.23.0" netmask="255.255.255.0"/>
-
-
-        <Network comment="" id="id46435A0F16989" name="net-10.3.14" address="10.3.14.0" netmask="255.255.255.0"/>
-
-
+        <Network id="id46412C3F26611" name="net-10.10.10" address="10.10.10.0" netmask="255.255.255.0"/>
+        <Network id="id46412C4026611" name="net-10.10.11" address="10.10.11.0" netmask="255.255.255.0"/>
+        <Network id="id46412C4126611" name="net-10.10.12" address="10.10.12.0" netmask="255.255.255.0"/>
+        <Network id="id4641456629061" name="network_outside_1" address="22.22.21.0" netmask="255.255.255.0"/>
+        <Network id="id4641456729061" name="network_outside_2" address="22.22.22.0" netmask="255.255.255.0"/>
+        <Network id="id4641456829061" name="network_outside_3" address="22.22.23.0" netmask="255.255.255.0"/>
+        <Network id="id46435A0F16989" name="net-10.3.14" address="10.3.14.0" netmask="255.255.255.0"/>
       </ObjectGroup>
-
-
       <ObjectGroup id="id4511636B23682" name="Address Ranges"/>
-
-
     </ObjectGroup>
-
-
     <ServiceGroup id="id4511636C23682" name="Services">
       <ServiceGroup id="id4511636D23682" name="Groups">
-        <ServiceGroup comment="" id="id464147DA29061" name="mixed bag">
+        <ServiceGroup id="id464147DA29061" name="mixed bag">
           <ServiceRef ref="id4127F04F"/>
-
-
           <ServiceRef ref="id3AECF774"/>
-
-
           <ServiceRef ref="udp-ntp"/>
-
-
           <ServiceRef ref="id3B4FEF7E"/>
-
-
           <ServiceRef ref="icmp-ping_reply"/>
-
-
         </ServiceGroup>
-
-
-        <ServiceGroup comment="" id="id464147DB29061" name="tcp services 1">
+        <ServiceGroup id="id464147DB29061" name="tcp services 1">
           <ServiceRef ref="id3AECF774"/>
-
-
           <ServiceRef ref="tcp-FTP"/>
-
-
           <ServiceRef ref="tcp-HTTP"/>
-
-
         </ServiceGroup>
-
-
-        <ServiceGroup comment="" id="id464147DC29061" name="udp services 1">
+        <ServiceGroup id="id464147DC29061" name="udp services 1">
           <ServiceRef ref="id3D703C96"/>
-
-
           <ServiceRef ref="id3CB129D2"/>
-
-
           <ServiceRef ref="udp-DNS"/>
-
-
         </ServiceGroup>
-
-
-        <ServiceGroup comment="" id="id464147DD29061" name="icmp services 1">
+        <ServiceGroup id="id464147DD29061" name="icmp services 1">
           <ServiceRef ref="icmp-Host_unreach"/>
-
-
           <ServiceRef ref="icmp-Port_unreach"/>
-
-
           <ServiceRef ref="icmp-Time_exceeded"/>
-
-
           <ServiceRef ref="icmp-Time_exceeded_in_transit"/>
-
-
         </ServiceGroup>
-
-
-        <ServiceGroup comment="" id="id464147DE29061" name="ip services 1">
+        <ServiceGroup id="id464147DE29061" name="ip services 1">
           <ServiceRef ref="id3CB12797"/>
-
-
           <ServiceRef ref="ip-IPSEC"/>
-
-
           <ServiceRef ref="id3D703C8F"/>
-
-
         </ServiceGroup>
-
-
       </ServiceGroup>
-
-<ServiceGroup id="id4511636E23682" name="ICMP"/>
-
-<ServiceGroup id="id4511636F23682" name="IP"/>
-
-<ServiceGroup id="id4511637023682" name="TCP">
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="0" dst_range_start="0" established="True" fin_flag="False" fin_flag_mask="False" id="id4641521729061" name="http established" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="80" src_range_start="80" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
+      <ServiceGroup id="id4511636E23682" name="ICMP"/>
+      <ServiceGroup id="id4511636F23682" name="IP">
+        <IPService id="id151F20845" name="tos 16" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="False" ssrr="False" tos="16" ts="False"/>
+        <IPService id="id152020845" name="dscp 16" dscp="16" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="False" ssrr="False" tos="" ts="False"/>
+        <IPService id="id152120845" name="dscp af11" dscp="af11" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="False" ssrr="False" tos="" ts="False"/>
       </ServiceGroup>
-
-<ServiceGroup id="id4511637123682" name="UDP"/>
-
-<ServiceGroup id="id4511637223682" name="Custom"/>
-
-
-      <ServiceGroup id="id4511637323682" name="TagServices">
-        
-      
+      <ServiceGroup id="id4511637023682" name="TCP">
+        <TCPService id="id4641521729061" name="http established" ack_flag="False" ack_flag_mask="False" established="True" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
       </ServiceGroup>
-<ServiceGroup id="id4511636C23682_userservices" name="Users"/>
-
-
-      </ServiceGroup>
-
-
+      <ServiceGroup id="id4511637123682" name="UDP"/>
+      <ServiceGroup id="id4511637223682" name="Custom"/>
+      <ServiceGroup id="id4511637323682" name="TagServices"/>
+      <ServiceGroup id="id4511636C23682_userservices" name="Users"/>
+    </ServiceGroup>
     <ObjectGroup id="id4511637423682" name="Firewalls">
-      <Firewall comment="" host_OS="ios" id="id46412B5226577" inactive="False" lastCompiled="1185060662" lastInstalled="0" lastModified="1208635848" name="testios1" platform="iosacl" ro="False" version="12.x">
-        <NAT id="id46412B5626577" name="NAT">
-          </NAT>
-
-
-          <Policy id="id46412B5526577" name="Policy">
-          <PolicyRule action="Deny" comment="anti-spoofing" direction="Inbound" disabled="False" id="id464154BB29061" log="True" position="0">
+      <Firewall id="id46412B5226577" name="testios1" host_OS="ios" inactive="False" lastCompiled="1185060662" lastInstalled="0" lastModified="1208635848" platform="iosacl" ro="False" version="12.x">
+        <NAT id="id46412B5626577" name="NAT"/>
+        <Policy id="id46412B5526577" name="Policy">
+          <PolicyRule id="id464154BB29061" comment="anti-spoofing" action="Deny" direction="Inbound" disabled="False" log="True" position="0">
             <Src neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5826577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Deny" direction="Both" disabled="False" id="id4641623D29061" log="True" position="1">
+          <PolicyRule id="id4641623D29061" action="Deny" direction="Both" disabled="False" log="True" position="1">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="ip-IP_Fragments"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Both" disabled="False" id="id46412C3326611" log="False" position="2">
+          <PolicyRule id="id46412C3326611" action="Accept" direction="Both" disabled="False" log="False" position="2">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46415A0129061" log="False" position="3">
+          <PolicyRule id="id46415A0129061" action="Accept" direction="Both" disabled="False" log="False" position="3">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5826577"/>
-
-
               <ObjectRef ref="id46412B5A26577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641356226611" log="False" position="4">
+          <PolicyRule id="id4641356226611" action="Accept" direction="Both" disabled="False" log="False" position="4">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5A26577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641359926611" log="False" position="5">
+          <PolicyRule id="id4641359926611" action="Accept" direction="Both" disabled="False" log="False" position="5">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5826577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Inbound" disabled="False" id="id46412F0326611" log="False" position="6">
+          <PolicyRule id="id46412F0326611" action="Accept" direction="Inbound" disabled="False" log="False" position="6">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641357426611" log="False" position="7">
+          <PolicyRule id="id4641357426611" action="Accept" direction="Inbound" disabled="False" log="False" position="7">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5A26577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641358626611" log="False" position="8">
+          <PolicyRule id="id4641358626611" action="Accept" direction="Inbound" disabled="False" log="False" position="8">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5826577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641456D29061" log="False" position="9">
+          <PolicyRule id="id4641456D29061" action="Accept" direction="Both" disabled="False" log="False" position="9">
             <Src neg="False">
               <ObjectRef ref="id4641456929061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641457E29061" log="False" position="10">
+          <PolicyRule id="id4641457E29061" action="Accept" direction="Both" disabled="False" log="False" position="10">
             <Src neg="False">
               <ObjectRef ref="id4641456929061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5A26577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641458F29061" log="False" position="11">
+          <PolicyRule id="id4641458F29061" action="Accept" direction="Both" disabled="False" log="False" position="11">
             <Src neg="False">
               <ObjectRef ref="id4641456929061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46412B5826577"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0" direction="Both" disabled="False" id="id464147C929061" log="False" position="12">
+          <PolicyRule id="id464147C929061" comment="interface ethernet1 has address on network 10.10.10.0/24,&#10;therefore net-10.10.10 is behind the router and we do&#10;not need to put rules 12-18 in outbound acl of eth0" action="Accept" direction="Both" disabled="False" log="False" position="12">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DE29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414A3E29061" log="False" position="13">
+          <PolicyRule id="id46414A3E29061" action="Accept" direction="Both" disabled="False" log="False" position="13">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DD29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414A4F29061" log="False" position="14">
+          <PolicyRule id="id46414A4F29061" action="Accept" direction="Both" disabled="False" log="False" position="14">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DB29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414A6029061" log="False" position="15">
+          <PolicyRule id="id46414A6029061" action="Accept" direction="Both" disabled="False" log="False" position="15">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DC29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46414CEB29061" log="False" position="16">
+          <PolicyRule id="id46414CEB29061" action="Accept" direction="Both" disabled="False" log="False" position="16">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id463FE5FE11008"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4641521829061" log="False" position="17">
+          <PolicyRule id="id4641521829061" action="Accept" direction="Both" disabled="False" log="False" position="17">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id4641521729061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id46415F6729061" log="False" position="18">
+          <PolicyRule id="id46415F6729061" action="Accept" direction="Both" disabled="False" log="False" position="18">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DA29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Deny" direction="Both" disabled="False" id="id46412C2726611" log="True" position="19">
+          <PolicyRule id="id46412C2726611" action="Deny" direction="Both" disabled="False" log="True" position="19">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          </Policy>
-
-
-          
-          <Routing id="id46412B5726577" name="Routing">
-          </Routing>
-
-
-          <Interface bridgeport="False" dyn="False" id="id46412B5826577" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
+        </Policy>
+        <Routing id="id46412B5726577" name="Routing"/>
+        <Interface id="id46412B5826577" name="ethernet0" bridgeport="False" dyn="False" label="" security_level="50" unnum="False" unprotected="False">
           <IPv4 id="id46412B5926577" name="testios1:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id46412B5A26577" label="" mgmt="False" name="ethernet1" security_level="100" unnum="False" unprotected="True">
+        <Interface id="id46412B5A26577" name="ethernet1" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="True">
           <IPv4 id="id46412B5B26577" name="testios1:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id4642828219184" label="" mgmt="False" name="ethernet2" security_level="100" unnum="False" unprotected="True">
-          <IPv4 comment="" id="id4642828319184" name="testios1:ethernet2:ip" address="3.3.3.3" netmask="255.255.255.0"/>
-
-
+        <Interface id="id4642828219184" name="ethernet2" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="True">
+          <IPv4 id="id4642828319184" name="testios1:ethernet2:ip" address="3.3.3.3" netmask="255.255.255.0"/>
         </Interface>
-
-
-          <Management address="10.10.10.1">
+        <Management address="10.10.10.1">
           <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-
-
           <FWBDManagement enabled="False" identity="" port="-1"/>
-
-
           <PolicyInstallScript arguments="" command="" enabled="False"/>
-
-
         </Management>
-
-
-          <FirewallOptions>
+        <FirewallOptions>
           <Option name="accept_established">true</Option>
-
-
           <Option name="accept_new_tcp_with_no_syn">true</Option>
-
-
           <Option name="add_check_state_rule">true</Option>
-
-
-          <Option name="admUser"/>
-
-
-          <Option name="altAddress"/>
-
-
+          <Option name="admUser"></Option>
+          <Option name="altAddress"></Option>
           <Option name="check_shading">False</Option>
-
-
-          <Option name="compiler"/>
-
-
+          <Option name="compiler"></Option>
           <Option name="configure_interfaces">true</Option>
-
-
           <Option name="eliminate_duplicates">true</Option>
-
-
           <Option name="firewall_dir">/etc</Option>
-
-
           <Option name="firewall_is_part_of_any_and_networks">true</Option>
-
-
           <Option name="freebsd_ip_forward">1</Option>
-
-
           <Option name="ignore_empty_groups">False</Option>
-
-
           <Option name="in_out_code">true</Option>
-
-
           <Option name="ios_ip_address">True</Option>
-
-
           <Option name="ios_set_host_name">True</Option>
-
-
           <Option name="iosacl_acl_basic">True</Option>
-
-
           <Option name="iosacl_acl_no_clear">False</Option>
-
-
           <Option name="iosacl_acl_substitution">False</Option>
-
-
-          <Option name="iosacl_acl_temp_addr"/>
-
-
+          <Option name="iosacl_acl_temp_addr"></Option>
           <Option name="iosacl_add_clear_statements">true</Option>
-
-
           <Option name="iosacl_assume_fw_part_of_any">true</Option>
-
-
-          <Option name="iosacl_epilog_script"/>
-
-
+          <Option name="iosacl_epilog_script"></Option>
           <Option name="iosacl_include_comments">True</Option>
-
-
           <Option name="iosacl_logging_buffered">False</Option>
-
-
-          <Option name="iosacl_logging_buffered_level"/>
-
-
+          <Option name="iosacl_logging_buffered_level"></Option>
           <Option name="iosacl_logging_console">False</Option>
-
-
-          <Option name="iosacl_logging_console_level"/>
-
-
+          <Option name="iosacl_logging_console_level"></Option>
           <Option name="iosacl_logging_timestamp">False</Option>
-
-
-          <Option name="iosacl_logging_trap_level"/>
-
-
-          <Option name="iosacl_prolog_script"/>
-
-
+          <Option name="iosacl_logging_trap_level"></Option>
+          <Option name="iosacl_prolog_script"></Option>
           <Option name="iosacl_regroup_commands">False</Option>
-
-
-          <Option name="iosacl_syslog_facility"/>
-
-
-          <Option name="iosacl_syslog_host"/>
-
-
+          <Option name="iosacl_syslog_facility"></Option>
+          <Option name="iosacl_syslog_host"></Option>
           <Option name="limit_value">0</Option>
-
-
           <Option name="linux24_ip_forward">1</Option>
-
-
           <Option name="load_modules">true</Option>
-
-
           <Option name="local_nat">false</Option>
-
-
           <Option name="log_level">info</Option>
-
-
           <Option name="log_prefix">RULE %N -- %A </Option>
-
-
           <Option name="loopback_interface">lo0</Option>
-
-
           <Option name="macosx_ip_forward">1</Option>
-
-
           <Option name="manage_virtual_addr">true</Option>
-
-
-          <Option name="mgmt_addr"/>
-
-
+          <Option name="mgmt_addr"></Option>
           <Option name="mgmt_ssh">False</Option>
-
-
           <Option name="openbsd_ip_forward">1</Option>
-
-
-          <Option name="output_file"/>
-
-
+          <Option name="output_file"></Option>
           <Option name="pass_all_out">false</Option>
-
-
           <Option name="pf_limit_frags">5000</Option>
-
-
           <Option name="pf_limit_states">10000</Option>
-
-
           <Option name="pf_scrub_maxmss">1460</Option>
-
-
           <Option name="pf_timeout_frag">30</Option>
-
-
           <Option name="pf_timeout_interval">10</Option>
-
-
           <Option name="pix_add_clear_statements">true</Option>
-
-
           <Option name="pix_assume_fw_part_of_any">true</Option>
-
-
           <Option name="pix_default_logint">300</Option>
-
-
           <Option name="pix_emblem_log_format">false</Option>
-
-
           <Option name="pix_emulate_out_acl">true</Option>
-
-
           <Option name="pix_floodguard">true</Option>
-
-
           <Option name="pix_include_comments">true</Option>
-
-
           <Option name="pix_route_dnat_supported">true</Option>
-
-
           <Option name="pix_rule_syslog_settings">false</Option>
-
-
           <Option name="pix_security_fragguard_supported">true</Option>
-
-
           <Option name="pix_syslog_device_id_supported">false</Option>
-
-
           <Option name="pix_use_acl_remarks">true</Option>
-
-
           <Option name="prompt1">$ </Option>
-
-
           <Option name="prompt2"> # </Option>
-
-
           <Option name="solaris_ip_forward">1</Option>
-
-
-          <Option name="sshArgs"/>
-
-
+          <Option name="sshArgs"></Option>
           <Option name="ulog_nlgroup">1</Option>
-
-
           <Option name="verify_interfaces">true</Option>
-
-
         </FirewallOptions>
-
-
-          </Firewall>
-
-
-      <Firewall comment="" host_OS="ios" id="id464131E426611" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1178753518" name="testios20" platform="iosacl" ro="False" version="12.x">
-        <NAT id="id4641320F26611" name="NAT">
-          </NAT>
-
-
-          <Policy id="id464131EA26611" name="Policy">
-          <PolicyRule action="Accept" direction="Both" disabled="False" id="id464131EB26611" log="False" position="0">
+      </Firewall>
+      <Firewall id="id464131E426611" name="testios20" host_OS="ios" inactive="False" lastCompiled="1215311660" lastInstalled="0" lastModified="1215311652" platform="iosacl" ro="False" version="12.x">
+        <NAT id="id4641320F26611" name="NAT"/>
+        <Policy id="id464131EA26611" name="Policy">
+          <PolicyRule id="id464131EB26611" action="Accept" direction="Both" disabled="False" log="False" position="0">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Both" disabled="False" id="id464131F726611" log="False" position="1">
+          <PolicyRule id="id464131F726611" action="Accept" direction="Both" disabled="False" log="False" position="1">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id4641321426611"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464137AA26611" log="False" position="2">
+          <PolicyRule id="id464137AA26611" action="Accept" direction="Both" disabled="False" log="False" position="2">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id4641321126611"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641379926611" log="False" position="3">
+          <PolicyRule id="id4641379926611" action="Accept" direction="Inbound" disabled="False" log="False" position="3">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641378826611" log="False" position="4">
+          <PolicyRule id="id4641378826611" action="Accept" direction="Inbound" disabled="False" log="False" position="4">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id4641321426611"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4641377726611" log="False" position="5">
+          <PolicyRule id="id4641377726611" action="Accept" direction="Inbound" disabled="False" log="False" position="5">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id4641321126611"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Deny" direction="Both" disabled="False" id="id4641320326611" log="True" position="6">
+          <PolicyRule id="id152F20845" action="Accept" direction="Both" disabled="False" group="" log="False" position="6">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
-              <ServiceRef ref="sysid1"/>
-
-
+            <Srv neg="False">
+              <ServiceRef ref="id151F20845"/>
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id152220845" action="Accept" direction="Both" disabled="False" group="" log="False" position="7">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id152020845"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id153D20845" action="Accept" direction="Both" disabled="False" group="" log="False" position="8">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id152120845"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id154B20845" action="Accept" direction="Both" disabled="False" group="" log="False" position="9">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id152020845"/>
+              <ServiceRef ref="id152120845"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id4641320326611" action="Deny" direction="Both" disabled="False" log="True" position="10">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="sysid1"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          </Policy>
-
-
-          
-          <Routing id="id4641321026611" name="Routing">
-          </Routing>
-
-
-          <Interface bridgeport="False" dyn="False" id="id4641321126611" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
+        </Policy>
+        <Routing id="id4641321026611" name="Routing"/>
+        <Interface id="id4641321126611" name="ethernet0" bridgeport="False" dyn="False" label="" security_level="50" unnum="False" unprotected="False">
           <IPv4 id="id4641321326611" name="testios20:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id4641321426611" label="" mgmt="False" name="ethernet1" network_zone="sysid0" security_level="100" unnum="False" unprotected="False">
+        <Interface id="id4641321426611" name="ethernet1" bridgeport="False" dyn="False" label="" mgmt="False" network_zone="sysid0" security_level="100" unnum="False" unprotected="False">
           <IPv4 id="id4641321626611" name="testios20:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-
-          <Management address="10.10.10.1">
+        <Management address="10.10.10.1">
           <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-
-
           <FWBDManagement enabled="False" identity="" port="-1"/>
-
-
           <PolicyInstallScript arguments="" command="" enabled="False"/>
-
-
         </Management>
-
-
-          <FirewallOptions>
+        <FirewallOptions>
           <Option name="accept_established">true</Option>
-
-
           <Option name="accept_new_tcp_with_no_syn">true</Option>
-
-
           <Option name="add_check_state_rule">true</Option>
-
-
-          <Option name="admUser"/>
-
-
-          <Option name="altAddress"/>
-
-
+          <Option name="admUser"></Option>
+          <Option name="altAddress"></Option>
           <Option name="check_shading">False</Option>
-
-
-          <Option name="compiler"/>
-
-
+          <Option name="compiler"></Option>
           <Option name="configure_interfaces">true</Option>
-
-
           <Option name="eliminate_duplicates">true</Option>
-
-
           <Option name="firewall_dir">/etc</Option>
-
-
           <Option name="firewall_is_part_of_any_and_networks">true</Option>
-
-
           <Option name="freebsd_ip_forward">1</Option>
-
-
           <Option name="ignore_empty_groups">False</Option>
-
-
           <Option name="in_out_code">true</Option>
-
-
           <Option name="ios_ip_address">True</Option>
-
-
           <Option name="ios_set_host_name">True</Option>
-
-
           <Option name="iosacl_acl_basic">True</Option>
-
-
           <Option name="iosacl_acl_no_clear">False</Option>
-
-
           <Option name="iosacl_acl_substitution">False</Option>
-
-
-          <Option name="iosacl_acl_temp_addr"/>
-
-
+          <Option name="iosacl_acl_temp_addr"></Option>
           <Option name="iosacl_add_clear_statements">true</Option>
-
-
           <Option name="iosacl_assume_fw_part_of_any">true</Option>
-
-
-          <Option name="iosacl_epilog_script"/>
-
-
+          <Option name="iosacl_epilog_script"></Option>
           <Option name="iosacl_include_comments">True</Option>
-
-
           <Option name="iosacl_logging_buffered">False</Option>
-
-
-          <Option name="iosacl_logging_buffered_level"/>
-
-
+          <Option name="iosacl_logging_buffered_level"></Option>
           <Option name="iosacl_logging_console">False</Option>
-
-
-          <Option name="iosacl_logging_console_level"/>
-
-
+          <Option name="iosacl_logging_console_level"></Option>
           <Option name="iosacl_logging_timestamp">False</Option>
-
-
-          <Option name="iosacl_logging_trap_level"/>
-
-
-          <Option name="iosacl_prolog_script"/>
-
-
+          <Option name="iosacl_logging_trap_level"></Option>
+          <Option name="iosacl_prolog_script"></Option>
           <Option name="iosacl_regroup_commands">False</Option>
-
-
-          <Option name="iosacl_syslog_facility"/>
-
-
-          <Option name="iosacl_syslog_host"/>
-
-
+          <Option name="iosacl_syslog_facility"></Option>
+          <Option name="iosacl_syslog_host"></Option>
           <Option name="limit_value">0</Option>
-
-
           <Option name="linux24_ip_forward">1</Option>
-
-
           <Option name="load_modules">true</Option>
-
-
           <Option name="local_nat">false</Option>
-
-
           <Option name="log_level">info</Option>
-
-
           <Option name="log_prefix">RULE %N -- %A </Option>
-
-
           <Option name="loopback_interface">lo0</Option>
-
-
           <Option name="macosx_ip_forward">1</Option>
-
-
           <Option name="manage_virtual_addr">true</Option>
-
-
-          <Option name="mgmt_addr"/>
-
-
+          <Option name="mgmt_addr"></Option>
           <Option name="mgmt_ssh">False</Option>
-
-
           <Option name="openbsd_ip_forward">1</Option>
-
-
-          <Option name="output_file"/>
-
-
+          <Option name="output_file"></Option>
           <Option name="pass_all_out">false</Option>
-
-
           <Option name="pf_limit_frags">5000</Option>
-
-
           <Option name="pf_limit_states">10000</Option>
-
-
           <Option name="pf_scrub_maxmss">1460</Option>
-
-
           <Option name="pf_timeout_frag">30</Option>
-
-
           <Option name="pf_timeout_interval">10</Option>
-
-
           <Option name="pix_add_clear_statements">true</Option>
-
-
           <Option name="pix_assume_fw_part_of_any">true</Option>
-
-
           <Option name="pix_default_logint">300</Option>
-
-
           <Option name="pix_emblem_log_format">false</Option>
-
-
           <Option name="pix_emulate_out_acl">true</Option>
-
-
           <Option name="pix_floodguard">true</Option>
-
-
           <Option name="pix_include_comments">true</Option>
-
-
           <Option name="pix_route_dnat_supported">true</Option>
-
-
           <Option name="pix_rule_syslog_settings">false</Option>
-
-
           <Option name="pix_security_fragguard_supported">true</Option>
-
-
           <Option name="pix_syslog_device_id_supported">false</Option>
-
-
           <Option name="pix_use_acl_remarks">true</Option>
-
-
           <Option name="prompt1">$ </Option>
-
-
           <Option name="prompt2"> # </Option>
-
-
           <Option name="solaris_ip_forward">1</Option>
-
-
-          <Option name="sshArgs"/>
-
-
+          <Option name="sshArgs"></Option>
           <Option name="ulog_nlgroup">1</Option>
-
-
           <Option name="verify_interfaces">true</Option>
-
-
         </FirewallOptions>
-
-
-          </Firewall>
-
-
-      <Firewall comment="" host_OS="ios" id="id464264CC12807" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1178755598" name="testios2" platform="iosacl" ro="False" version="12.x">
-        <NAT id="id464265C412807" name="NAT">
-          </NAT>
-
-
-          <Policy id="id464264D212807" name="Policy">
-          <PolicyRule action="Deny" comment="anti-spoofing" direction="Inbound" disabled="False" id="id464264D312807" log="True" position="0">
+      </Firewall>
+      <Firewall id="id464264CC12807" name="testios2" host_OS="ios" inactive="False" lastCompiled="0" lastInstalled="0" lastModified="1178755598" platform="iosacl" ro="False" version="12.x">
+        <NAT id="id464265C412807" name="NAT"/>
+        <Policy id="id464264D212807" name="Policy">
+          <PolicyRule id="id464264D312807" comment="anti-spoofing" action="Deny" direction="Inbound" disabled="False" log="True" position="0">
             <Src neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C612807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Deny" direction="Both" disabled="False" id="id464264DF12807" log="True" position="1">
+          <PolicyRule id="id464264DF12807" action="Deny" direction="Both" disabled="False" log="True" position="1">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="ip-IP_Fragments"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Both" disabled="False" id="id464264EB12807" log="False" position="2">
+          <PolicyRule id="id464264EB12807" action="Accept" direction="Both" disabled="False" log="False" position="2">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464264F712807" log="False" position="3">
+          <PolicyRule id="id464264F712807" action="Accept" direction="Both" disabled="False" log="False" position="3">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C612807"/>
-
-
               <ObjectRef ref="id464265C912807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642650412807" log="False" position="4">
+          <PolicyRule id="id4642650412807" action="Accept" direction="Both" disabled="False" log="False" position="4">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C912807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642651012807" log="False" position="5">
+          <PolicyRule id="id4642651012807" action="Accept" direction="Both" disabled="False" log="False" position="5">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C612807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Inbound" disabled="False" id="id4642651C12807" log="False" position="6">
+          <PolicyRule id="id4642651C12807" action="Accept" direction="Inbound" disabled="False" log="False" position="6">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4642652812807" log="False" position="7">
+          <PolicyRule id="id4642652812807" action="Accept" direction="Inbound" disabled="False" log="False" position="7">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C912807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Inbound" disabled="False" id="id4642653412807" log="False" position="8">
+          <PolicyRule id="id4642653412807" action="Accept" direction="Inbound" disabled="False" log="False" position="8">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C612807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#8BC065</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642654012807" log="False" position="9">
+          <PolicyRule id="id4642654012807" action="Accept" direction="Both" disabled="False" log="False" position="9">
             <Src neg="False">
               <ObjectRef ref="id4641456929061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642654C12807" log="False" position="10">
+          <PolicyRule id="id4642654C12807" action="Accept" direction="Both" disabled="False" log="False" position="10">
             <Src neg="False">
               <ObjectRef ref="id4641456929061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C912807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642655812807" log="False" position="11">
+          <PolicyRule id="id4642655812807" action="Accept" direction="Both" disabled="False" log="False" position="11">
             <Src neg="False">
               <ObjectRef ref="id4641456929061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C4226611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id464265C612807"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C0BA44</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642656412807" log="False" position="12">
+          <PolicyRule id="id4642656412807" action="Accept" direction="Both" disabled="False" log="False" position="12">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DE29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642657012807" log="False" position="13">
+          <PolicyRule id="id4642657012807" action="Accept" direction="Both" disabled="False" log="False" position="13">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DD29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642657C12807" log="False" position="14">
+          <PolicyRule id="id4642657C12807" action="Accept" direction="Both" disabled="False" log="False" position="14">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DB29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642658812807" log="False" position="15">
+          <PolicyRule id="id4642658812807" action="Accept" direction="Both" disabled="False" log="False" position="15">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DC29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id4642659412807" log="False" position="16">
+          <PolicyRule id="id4642659412807" action="Accept" direction="Both" disabled="False" log="False" position="16">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id463FE5FE11008"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464265A012807" log="False" position="17">
+          <PolicyRule id="id464265A012807" action="Accept" direction="Both" disabled="False" log="False" position="17">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id4641521729061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" direction="Both" disabled="False" id="id464265AC12807" log="False" position="18">
+          <PolicyRule id="id464265AC12807" action="Accept" direction="Both" disabled="False" log="False" position="18">
             <Src neg="False">
               <ObjectRef ref="id4641456629061"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46412C3F26611"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id464147DA29061"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="color">#C86E6E</Option>
-
-
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Deny" direction="Both" disabled="False" id="id464265B812807" log="True" position="19">
+          <PolicyRule id="id464265B812807" action="Deny" direction="Both" disabled="False" log="True" position="19">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          </Policy>
-
-
-          
-          <Routing id="id464265C512807" name="Routing">
-          </Routing>
-
-
-          <Interface bridgeport="False" dyn="False" id="id464265C612807" label="" name="ethernet0" security_level="50" unnum="False" unprotected="False">
+        </Policy>
+        <Routing id="id464265C512807" name="Routing"/>
+        <Interface id="id464265C612807" name="ethernet0" bridgeport="False" dyn="False" label="" security_level="50" unnum="False" unprotected="False">
           <IPv4 id="id464265C812807" name="testios2:ethernet0:ip" address="1.1.1.1" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id464265C912807" label="" mgmt="True" name="ethernet1" security_level="100" unnum="False" unprotected="False">
+        <Interface id="id464265C912807" name="ethernet1" bridgeport="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False">
           <IPv4 id="id464265CB12807" name="testios2:ethernet1:ip" address="10.10.10.1" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-
-          <Management address="10.10.10.1">
+        <Management address="10.10.10.1">
           <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-
-
           <FWBDManagement enabled="False" identity="" port="-1"/>
-
-
           <PolicyInstallScript arguments="" command="" enabled="False"/>
-
-
         </Management>
-
-
-          <FirewallOptions>
+        <FirewallOptions>
           <Option name="accept_established">true</Option>
-
-
           <Option name="accept_new_tcp_with_no_syn">true</Option>
-
-
           <Option name="add_check_state_rule">true</Option>
-
-
-          <Option name="admUser"/>
-
-
-          <Option name="altAddress"/>
-
-
+          <Option name="admUser"></Option>
+          <Option name="altAddress"></Option>
           <Option name="check_shading">False</Option>
-
-
           <Option name="configure_interfaces">true</Option>
-
-
           <Option name="eliminate_duplicates">true</Option>
-
-
           <Option name="firewall_dir">/etc</Option>
-
-
           <Option name="firewall_is_part_of_any_and_networks">true</Option>
-
-
           <Option name="freebsd_ip_forward">1</Option>
-
-
           <Option name="ignore_empty_groups">False</Option>
-
-
           <Option name="in_out_code">true</Option>
-
-
           <Option name="ios_ip_address">True</Option>
-
-
           <Option name="ios_set_host_name">True</Option>
-
-
           <Option name="iosacl_acl_basic">False</Option>
-
-
           <Option name="iosacl_acl_no_clear">False</Option>
-
-
           <Option name="iosacl_acl_substitution">True</Option>
-
-
           <Option name="iosacl_acl_temp_addr">10.10.10.0/24</Option>
-
-
           <Option name="iosacl_add_clear_statements">true</Option>
-
-
           <Option name="iosacl_assume_fw_part_of_any">true</Option>
-
-
-          <Option name="iosacl_epilog_script"/>
-
-
+          <Option name="iosacl_epilog_script"></Option>
           <Option name="iosacl_include_comments">True</Option>
-
-
           <Option name="iosacl_logging_buffered">False</Option>
-
-
-          <Option name="iosacl_logging_buffered_level"/>
-
-
+          <Option name="iosacl_logging_buffered_level"></Option>
           <Option name="iosacl_logging_console">False</Option>
-
-
-          <Option name="iosacl_logging_console_level"/>
-
-
+          <Option name="iosacl_logging_console_level"></Option>
           <Option name="iosacl_logging_timestamp">False</Option>
-
-
-          <Option name="iosacl_logging_trap_level"/>
-
-
-          <Option name="iosacl_prolog_script"/>
-
-
+          <Option name="iosacl_logging_trap_level"></Option>
+          <Option name="iosacl_prolog_script"></Option>
           <Option name="iosacl_regroup_commands">False</Option>
-
-
-          <Option name="iosacl_syslog_facility"/>
-
-
-          <Option name="iosacl_syslog_host"/>
-
-
+          <Option name="iosacl_syslog_facility"></Option>
+          <Option name="iosacl_syslog_host"></Option>
           <Option name="limit_value">0</Option>
-
-
           <Option name="linux24_ip_forward">1</Option>
-
-
           <Option name="load_modules">true</Option>
-
-
           <Option name="local_nat">false</Option>
-
-
           <Option name="log_level">info</Option>
-
-
           <Option name="log_prefix">RULE %N -- %A </Option>
-
-
           <Option name="loopback_interface">lo0</Option>
-
-
           <Option name="macosx_ip_forward">1</Option>
-
-
           <Option name="manage_virtual_addr">true</Option>
-
-
-          <Option name="mgmt_addr"/>
-
-
+          <Option name="mgmt_addr"></Option>
           <Option name="mgmt_ssh">False</Option>
-
-
           <Option name="openbsd_ip_forward">1</Option>
-
-
-          <Option name="output_file"/>
-
-
+          <Option name="output_file"></Option>
           <Option name="pass_all_out">false</Option>
-
-
           <Option name="pf_limit_frags">5000</Option>
-
-
           <Option name="pf_limit_states">10000</Option>
-
-
           <Option name="pf_scrub_maxmss">1460</Option>
-
-
           <Option name="pf_timeout_frag">30</Option>
-
-
           <Option name="pf_timeout_interval">10</Option>
-
-
           <Option name="pix_add_clear_statements">true</Option>
-
-
           <Option name="pix_assume_fw_part_of_any">true</Option>
-
-
           <Option name="pix_default_logint">300</Option>
-
-
           <Option name="pix_emblem_log_format">false</Option>
-
-
           <Option name="pix_emulate_out_acl">true</Option>
-
-
           <Option name="pix_floodguard">true</Option>
-
-
           <Option name="pix_include_comments">true</Option>
-
-
           <Option name="pix_route_dnat_supported">true</Option>
-
-
           <Option name="pix_rule_syslog_settings">false</Option>
-
-
           <Option name="pix_security_fragguard_supported">true</Option>
-
-
           <Option name="pix_syslog_device_id_supported">false</Option>
-
-
           <Option name="pix_use_acl_remarks">true</Option>
-
-
           <Option name="prompt1">$ </Option>
-
-
           <Option name="prompt2"> # </Option>
-
-
           <Option name="solaris_ip_forward">1</Option>
-
-
-          <Option name="sshArgs"/>
-
-
+          <Option name="sshArgs"></Option>
           <Option name="ulog_nlgroup">1</Option>
-
-
           <Option name="verify_interfaces">true</Option>
-
-
         </FirewallOptions>
-
-
-          </Firewall>
-
-
-      <Firewall comment="" host_OS="ios" id="id464359FE16989" inactive="False" lastCompiled="1178816547" lastInstalled="0" lastModified="1179459485" name="c3620" platform="iosacl" ro="False" version="12.x">
-        <NAT id="id46435A0216989" name="NAT">
-          </NAT>
-
-
-          <Policy id="id46435A0116989" name="Policy">
-          <PolicyRule action="Accept" comment="interface eth 1/1 has only&#10;inbound access list" direction="Inbound" disabled="False" id="id464D2B0E24319" log="False" position="0">
+      </Firewall>
+      <Firewall id="id464359FE16989" name="c3620" host_OS="ios" inactive="False" lastCompiled="1178816547" lastInstalled="0" lastModified="1179459485" platform="iosacl" ro="False" version="12.x">
+        <NAT id="id46435A0216989" name="NAT"/>
+        <Policy id="id46435A0116989" name="Policy">
+          <PolicyRule id="id464D2B0E24319" comment="interface eth 1/1 has only&#10;inbound access list" action="Accept" direction="Inbound" disabled="False" log="False" position="0">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="tcp-HTTP"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46435A0616989"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Both" disabled="False" id="id464C8AAD10931" log="False" position="1">
+          <PolicyRule id="id464C8AAD10931" action="Accept" direction="Both" disabled="False" log="False" position="1">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="tcp-HTTP"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46435A0416989"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Both" disabled="False" id="id464C8AA110931" log="False" position="2">
+          <PolicyRule id="id464C8AA110931" action="Accept" direction="Both" disabled="False" log="False" position="2">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="id3B4FED69"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46435A0416989"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Inbound" disabled="False" id="id46435A1C16989" log="False" position="3">
+          <PolicyRule id="id46435A1C16989" action="Accept" direction="Inbound" disabled="False" log="False" position="3">
             <Src neg="False">
               <ObjectRef ref="id46435A0F16989"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46435A0816989"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Outbound" disabled="False" id="id4643662716989" log="False" position="4">
+          <PolicyRule id="id4643662716989" action="Accept" direction="Outbound" disabled="False" log="False" position="4">
             <Src neg="False">
               <ObjectRef ref="id46435A0F16989"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46435A0416989"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Inbound" disabled="False" id="id4643664116989" log="False" position="5">
+          <PolicyRule id="id4643664116989" action="Accept" direction="Inbound" disabled="False" log="False" position="5">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46435A0F16989"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46435A0416989"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Outbound" disabled="False" id="id4643663516989" log="False" position="6">
+          <PolicyRule id="id4643663516989" action="Accept" direction="Outbound" disabled="False" log="False" position="6">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="id46435A0F16989"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="id46435A0816989"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">False</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          <PolicyRule action="Deny" comment="disable this rule to make&#10;sure no outbound rules are&#10;generated for eth 1/1" direction="Both" disabled="True" id="id46435A1016989" log="True" position="7">
+          <PolicyRule id="id46435A1016989" comment="disable this rule to make&#10;sure no outbound rules are&#10;generated for eth 1/1" action="Deny" direction="Both" disabled="True" log="True" position="7">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Src>
-
-<Dst neg="False">
+            <Dst neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Dst>
-
-<Srv neg="False">
+            <Srv neg="False">
               <ServiceRef ref="sysid1"/>
-
-
             </Srv>
-
-<Itf neg="False">
+            <Itf neg="False">
               <ObjectRef ref="sysid0"/>
-
-
             </Itf>
-
-<When neg="False">
+            <When neg="False">
               <IntervalRef ref="sysid2"/>
-
-
             </When>
-
-
             <PolicyRuleOptions>
               <Option name="stateless">True</Option>
-
-
             </PolicyRuleOptions>
-
-
           </PolicyRule>
-
-
-          </Policy>
-
-
-          
-          <Routing id="id46435A0316989" name="Routing">
-          </Routing>
-
-
-          <Interface bridgeport="False" comment="" dyn="False" id="id46435A0416989" label="" mgmt="False" name="Ethernet1/0" security_level="0" unnum="False" unprotected="False">
+        </Policy>
+        <Routing id="id46435A0316989" name="Routing"/>
+        <Interface id="id46435A0416989" name="Ethernet1/0" bridgeport="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False">
           <IPv4 id="id46435A0516989" name="c3620:Ethernet1/0:ip" address="192.168.171.2" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id46435A0616989" label="" mgmt="False" name="Ethernet1/1" security_level="100" unnum="False" unprotected="False">
+        <Interface id="id46435A0616989" name="Ethernet1/1" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False">
           <IPv4 id="id46435A0716989" name="c3620:Ethernet1/1:ip" address="0.0.0.0" netmask="255.255.255.255"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id46435A0816989" label="" mgmt="True" name="FastEthernet0/0" security_level="100" unnum="False" unprotected="False">
+        <Interface id="id46435A0816989" name="FastEthernet0/0" bridgeport="False" dyn="False" label="" mgmt="True" security_level="100" unnum="False" unprotected="False">
           <IPv4 id="id46435A0916989" name="c3620:FastEthernet0/0:ip" address="10.3.14.201" netmask="255.255.255.0"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id46435A0A16989" label="" mgmt="False" name="Null0" security_level="100" unnum="False" unprotected="True">
+        <Interface id="id46435A0A16989" name="Null0" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="True">
           <IPv4 id="id46435A0B16989" name="c3620:Null0:ip" address="0.0.0.0" netmask="255.255.255.255"/>
-
-
         </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id46435A0C16989" label="" mgmt="False" name="Serial1/0" security_level="100" unnum="False" unprotected="True">
+        <Interface id="id46435A0C16989" name="Serial1/0" bridgeport="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="True">
           <IPv4 id="id46435A0D16989" name="c3620:Serial1/0:ip" address="0.0.0.0" netmask="255.255.255.255"/>
-
-
         </Interface>
-
-
-          <Management address="10.3.14.201">
+        <Management address="10.3.14.201">
           <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-
-
           <FWBDManagement enabled="False" identity="" port="-1"/>
-
-
           <PolicyInstallScript arguments="" command="" enabled="False"/>
-
-
         </Management>
-
-
-          <FirewallOptions>
+        <FirewallOptions>
           <Option name="accept_established">true</Option>
-
-
           <Option name="accept_new_tcp_with_no_syn">true</Option>
-
-
           <Option name="add_check_state_rule">true</Option>
-
-
-          <Option name="admUser"/>
-
-
-          <Option name="altAddress"/>
-
-
+          <Option name="admUser"></Option>
+          <Option name="altAddress"></Option>
           <Option name="check_shading">False</Option>
-
-
           <Option name="configure_interfaces">true</Option>
-
-
           <Option name="eliminate_duplicates">true</Option>
-
-
           <Option name="firewall_dir">/etc</Option>
-
-
           <Option name="firewall_is_part_of_any_and_networks">true</Option>
-
-
           <Option name="freebsd_ip_forward">1</Option>
-
-
           <Option name="ignore_empty_groups">False</Option>
-
-
           <Option name="in_out_code">true</Option>
-
-
           <Option name="iosacl_acl_basic">True</Option>
-
-
           <Option name="iosacl_acl_no_clear">False</Option>
-
-
           <Option name="iosacl_acl_substitution">False</Option>
-
-
-          <Option name="iosacl_acl_temp_addr"/>
-
-
+          <Option name="iosacl_acl_temp_addr"></Option>
           <Option name="iosacl_add_clear_statements">true</Option>
-
-
           <Option name="iosacl_assume_fw_part_of_any">true</Option>
-
-
-          <Option name="iosacl_epilog_script"/>
-
-
+          <Option name="iosacl_epilog_script"></Option>
           <Option name="iosacl_include_comments">True</Option>
-
-
           <Option name="iosacl_logging_buffered">False</Option>
-
-
-          <Option name="iosacl_logging_buffered_level"/>
-
-
+          <Option name="iosacl_logging_buffered_level"></Option>
           <Option name="iosacl_logging_console">False</Option>
-
-
-          <Option name="iosacl_logging_console_level"/>
-
-
+          <Option name="iosacl_logging_console_level"></Option>
           <Option name="iosacl_logging_timestamp">False</Option>
-
-
-          <Option name="iosacl_logging_trap_level"/>
-
-
-          <Option name="iosacl_prolog_script"/>
-
-
+          <Option name="iosacl_logging_trap_level"></Option>
+          <Option name="iosacl_prolog_script"></Option>
           <Option name="iosacl_regroup_commands">False</Option>
-
-
-          <Option name="iosacl_syslog_facility"/>
-
-
-          <Option name="iosacl_syslog_host"/>
-
-
+          <Option name="iosacl_syslog_facility"></Option>
+          <Option name="iosacl_syslog_host"></Option>
           <Option name="limit_value">0</Option>
-
-
           <Option name="linux24_ip_forward">1</Option>
-
-
           <Option name="load_modules">true</Option>
-
-
           <Option name="local_nat">false</Option>
-
-
           <Option name="log_level">info</Option>
-
-
           <Option name="log_prefix">RULE %N -- %A </Option>
-
-
           <Option name="loopback_interface">lo0</Option>
-
-
           <Option name="macosx_ip_forward">1</Option>
-
-
           <Option name="manage_virtual_addr">true</Option>
-
-
           <Option name="mgmt_addr">10.3.14.40</Option>
-
-
           <Option name="mgmt_ssh">True</Option>
-
-
           <Option name="openbsd_ip_forward">1</Option>
-
-
-          <Option name="output_file"/>
-
-
+          <Option name="output_file"></Option>
           <Option name="pass_all_out">false</Option>
-
-
           <Option name="pf_limit_frags">5000</Option>
-
-
           <Option name="pf_limit_states">10000</Option>
-
-
           <Option name="pf_scrub_maxmss">1460</Option>
-
-
           <Option name="pf_timeout_frag">30</Option>
-
-
           <Option name="pf_timeout_interval">10</Option>
-
-
           <Option name="pix_add_clear_statements">true</Option>
-
-
           <Option name="pix_assume_fw_part_of_any">true</Option>
-
-
           <Option name="pix_default_logint">300</Option>
-
-
           <Option name="pix_emblem_log_format">false</Option>
-
-
           <Option name="pix_emulate_out_acl">true</Option>
-
-
           <Option name="pix_floodguard">true</Option>
-
-
           <Option name="pix_include_comments">true</Option>
-
-
           <Option name="pix_route_dnat_supported">true</Option>
-
-
           <Option name="pix_rule_syslog_settings">false</Option>
-
-
           <Option name="pix_security_fragguard_supported">true</Option>
-
-
           <Option name="pix_syslog_device_id_supported">false</Option>
-
-
           <Option name="pix_use_acl_remarks">true</Option>
-
-
           <Option name="prompt1">$ </Option>
-
-
           <Option name="prompt2"> # </Option>
-
-
           <Option name="solaris_ip_forward">1</Option>
-
-
-          <Option name="sshArgs"/>
-
-
+          <Option name="sshArgs"></Option>
           <Option name="ulog_nlgroup">1</Option>
-
-
           <Option name="verify_interfaces">true</Option>
-
-
         </FirewallOptions>
-
-
-          </Firewall>
-
-
+      </Firewall>
     </ObjectGroup>
-
-
     <IntervalGroup id="id4511637523682" name="Time"/>
-
-
   </Library>
-<Library id="sysid99" name="Deleted Objects" ro="False">
-    <ObjectRef ref="sysid0"/>
-
-
-    <IPv4 comment="" id="id463FF31019380" name="test-ipt:eth0:ip" address="10.10.10.1" netmask="255.255.255.0"/>
-
-
-    <Interface bridgeport="False" comment="" dyn="False" id="id4511651D23682" label="" mgmt="False" name="imq1" security_level="100" unnum="True" unprotected="False"/>
-
-
-    <Firewall comment="Similar to fw 1, but the firewall is used as DHCP and DNS server for internal network.&#10;This firewall has two interfaces. Eth0 faces outside and has a dynamic address; eth1 faces inside.&#10;Policy includes basic rules to permit unrestricted outbound access and anti-spoofing rules. Access to the firewall is permitted only from internal network and only using SSH. The firewall can send DNS queries to servers out on the Internet. Another rule permits DNS queries from internal network to the firewall. Special rules permit DHCP requests from internal network and replies sent by the firewall." host_OS="freebsd" id="id453D8A6D12118" lastCompiled="0" lastInstalled="0" lastModified="1178678949" name="ipf" platform="ipf" ro="False" version="">
-        <NAT id="id453D8AE412118" name="NAT">
-          <NATRule disabled="False" id="id453D8AE512118" position="0">
-          <OSrc neg="False">
-            <ObjectRef ref="id3DC75CE7-1"/>
-
-
-          </OSrc>
-
-
-          <ODst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </ODst>
-
-
-          <OSrv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </OSrv>
-
-
-          <TSrc neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </TSrc>
-
-
-          <TDst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </TDst>
-
-
-          <TSrv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </TSrv>
-
-
-          <NATRuleOptions/>
-
-
-        </NATRule>
-
-</NAT>
-
-
-          <Policy id="id453D8A7312118" name="Policy">
-          <PolicyRule action="Deny" comment="anti spoofing rule" direction="Inbound" disabled="False" id="id453D8A7412118" log="True" position="0">
-            <Src neg="False">
-            <ObjectRef ref="id3DC75CE7-1"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Accept" direction="Both" disabled="False" id="id453D8A8112118" log="False" position="1">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions/>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Route" comment="SSH Access to firewall is permitted&#10;only from internal network&#10;Also firewall serves DNS for internal&#10;network" disabled="False" id="id453D8A8D12118" log="False" position="2">
-            <Src neg="False">
-            <ObjectRef ref="id3DC75CE7-1"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="tcp-SSH"/>
-
-
-            <ServiceRef ref="id3F530CC8"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="action_on_reject"/>
-
-
-            <Option name="classify_str"/>
-
-
-            <Option name="custom_str"/>
-
-
-            <Option name="ipf_route_opt_addr"/>
-
-
-            <Option name="ipf_route_opt_if">le1</Option>
-
-
-            <Option name="ipf_route_option">route_through</Option>
-
-
-            <Option name="ipfw_classify_method">2</Option>
-
-
-            <Option name="ipfw_pipe_port_num">0</Option>
-
-
-            <Option name="ipfw_pipe_queue_num">0</Option>
-
-
-            <Option name="ipt_continue">False</Option>
-
-
-            <Option name="ipt_gw"/>
-
-
-            <Option name="ipt_iif"/>
-
-
-            <Option name="ipt_mark_connections">False</Option>
-
-
-            <Option name="ipt_mark_prerouting">False</Option>
-
-
-            <Option name="ipt_oif"/>
-
-
-            <Option name="ipt_tee">False</Option>
-
-
-            <Option name="pf_fastroute">False</Option>
-
-
-            <Option name="pf_route_opt_addr"/>
-
-
-            <Option name="pf_route_opt_if"/>
-
-
-            <Option name="pf_route_option">route_through</Option>
-
-
-            <Option name="rule_name_accounting"/>
-
-
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="DHCP requests are permitted&#10;from internal network" disabled="False" id="id453D8A9A12118" log="False" position="3">
-            <Src neg="False">
-            <ObjectRef ref="id3DC75CE7-1"/>
-
-
-            <ObjectRef ref="id3F6D115D"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="id3F6D115C"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sg-DHCP"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions/>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="DHCP replies" disabled="False" id="id453D8AA812118" log="False" position="4">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="id3DC75CE7-1"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sg-DHCP"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions/>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="Firewall should be able to send&#10;DNS queries to the Internet" disabled="False" id="id453D8AB412118" log="True" position="5">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="id3F530CC8"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions/>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Deny" comment="All other attempts to connect to&#10;the firewall are denied and logged" disabled="False" id="id453D8AC012118" log="True" position="6">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Accept" comment="" disabled="False" id="id453D8ACC12118" log="False" position="7">
-            <Src neg="False">
-            <ObjectRef ref="id3DC75CE7-1"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions/>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Deny" disabled="False" id="id453D8AD812118" log="True" position="8">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          </Policy>
-
-
-          
-          <Routing id="id453D8AF312118" name="Routing">
-          </Routing>
-
-
-          <Interface bridgeport="False" comment="" dyn="True" id="id453D8AF412118" label="" mgmt="False" name="le0" security_level="0" unnum="False" unprotected="False"/>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id453D8AF512118" label="" mgmt="True" name="le1" security_level="100" unnum="False" unprotected="False">
-        <IPv4 comment="" id="id453D8AF712118" name="ipf:le1:ip" address="192.168.1.1" netmask="255.255.255.0"/>
-
-
-      </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id453D8AF812118" label="loopback" mgmt="False" name="lo" security_level="100" unnum="False" unprotected="False">
-        <IPv4 comment="" id="id453D8AFA12118" name="ipf:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
-
-
-      </Interface>
-
-
-          <Management address="0.0.0.0">
-        <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-
-
-        <FWBDManagement enabled="False" identity="" port="-1"/>
-
-
-        <PolicyInstallScript arguments="" command="" enabled="False"/>
-
-
-      </Management>
-
-
-          <FirewallOptions>
-        <Option name="accept_established">true</Option>
-
-
-        <Option name="accept_new_tcp_with_no_syn">true</Option>
-
-
-        <Option name="add_check_state_rule">true</Option>
-
-
-        <Option name="check_shading">true</Option>
-
-
-        <Option name="configure_interfaces">true</Option>
-
-
-        <Option name="eliminate_duplicates">true</Option>
-
-
-        <Option name="firewall_dir">/etc</Option>
-
-
-        <Option name="firewall_is_part_of_any_and_networks">true</Option>
-
-
-        <Option name="freebsd_ip_forward">1</Option>
-
-
-        <Option name="in_out_code">true</Option>
-
-
-        <Option name="limit_value">0</Option>
-
-
-        <Option name="linux24_ip_forward">1</Option>
-
-
-        <Option name="load_modules">true</Option>
-
-
-        <Option name="local_nat">false</Option>
-
-
-        <Option name="log_level">info</Option>
-
-
-        <Option name="log_prefix">RULE %N -- %A </Option>
-
-
-        <Option name="loopback_interface">lo0</Option>
-
-
-        <Option name="macosx_ip_forward">1</Option>
-
-
-        <Option name="manage_virtual_addr">true</Option>
-
-
-        <Option name="openbsd_ip_forward">1</Option>
-
-
-        <Option name="pass_all_out">false</Option>
-
-
-        <Option name="pf_limit_frags">5000</Option>
-
-
-        <Option name="pf_limit_states">10000</Option>
-
-
-        <Option name="pf_scrub_maxmss">1460</Option>
-
-
-        <Option name="pf_timeout_frag">30</Option>
-
-
-        <Option name="pf_timeout_interval">10</Option>
-
-
-        <Option name="pix_add_clear_statements">true</Option>
-
-
-        <Option name="pix_assume_fw_part_of_any">true</Option>
-
-
-        <Option name="pix_default_logint">300</Option>
-
-
-        <Option name="pix_emblem_log_format">false</Option>
-
-
-        <Option name="pix_emulate_out_acl">true</Option>
-
-
-        <Option name="pix_floodguard">true</Option>
-
-
-        <Option name="pix_include_comments">true</Option>
-
-
-        <Option name="pix_route_dnat_supported">true</Option>
-
-
-        <Option name="pix_rule_syslog_settings">false</Option>
-
-
-        <Option name="pix_security_fragguard_supported">true</Option>
-
-
-        <Option name="pix_syslog_device_id_supported">false</Option>
-
-
-        <Option name="pix_use_acl_remarks">true</Option>
-
-
-        <Option name="prompt1">$ </Option>
-
-
-        <Option name="prompt2"> # </Option>
-
-
-        <Option name="solaris_ip_forward">1</Option>
-
-
-        <Option name="ulog_nlgroup">1</Option>
-
-
-        <Option name="verify_interfaces">true</Option>
-
-
-      </FirewallOptions>
-
-
-          </Firewall>
-
-
-    <Firewall comment="" host_OS="linux24" id="id4511650E23682" inactive="False" lastCompiled="1178591818" lastInstalled="0" lastModified="1178678953" name="test-ipt" platform="iptables" ro="False" version="">
-        <NAT id="id4511651223682" name="NAT">
-          </NAT>
-
-
-          <Policy id="id4511651123682" name="Policy">
-          <PolicyRule action="Deny" direction="Inbound" disabled="False" id="id463FE87E19380" log="False" position="0">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="True">
-            <ServiceRef ref="tcp-TCP-SYN"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions/>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Route" direction="Both" disabled="False" id="id4511653623682" log="False" position="1">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="action_on_reject"/>
-
-
-            <Option name="classify_str"/>
-
-
-            <Option name="custom_str"/>
-
-
-            <Option name="ipf_route_opt_addr"/>
-
-
-            <Option name="ipf_route_opt_if"/>
-
-
-            <Option name="ipf_route_option">Route through</Option>
-
-
-            <Option name="ipfw_classify_method">2</Option>
-
-
-            <Option name="ipfw_pipe_port_num">0</Option>
-
-
-            <Option name="ipfw_pipe_queue_num">0</Option>
-
-
-            <Option name="ipt_continue">False</Option>
-
-
-            <Option name="ipt_gw"/>
-
-
-            <Option name="ipt_iif"/>
-
-
-            <Option name="ipt_mark_connections">False</Option>
-
-
-            <Option name="ipt_mark_prerouting">False</Option>
-
-
-            <Option name="ipt_oif">vlan1</Option>
-
-
-            <Option name="ipt_tee">False</Option>
-
-
-            <Option name="pf_fastroute">False</Option>
-
-
-            <Option name="pf_route_opt_addr"/>
-
-
-            <Option name="pf_route_opt_if"/>
-
-
-            <Option name="pf_route_option">Route through</Option>
-
-
-            <Option name="rule_name_accounting"/>
-
-
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Route" direction="Both" disabled="False" id="id453D868112036" log="True" position="2">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="action_on_reject"/>
-
-
-            <Option name="classify_str"/>
-
-
-            <Option name="custom_str"/>
-
-
-            <Option name="ipf_route_opt_addr"/>
-
-
-            <Option name="ipf_route_opt_if"/>
-
-
-            <Option name="ipf_route_option">Route through</Option>
-
-
-            <Option name="ipfw_classify_method">2</Option>
-
-
-            <Option name="ipfw_pipe_port_num">0</Option>
-
-
-            <Option name="ipfw_pipe_queue_num">0</Option>
-
-
-            <Option name="ipt_continue">False</Option>
-
-
-            <Option name="ipt_gw"/>
-
-
-            <Option name="ipt_iif"/>
-
-
-            <Option name="ipt_mark_connections">False</Option>
-
-
-            <Option name="ipt_mark_prerouting">False</Option>
-
-
-            <Option name="ipt_oif">eth1</Option>
-
-
-            <Option name="ipt_tee">False</Option>
-
-
-            <Option name="pf_fastroute">False</Option>
-
-
-            <Option name="pf_route_opt_addr"/>
-
-
-            <Option name="pf_route_opt_if"/>
-
-
-            <Option name="pf_route_option">Route through</Option>
-
-
-            <Option name="rule_name_accounting"/>
-
-
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Deny" direction="Both" disabled="False" id="id453D896C12123" log="True" position="3">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          <PolicyRule action="Reject" direction="Both" disabled="False" id="id4511654423682" log="False" position="4">
-            <Src neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Src>
-
-<Dst neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Dst>
-
-<Srv neg="False">
-            <ServiceRef ref="sysid1"/>
-
-
-          </Srv>
-
-<Itf neg="False">
-            <ObjectRef ref="sysid0"/>
-
-
-          </Itf>
-
-<When neg="False">
-            <IntervalRef ref="sysid2"/>
-
-
-          </When>
-
-
-            <PolicyRuleOptions>
-            <Option name="stateless">True</Option>
-
-
-          </PolicyRuleOptions>
-
-
-          </PolicyRule>
-
-
-          </Policy>
-
-
-          
-          <Routing id="id4511651323682" name="Routing">
-          </Routing>
-
-
-          <Interface bridgeport="False" dyn="False" id="id4511651623682" name="lo" security_level="100" unnum="False" unprotected="False">
-        <IPv4 id="id4511651723682" name="test-ipt:lo:ip" address="127.0.0.1" netmask="255.0.0.0"/>
-
-
-      </Interface>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id4511651923682" label="" mgmt="False" name="teql0" security_level="100" unnum="True" unprotected="False"/>
-
-<Interface bridgeport="False" comment="" dyn="False" id="id4511651B23682" label="" mgmt="False" name="imq0" security_level="100" unnum="False" unprotected="False">
-        <IPv4 comment="" id="id463FFA2619380" name="test-ipt:imq0:ip" address="192.168.1.1" netmask="255.255.255.0"/>
-
-
-      </Interface>
-
-<Interface bridgeport="False" comment="" dyn="True" id="id4511652023682" label="" mgmt="False" name="eth0" security_level="100" unnum="False" unprotected="False">
-        <physAddress address="00:12:17:03:B9:81" id="id4511652123682" name="test-ipt:eth0:mac"/>
-
-
-      </Interface>
-
-<Interface bridgeport="False" comment="" dyn="True" id="id4511652423682" label="" mgmt="False" name="eth1" security_level="100" unnum="False" unprotected="False">
-        <physAddress address="00:12:17:03:B9:83" id="id4511652523682" name="test-ipt:eth1:mac"/>
-
-
-      </Interface>
-
-<Interface bridgeport="False" comment="" dyn="True" id="id4511652823682" label="" mgmt="False" name="vlan0" security_level="100" unnum="False" unprotected="False">
-        <physAddress address="00:12:17:03:B9:81" id="id4511652923682" name="test-ipt:vlan0:mac"/>
-
-
-      </Interface>
-
-<Interface bridgeport="False" dyn="False" id="id4511652D23682" name="vlan1" security_level="0" unnum="False" unprotected="False">
-        <IPv4 id="id4511652F23682" name="test-ipt:vlan1:ip" address="24.6.139.57" netmask="255.255.248.0"/>
-
-
-        <physAddress address="00:E0:18:A8:80:1E" id="id4511652E23682" name="test-ipt:vlan1:mac"/>
-
-
-      </Interface>
-
-<Interface bridgeport="False" dyn="False" id="id4511653223682" name="br0" security_level="100" unnum="False" unprotected="False">
-        <IPv4 comment="" id="id463FF31119380" name="test-ipt:br0:ip" address="10.10.10.2" netmask="255.255.255.0"/>
-
-
-        <physAddress address="00:12:17:03:B9:81" id="id4511653323682" name="test-ipt:br0:mac"/>
-
-
-      </Interface>
-
-
-          <Management address="10.10.10.2">
-        <SNMPManagement enabled="False" snmp_read_community="" snmp_write_community=""/>
-
-
-        <FWBDManagement enabled="False" identity="" port="-1"/>
-
-
-        <PolicyInstallScript arguments="" command="" enabled="False"/>
-
-
-      </Management>
-
-
-          <FirewallOptions>
-        <Option name="accept_established">True</Option>
-
-
-        <Option name="accept_new_tcp_with_no_syn">True</Option>
-
-
-        <Option name="action_on_reject"/>
-
-
-        <Option name="activationCmd"/>
-
-
-        <Option name="admUser"/>
-
-
-        <Option name="altAddress"/>
-
-
-        <Option name="bridging_fw">False</Option>
-
-
-        <Option name="check_shading">False</Option>
-
-
-        <Option name="clamp_mss_to_mtu">False</Option>
-
-
-        <Option name="classify_mark_terminating">False</Option>
-
-
-        <Option name="cmdline"/>
-
-
-        <Option name="compiler"/>
-
-
-        <Option name="configure_interfaces">True</Option>
-
-
-        <Option name="debug">False</Option>
-
-
-        <Option name="drop_invalid">False</Option>
-
-
-        <Option name="eliminate_duplicates">true</Option>
-
-
-        <Option name="epilog_script"/>
-
-
-        <Option name="firewall_dir">/etc</Option>
-
-
-        <Option name="firewall_is_part_of_any_and_networks">True</Option>
-
-
-        <Option name="freebsd_ip_forward">1</Option>
-
-
-        <Option name="ignore_empty_groups">False</Option>
-
-
-        <Option name="in_out_code">true</Option>
-
-
-        <Option name="limit_suffix"/>
-
-
-        <Option name="limit_value">0</Option>
-
-
-        <Option name="linux24_ip_forward">1</Option>
-
-
-        <Option name="load_modules">True</Option>
-
-
-        <Option name="local_nat">False</Option>
-
-
-        <Option name="log_all">False</Option>
-
-
-        <Option name="log_invalid">False</Option>
-
-
-        <Option name="log_ip_opt">False</Option>
-
-
-        <Option name="log_level">info</Option>
-
-
-        <Option name="log_prefix">RULE %N -- %A </Option>
-
-
-        <Option name="log_tcp_opt">False</Option>
-
-
-        <Option name="log_tcp_seq">False</Option>
-
-
-        <Option name="loopback_interface">lo0</Option>
-
-
-        <Option name="macosx_ip_forward">1</Option>
-
-
-        <Option name="manage_virtual_addr">True</Option>
-
-
-        <Option name="mgmt_addr"/>
-
-
-        <Option name="mgmt_ssh">False</Option>
-
-
-        <Option name="openbsd_ip_forward">1</Option>
-
-
-        <Option name="output_file"/>
-
-
-        <Option name="pass_all_out">false</Option>
-
-
-        <Option name="pf_limit_frags">5000</Option>
-
-
-        <Option name="pf_limit_states">10000</Option>
-
-
-        <Option name="pf_scrub_maxmss">1460</Option>
-
-
-        <Option name="pf_timeout_frag">30</Option>
-
-
-        <Option name="pf_timeout_interval">10</Option>
-
-
-        <Option name="pix_add_clear_statements">true</Option>
-
-
-        <Option name="pix_assume_fw_part_of_any">true</Option>
-
-
-        <Option name="pix_default_logint">300</Option>
-
-
-        <Option name="pix_emblem_log_format">false</Option>
-
-
-        <Option name="pix_emulate_out_acl">true</Option>
-
-
-        <Option name="pix_floodguard">true</Option>
-
-
-        <Option name="pix_include_comments">true</Option>
-
-
-        <Option name="pix_route_dnat_supported">true</Option>
-
-
-        <Option name="pix_rule_syslog_settings">false</Option>
-
-
-        <Option name="pix_security_fragguard_supported">true</Option>
-
-
-        <Option name="pix_syslog_device_id_supported">false</Option>
-
-
-        <Option name="pix_use_acl_remarks">true</Option>
-
-
-        <Option name="prolog_place">top</Option>
-
-
-        <Option name="prolog_script"/>
-
-
-        <Option name="prompt1">$ </Option>
-
-
-        <Option name="prompt2"> # </Option>
-
-
-        <Option name="snmp_contact">root</Option>
-
-
-        <Option name="snmp_description">Linux SVEASOFT 2.4.20 #2 Wed Nov 17 11:49:43 CET 2004 mips</Option>
-
-
-        <Option name="snmp_location">Unknown</Option>
-
-
-        <Option name="solaris_ip_forward">1</Option>
-
-
-        <Option name="sshArgs"/>
-
-
-        <Option name="ulog_cprange">0</Option>
-
-
-        <Option name="ulog_nlgroup">1</Option>
-
-
-        <Option name="ulog_qthreshold">1</Option>
-
-
-        <Option name="use_ULOG">False</Option>
-
-
-        <Option name="use_iptables_restore">False</Option>
-
-
-        <Option name="use_numeric_log_levels">False</Option>
-
-
-        <Option name="verify_interfaces">True</Option>
-
-
-      </FirewallOptions>
-
-
-          </Firewall>
-
-
-  </Library>
-<Library color="#d4f8ff" comment="Standard objects" id="syslib000" name="Standard" ro="True">
-    <ServiceGroup id="stdid05" name="Services">
-      <ServiceGroup id="stdid09" name="TCP">
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="179" dst_range_start="179" fin_flag="False" fin_flag_mask="False" id="id4127F04F" name="bgp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="79" dst_range_start="79" fin_flag="False" fin_flag_mask="False" id="id3AECF774" name="finger" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="21" dst_range_start="21" fin_flag="False" fin_flag_mask="False" id="tcp-FTP" name="ftp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="80" dst_range_start="80" fin_flag="False" fin_flag_mask="False" id="tcp-HTTP" name="http" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called &quot;established&quot;.&#10;&#10;Note that you can use this object only in the policy rules of the firewall that supports this option.&#10;&#10;If you need to match reply packets for a specific TCP service and wish to use option &quot;established&quot;, make a copy of this object and set source port range to match the service.&#10;" dst_range_end="0" dst_range_start="0" established="True" fin_flag="False" fin_flag_mask="False" id="id463FE5FE11008" name="All TCP established" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="443" dst_range_start="443" fin_flag="False" fin_flag_mask="False" id="id3B4FED69" name="https" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="22" dst_range_start="22" fin_flag="False" fin_flag_mask="False" id="tcp-SSH" name="ssh" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="True" comment="" dst_range_end="0" dst_range_start="0" fin_flag="False" fin_flag_mask="True" id="tcp-TCP-SYN" name="tcp-syn" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" src_range_end="0" src_range_start="0" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True"/>
-
-
-        <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="53" dst_range_start="53" fin_flag="False" fin_flag_mask="False" id="tcp-DNS" name="domain" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-
-
-      </ServiceGroup>
-
-<ServiceGroup id="stdid08" name="UDP">
-        <UDPService comment="" dst_range_end="123" dst_range_start="123" id="udp-ntp" name="ntp" src_range_end="0" src_range_start="0"/>
-
-
-        <UDPService comment="" dst_range_end="26000" dst_range_start="26000" id="id3B4FEF7E" name="quake" src_range_end="0" src_range_start="0"/>
-
-
-        <UDPService comment="" dst_range_end="4000" dst_range_start="4000" id="id3D703C96" name="ICQ" src_range_end="0" src_range_start="0"/>
-
-
-        <UDPService comment="" dst_range_end="500" dst_range_start="500" id="id3CB129D2" name="IKE" src_range_end="0" src_range_start="0"/>
-
-
-        <UDPService comment="" dst_range_end="53" dst_range_start="53" id="udp-DNS" name="domain" src_range_end="0" src_range_start="0"/>
-
-
-        <UDPService comment="" dst_range_end="68" dst_range_start="68" id="udp-bootpc" name="bootpc" src_range_end="0" src_range_start="0"/>
-
-
-        <UDPService comment="" dst_range_end="67" dst_range_start="67" id="udp-bootps" name="bootps" src_range_end="0" src_range_start="0"/>
-
-
-      </ServiceGroup>
-
-<ServiceGroup id="stdid07" name="ICMP">
-        <ICMPService code="0" comment="" id="icmp-ping_reply" name="ping reply" type="0"/>
-
-
-        <ICMPService code="1" comment="" id="icmp-Host_unreach" name="host_unreach" type="3"/>
-
-
-        <ICMPService code="3" comment="Port unreachable" id="icmp-Port_unreach" name="port unreach" type="3"/>
-
-
-        <ICMPService code="0" comment="ICMP messages of this type are needed for traceroute" id="icmp-Time_exceeded" name="time exceeded" type="11"/>
-
-
-        <ICMPService code="1" comment="" id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" type="11"/>
-
-
-      </ServiceGroup>
-
-<ServiceGroup id="stdid06" name="IP">
-        <IPService comment="IPSEC Authentication Header Protocol" fragm="False" id="id3CB12797" lsrr="False" name="AH" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
-
-
-        <IPService comment="IPSEC Encapsulating Security Payload Protocol" fragm="False" id="ip-IPSEC" lsrr="False" name="ESP" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False"/>
-
-
-        <IPService comment="Generic Routing Encapsulation&#10;" fragm="False" id="id3D703C8F" lsrr="False" name="GRE" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False"/>
-
-
-        <IPService comment="'Short' fragments" fragm="False" id="ip-IP_Fragments" lsrr="False" name="ip_fragments" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False"/>
-
-
-      </ServiceGroup>
-
-<ServiceGroup id="stdid10" name="Groups">
-        <ServiceGroup id="id3F530CC8" name="DNS">
-          <ServiceRef ref="udp-DNS"/>
-
-
-          <ServiceRef ref="tcp-DNS"/>
-
-
-        </ServiceGroup>
-
-
-        <ServiceGroup comment="" id="sg-DHCP" name="DHCP">
-          <ServiceRef ref="udp-bootpc"/>
-
-
-          <ServiceRef ref="udp-bootps"/>
-
-
-        </ServiceGroup>
-
-
-      </ServiceGroup>
-
-<ServiceGroup id="stdid05_userservices" name="Users"/>
-
-
-      </ServiceGroup>
-
-
-    <AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
-
-
-    <AnyIPService comment="Any IP Service" id="sysid1" name="Any" protocol_num="0"/>
-
-
-    <AnyInterval comment="Any Interval" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" id="sysid2" name="Any" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
-
-
+  <Library id="syslib000" name="Standard" comment="Standard objects" color="#d4f8ff" ro="True">
     <ObjectGroup id="stdid01" name="Objects">
       <ObjectGroup id="stdid03" name="Networks">
-        <Network comment="192.168.1.0/24 - Address often used for home and small office networks.&#10;" id="id3DC75CE7-1" name="net-192.168.1.0" address="192.168.1.0" netmask="255.255.255.0"/>
-
-
+        <Network id="id3DC75CE7-1" name="net-192.168.1.0" comment="192.168.1.0/24 - Address often used for home and small office networks.&#10;" address="192.168.1.0" netmask="255.255.255.0"/>
       </ObjectGroup>
-
-
       <ObjectGroup id="stdid15" name="Address Ranges">
-        <AddressRange comment="" id="id3F6D115D" name="old-broadcast" start_address="0.0.0.0" end_address="0.0.0.0"/>
-
-
-        <AddressRange comment="" id="id3F6D115C" name="broadcast" start_address="255.255.255.255" end_address="255.255.255.255"/>
-
-
+        <AddressRange id="id3F6D115D" name="old-broadcast" start_address="0.0.0.0" end_address="0.0.0.0"/>
+        <AddressRange id="id3F6D115C" name="broadcast" start_address="255.255.255.255" end_address="255.255.255.255"/>
       </ObjectGroup>
-
-
     </ObjectGroup>
-
-
+    <AnyNetwork id="sysid0" name="Any" comment="Any Network" address="0.0.0.0" netmask="0.0.0.0"/>
+    <AnyIPService id="sysid1" name="Any" comment="Any IP Service" protocol_num="0"/>
+    <AnyInterval id="sysid2" name="Any" comment="Any Interval" days_of_week="0,1,2,3,4,5,6" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
+    <ServiceGroup id="stdid05" name="Services">
+      <ServiceGroup id="stdid09" name="TCP">
+        <TCPService id="tcp-SSH" name="ssh" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
+        <TCPService id="tcp-TCP-SYN" name="tcp-syn" ack_flag="False" ack_flag_mask="True" fin_flag="False" fin_flag_mask="True" psh_flag="False" psh_flag_mask="True" rst_flag="False" rst_flag_mask="True" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id4127F04F" name="bgp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="179" dst_range_end="179"/>
+        <TCPService id="id3AECF774" name="finger" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="79" dst_range_end="79"/>
+        <TCPService id="tcp-FTP" name="ftp" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="21" dst_range_end="21"/>
+        <TCPService id="tcp-HTTP" name="http" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
+        <TCPService id="id463FE5FE11008" name="All TCP established" comment="Some firewall platforms can match TCP packets with flags ACK or RST set; the option is usually called &quot;established&quot;.&#10;&#10;Note that you can use this object only in the policy rules of the firewall that supports this option.&#10;&#10;If you need to match reply packets for a specific TCP service and wish to use option &quot;established&quot;, make a copy of this object and set source port range to match the service.&#10;" ack_flag="False" ack_flag_mask="False" established="True" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id3B4FED69" name="https" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="443" dst_range_end="443"/>
+        <TCPService id="tcp-DNS" name="domain" ack_flag="False" ack_flag_mask="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
+      </ServiceGroup>
+      <ServiceGroup id="stdid10" name="Groups">
+        <ServiceGroup id="id3F530CC8" name="DNS">
+          <ServiceRef ref="udp-DNS"/>
+          <ServiceRef ref="tcp-DNS"/>
+        </ServiceGroup>
+        <ServiceGroup id="sg-DHCP" name="DHCP">
+          <ServiceRef ref="udp-bootpc"/>
+          <ServiceRef ref="udp-bootps"/>
+        </ServiceGroup>
+      </ServiceGroup>
+      <ServiceGroup id="stdid08" name="UDP">
+        <UDPService id="udp-ntp" name="ntp" src_range_start="0" src_range_end="0" dst_range_start="123" dst_range_end="123"/>
+        <UDPService id="id3B4FEF7E" name="quake" src_range_start="0" src_range_end="0" dst_range_start="26000" dst_range_end="26000"/>
+        <UDPService id="id3D703C96" name="ICQ" src_range_start="0" src_range_end="0" dst_range_start="4000" dst_range_end="4000"/>
+        <UDPService id="id3CB129D2" name="IKE" src_range_start="0" src_range_end="0" dst_range_start="500" dst_range_end="500"/>
+        <UDPService id="udp-DNS" name="domain" src_range_start="0" src_range_end="0" dst_range_start="53" dst_range_end="53"/>
+        <UDPService id="udp-bootpc" name="bootpc" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
+        <UDPService id="udp-bootps" name="bootps" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
+      </ServiceGroup>
+      <ServiceGroup id="stdid07" name="ICMP">
+        <ICMPService id="icmp-ping_reply" name="ping reply" code="0" type="0"/>
+        <ICMPService id="icmp-Host_unreach" name="host_unreach" code="1" type="3"/>
+        <ICMPService id="icmp-Port_unreach" name="port unreach" comment="Port unreachable" code="3" type="3"/>
+        <ICMPService id="icmp-Time_exceeded" name="time exceeded" comment="ICMP messages of this type are needed for traceroute" code="0" type="11"/>
+        <ICMPService id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" code="1" type="11"/>
+      </ServiceGroup>
+      <ServiceGroup id="stdid06" name="IP">
+        <IPService id="id3CB12797" name="AH" comment="IPSEC Authentication Header Protocol" fragm="False" lsrr="False" protocol_num="51" rr="False" short_fragm="False" ssrr="False" ts="False"/>
+        <IPService id="ip-IPSEC" name="ESP" comment="IPSEC Encapsulating Security Payload Protocol" fragm="False" lsrr="False" protocol_num="50" rr="False" short_fragm="False" ssrr="False" ts="False"/>
+        <IPService id="id3D703C8F" name="GRE" comment="Generic Routing Encapsulation&#10;" fragm="False" lsrr="False" protocol_num="47" rr="False" short_fragm="False" ssrr="False" ts="False"/>
+        <IPService id="ip-IP_Fragments" name="ip_fragments" comment="'Short' fragments" fragm="False" lsrr="False" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False"/>
+      </ServiceGroup>
+    </ServiceGroup>
   </Library>
 </FWObjectDatabase>