diff --git a/src/pflib/NATCompiler_ipf_writers.cpp b/src/pflib/NATCompiler_ipf_writers.cpp
index a9cb86017..efa998ba9 100644
--- a/src/pflib/NATCompiler_ipf_writers.cpp
+++ b/src/pflib/NATCompiler_ipf_writers.cpp
@@ -90,9 +90,6 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address  *o, bool print_netmask)
         assert(atrt==NULL);
     }
 
-    const InetAddr *addr = o->getAddressPtr();
-    InetAddr mask = *(o->getNetmaskPtr());
-
     if (Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) 
     {
         if (options->getBool("dynAddr"))
@@ -103,50 +100,67 @@ void NATCompiler_ipf::PrintRule::_printAddr_L(Address  *o, bool print_netmask)
         return;
     }
 
-    if (Interface::cast(o)!=NULL && ! Interface::cast(o)->isDyn()) 
-	mask = InetAddr(InetAddr::getAllOnes());
-
-    if (o->dimension()==1)
-	mask = InetAddr(InetAddr::getAllOnes());
-
-    if (addr->isAny() && mask.isAny())
-    {
-        compiler->output << "any ";
-    } else
+    const InetAddr *addr = o->getAddressPtr();
+    if (addr)
     {
+        InetAddr mask = *(o->getNetmaskPtr());
 
-      compiler->output << addr->toString();
+        if (Interface::cast(o)!=NULL && ! Interface::cast(o)->isDyn()) 
+            mask = InetAddr(InetAddr::getAllOnes());
 
-      if (print_netmask)
-         compiler->output << "/" << mask.getLength();
-      compiler->output  << " ";
-   }
+        if (o->dimension()==1)
+            mask = InetAddr(InetAddr::getAllOnes());
+
+        if (addr->isAny() && mask.isAny())
+        {
+            compiler->output << "any ";
+        } else
+        {
+
+            compiler->output << addr->toString();
+
+            if (print_netmask)
+                compiler->output << "/" << mask.getLength();
+            compiler->output  << " ";
+        }
+    }
 }
 
 void NATCompiler_ipf::PrintRule::_printAddr_R(Address  *o, bool print_netmask)
 {
     const InetAddr *addr = o->getAddressPtr();
-    InetAddr mask = *(o->getNetmaskPtr)();
 
-    if (Interface::cast(o) != NULL)
-	mask = InetAddr(InetAddr::getAllOnes());
-
-    if (o->dimension()==1)
-	mask = InetAddr(InetAddr::getAllOnes());
-
-    if (addr->isAny() && print_netmask &&  mask.isHostMask())
+    // check for the case when dynamic interface is used in TSrc (or when
+    // interface in TSrc just has no IP address )
+    if (Interface::cast(o) != NULL && (addr==NULL || addr->isAny()))
     {
         compiler->output  << "0/32 ";
-    } else
+        return;
+    }
+
+    if (addr)
     {
-        compiler->output << addr->toString();
-        if (print_netmask)
-            compiler->output << "/" << mask.getLength();
-        compiler->output  << " ";
+        InetAddr mask = *(o->getNetmaskPtr)();
+
+        if (Interface::cast(o) != NULL)
+            mask = InetAddr(InetAddr::getAllOnes());
+
+        if (o->dimension()==1)
+            mask = InetAddr(InetAddr::getAllOnes());
+
+        if (addr->isAny() && print_netmask &&  mask.isHostMask())
+        {
+            compiler->output  << "0/32 ";
+        } else
+        {
+            compiler->output << addr->toString();
+            if (print_netmask)
+                compiler->output << "/" << mask.getLength();
+            compiler->output  << " ";
+        }
     }
 }
 
-
 void NATCompiler_ipf::PrintRule::_printAddr_R_LB(RuleElementTDst *tdst)
 {
     bool first=true;
diff --git a/src/pflib/PolicyCompiler_ipf_writers.cpp b/src/pflib/PolicyCompiler_ipf_writers.cpp
index c7e859876..20cb14961 100644
--- a/src/pflib/PolicyCompiler_ipf_writers.cpp
+++ b/src/pflib/PolicyCompiler_ipf_writers.cpp
@@ -267,9 +267,6 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address  *o,bool neg)
         assert(atrt==NULL);
     }
 
-    const InetAddr *addr = o->getAddressPtr();
-    InetAddr mask = *(o->getNetmaskPtr());
-
     if (options->getBool("dynAddr") &&
         Interface::cast(o)!=NULL && Interface::cast(o)->isDyn()) 
     {
@@ -278,26 +275,36 @@ void PolicyCompiler_ipf::PrintRule::_printAddr(Address  *o,bool neg)
         return;
     }
 
-    if (Interface::cast(o)!=NULL) {
-	mask = InetAddr(InetAddr::getAllOnes());
-    }
-
-    if (o->dimension()==1)
+    const InetAddr *addr = o->getAddressPtr();
+    if (Interface::cast(o)!=NULL && addr==NULL)
     {
-	mask = InetAddr(InetAddr::getAllOnes());
+        compiler->output << "<thishost> ";
     }
-
-    if (addr->isAny() && mask.isAny())
+    if (addr)
     {
-	compiler->output << "any ";
-    } else {	
-	if (neg) compiler->output << "! ";
-	compiler->output << addr->toString();
-	if (!mask.isHostMask())
+        InetAddr mask = *(o->getNetmaskPtr());
+
+        if (Interface::cast(o)!=NULL) {
+            mask = InetAddr(InetAddr::getAllOnes());
+        }
+
+        if (o->dimension()==1)
         {
-	    compiler->output << "/" << mask.getLength();
-	}
-	compiler->output << " ";
+            mask = InetAddr(InetAddr::getAllOnes());
+        }
+
+        if (addr->isAny() && mask.isAny())
+        {
+            compiler->output << "any ";
+        } else {	
+            if (neg) compiler->output << "! ";
+            compiler->output << addr->toString();
+            if (!mask.isHostMask())
+            {
+                compiler->output << "/" << mask.getLength();
+            }
+            compiler->output << " ";
+        }
     }
 }
 
diff --git a/test/ipf/objects-for-regression-tests.fwb b/test/ipf/objects-for-regression-tests.fwb
index ec8fb4d2a..411cf5f5d 100644
--- a/test/ipf/objects-for-regression-tests.fwb
+++ b/test/ipf/objects-for-regression-tests.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="5" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="6" id="root">
   <Library color="#FFFFFF" comment="" id="id40D07E7A" name="LAX" ro="True">
     <ObjectGroup id="id40D07E7B" name="Objects">
       <ObjectGroup id="id40D07E7B_og_ats_1" name="Address Tables"/>
@@ -20,13 +20,8 @@
       <ObjectGroup id="id4386560318752" name="DNS Names"/>
     </ObjectGroup>
     <ServiceGroup id="id40D07E81" name="Services">
-      <ServiceGroup id="id40D07E81_og_tag_1" name="TagServices"/>
-      <ServiceGroup id="id40D07E82" name="Groups"/>
-      <ServiceGroup id="id40D07E83" name="ICMP"/>
-      <ServiceGroup id="id40D07E84" name="IP"/>
-      <ServiceGroup id="id40D07E85" name="TCP"/>
-      <ServiceGroup id="id40D07E86" name="UDP"/>
-      <ServiceGroup id="id40D07E87" name="Custom"/>
+      <ServiceGroup id="id40D07E81_og_tag_1" name="TagServices"/><ServiceGroup id="id40D07E82" name="Groups"/><ServiceGroup id="id40D07E83" name="ICMP"/><ServiceGroup id="id40D07E84" name="IP"/><ServiceGroup id="id40D07E85" name="TCP"/><ServiceGroup id="id40D07E86" name="UDP"/><ServiceGroup id="id40D07E87" name="Custom"/>
+      <ServiceGroup id="id40D07E81_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="id40D07E88" name="Firewalls"/>
     <IntervalGroup id="id40D07E89" name="Time"/>
@@ -47,13 +42,8 @@
       <ObjectGroup id="id4386560418752" name="DNS Names"/>
     </ObjectGroup>
     <ServiceGroup id="id40E233FA" name="Services">
-      <ServiceGroup id="id40E233FA_og_tag_1" name="TagServices"/>
-      <ServiceGroup id="id40E233FB" name="Groups"/>
-      <ServiceGroup id="id40E233FC" name="ICMP"/>
-      <ServiceGroup id="id40E233FD" name="IP"/>
-      <ServiceGroup id="id40E233FE" name="TCP"/>
-      <ServiceGroup id="id40E233FF" name="UDP"/>
-      <ServiceGroup id="id40E23400" name="Custom"/>
+      <ServiceGroup id="id40E233FA_og_tag_1" name="TagServices"/><ServiceGroup id="id40E233FB" name="Groups"/><ServiceGroup id="id40E233FC" name="ICMP"/><ServiceGroup id="id40E233FD" name="IP"/><ServiceGroup id="id40E233FE" name="TCP"/><ServiceGroup id="id40E233FF" name="UDP"/><ServiceGroup id="id40E23400" name="Custom"/>
+      <ServiceGroup id="id40E233FA_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="id40E23401" name="Firewalls"/>
     <IntervalGroup id="id40E23402" name="Time"/>
@@ -587,8 +577,7 @@
       </ObjectGroup>
     </ObjectGroup>
     <ServiceGroup id="stdid05_1" name="Services">
-      <ServiceGroup id="stdid05_1_og_tag_1" name="TagServices"/>
-      <ServiceGroup id="stdid10_1" name="Groups">
+      <ServiceGroup id="stdid05_1_og_tag_1" name="TagServices"/><ServiceGroup id="stdid10_1" name="Groups">
         <ServiceGroup id="id3B457567" name="svcgroup1">
           <ServiceRef ref="id3B457561"/>
           <ServiceRef ref="ip-IPSEC"/>
@@ -641,31 +630,27 @@
           <ServiceRef ref="id3B4FED69"/>
           <ServiceRef ref="id3AECF776"/>
         </ServiceGroup>
-      </ServiceGroup>
-      <ServiceGroup id="stdid07_1" name="ICMP">
+      </ServiceGroup><ServiceGroup id="stdid07_1" name="ICMP">
         <ICMPService code="-1" comment="" id="id3C1A5D46" name="any ICMP" type="-1"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid06_1" name="IP">
+      </ServiceGroup><ServiceGroup id="stdid06_1" name="IP">
         <IPService comment="" fragm="False" id="id3B457561" lsrr="False" name="ICMP" protocol_num="1" rr="False" short_fragm="False" ssrr="False" ts="False"/>
         <IPService comment="" fragm="False" id="id3B6659A5" lsrr="False" name="TS" protocol_num="0" rr="False" short_fragm="False" ssrr="False" ts="True"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid09_1" name="TCP">
+      </ServiceGroup><ServiceGroup id="stdid09_1" name="TCP">
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="70" dst_range_start="70" fin_flag="False" fin_flag_mask="False" id="id3C1A66EF" name="gopher" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="6667" dst_range_start="6667" fin_flag="False" fin_flag_mask="False" id="tcp-IRC" name="irc" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="3128" dst_range_start="3128" fin_flag="False" fin_flag_mask="False" id="id3B5009F7" name="squid" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="port range" dst_range_end="11000" dst_range_start="10000" fin_flag="False" fin_flag_mask="False" id="id3B20468D" name="test-TCP" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="True" ack_flag_mask="True" comment="" dst_range_end="0" dst_range_start="0" fin_flag="True" fin_flag_mask="True" id="id3B58E3F1" name="xmas-tree" psh_flag="False" psh_flag_mask="True" rst_flag="True" rst_flag_mask="True" src_range_end="0" src_range_start="0" syn_flag="True" syn_flag_mask="True" urg_flag="False" urg_flag_mask="True"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid08_1" name="UDP">
+      </ServiceGroup><ServiceGroup id="stdid08_1" name="UDP">
         <UDPService comment="" dst_range_end="500" dst_range_start="500" id="id3DEA6281" name="ISAKMP" src_range_end="0" src_range_start="0"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid13_1" name="Custom">
+      </ServiceGroup><ServiceGroup id="stdid13_1" name="Custom">
         <CustomService comment="Talk support" id="id3B64FE22" name="talk">
           <CustomServiceCommand platform="Undefined"/>
           <CustomServiceCommand platform="ipfilter"/>
           <CustomServiceCommand platform="iptables">-m ip_conntrack_talk -m ip_nat_talk</CustomServiceCommand>
         </CustomService>
       </ServiceGroup>
+      <ServiceGroup id="stdid05_1_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="stdid12_1" name="Firewalls">
       <Firewall comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" host_OS="freebsd" id="fw-firewall2" inactive="False" lastCompiled="1172982686" lastInstalled="0" lastModified="1156049375" name="firewall" platform="ipf" ro="False" version="">
@@ -5842,13 +5827,8 @@
       <ObjectGroup id="id4386560918752" name="Address Ranges"/>
     </ObjectGroup>
     <ServiceGroup id="id4386560A18752" name="Services">
-      <ServiceGroup id="id4386560A18752_og_tag_1" name="TagServices"/>
-      <ServiceGroup id="id4386560B18752" name="Groups"/>
-      <ServiceGroup id="id4386560C18752" name="ICMP"/>
-      <ServiceGroup id="id4386560D18752" name="IP"/>
-      <ServiceGroup id="id4386560E18752" name="TCP"/>
-      <ServiceGroup id="id4386560F18752" name="UDP"/>
-      <ServiceGroup id="id4386561018752" name="Custom"/>
+      <ServiceGroup id="id4386560A18752_og_tag_1" name="TagServices"/><ServiceGroup id="id4386560B18752" name="Groups"/><ServiceGroup id="id4386560C18752" name="ICMP"/><ServiceGroup id="id4386560D18752" name="IP"/><ServiceGroup id="id4386560E18752" name="TCP"/><ServiceGroup id="id4386560F18752" name="UDP"/><ServiceGroup id="id4386561018752" name="Custom"/>
+      <ServiceGroup id="id4386560A18752_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="id4386561118752" name="Firewalls"/>
     <IntervalGroup id="id4386561218752" name="Time"/>
@@ -5867,13 +5847,8 @@
       <ObjectGroup id="id4387B43F18346" name="Address Ranges"/>
     </ObjectGroup>
     <ServiceGroup id="id4387B44018346" name="Services">
-      <ServiceGroup id="id4387B44018346_og_tag_1" name="TagServices"/>
-      <ServiceGroup id="id4387B44118346" name="Groups"/>
-      <ServiceGroup id="id4387B44218346" name="ICMP"/>
-      <ServiceGroup id="id4387B44318346" name="IP"/>
-      <ServiceGroup id="id4387B44418346" name="TCP"/>
-      <ServiceGroup id="id4387B44518346" name="UDP"/>
-      <ServiceGroup id="id4387B44618346" name="Custom"/>
+      <ServiceGroup id="id4387B44018346_og_tag_1" name="TagServices"/><ServiceGroup id="id4387B44118346" name="Groups"/><ServiceGroup id="id4387B44218346" name="ICMP"/><ServiceGroup id="id4387B44318346" name="IP"/><ServiceGroup id="id4387B44418346" name="TCP"/><ServiceGroup id="id4387B44518346" name="UDP"/><ServiceGroup id="id4387B44618346" name="Custom"/>
+      <ServiceGroup id="id4387B44018346_userservices" name="User"/>
     </ServiceGroup>
     <ObjectGroup id="id4387B44718346" name="Firewalls"/>
     <IntervalGroup id="id4387B44818346" name="Time"/>
@@ -5885,8 +5860,7 @@
         <IPService comment="'Short' fragments" fragm="False" id="ip-IP_Fragments" lsrr="False" name="ip_fragments" protocol_num="0" rr="False" short_fragm="True" ssrr="False" ts="False"/>
         <IPService comment="Route recording packets" fragm="False" id="ip-RR" lsrr="False" name="RR" protocol_num="0" rr="True" short_fragm="False" ssrr="False" ts="False"/>
         <IPService comment="All sorts of Source Routing Packets" fragm="False" id="ip-SRR" lsrr="True" name="SRR" protocol_num="0" rr="False" short_fragm="False" ssrr="True" ts="False"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid09" name="TCP">
+      </ServiceGroup><ServiceGroup id="stdid09" name="TCP">
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="113" dst_range_start="113" fin_flag="False" fin_flag_mask="False" id="tcp-Auth" name="auth" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="53" dst_range_start="53" fin_flag="False" fin_flag_mask="False" id="tcp-DNS_zone_transf" name="dns-tcp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="21" dst_range_start="21" fin_flag="False" fin_flag_mask="False" id="tcp-FTP" name="ftp" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
@@ -5924,27 +5898,25 @@
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="3128" dst_range_start="3128" fin_flag="False" fin_flag_mask="False" id="id3B4FF09A" name="squid" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="1720" dst_range_start="1720" fin_flag="False" fin_flag_mask="False" id="id3AEDBEAC" name="H323" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
         <TCPService ack_flag="False" ack_flag_mask="False" comment="" dst_range_end="0" dst_range_start="0" fin_flag="False" fin_flag_mask="False" id="tcp-All_TCP" name="All TCP" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" src_range_end="0" src_range_start="0" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid08" name="UDP">
+      </ServiceGroup><ServiceGroup id="stdid08" name="UDP">
         <UDPService comment="" dst_range_end="53" dst_range_start="53" id="udp-DNS" name="domain" src_range_end="0" src_range_start="0"/>
         <UDPService comment="" dst_range_end="161" dst_range_start="161" id="udp-SNMP" name="snmp" src_range_end="0" src_range_start="0"/>
         <UDPService comment="" dst_range_end="68" dst_range_start="68" id="udp-bootpc" name="bootpc" src_range_end="0" src_range_start="0"/>
-      </ServiceGroup>
-      <ServiceGroup id="stdid10" name="Groups">
+      </ServiceGroup><ServiceGroup id="stdid10" name="Groups">
         <ServiceGroup comment="" id="sg-Useful_ICMP" name="Useful_ICMP">
           <ServiceRef ref="icmp-Time_exceeded"/>
           <ServiceRef ref="icmp-Time_exceeded_in_transit"/>
           <ServiceRef ref="icmp-ping_reply"/>
           <ServiceRef ref="icmp-Unreachables"/>
         </ServiceGroup>
-      </ServiceGroup>
-      <ServiceGroup id="stdid07" name="ICMP">
+      </ServiceGroup><ServiceGroup id="stdid07" name="ICMP">
         <ICMPService code="0" comment="" id="icmp-ping_request" name="ping request" type="8"/>
         <ICMPService code="-1" comment="" id="icmp-Unreachables" name="all ICMP unreachables" type="3"/>
         <ICMPService code="0" comment="ICMP messages of this type are needed for traceroute" id="icmp-Time_exceeded" name="time exceeded" type="11"/>
         <ICMPService code="1" comment="" id="icmp-Time_exceeded_in_transit" name="time exceeded in transit" type="11"/>
         <ICMPService code="0" comment="" id="icmp-ping_reply" name="ping reply" type="0"/>
       </ServiceGroup>
+      <ServiceGroup id="stdid05_userservices" name="User"/>
     </ServiceGroup>
     <AnyNetwork comment="Any Network" id="sysid0" name="Any" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyInterval comment="Any Interval" from_day="-1" from_hour="-1" from_minute="-1" from_month="-1" from_weekday="-1" from_year="-1" id="sysid2" name="Any" to_day="-1" to_hour="-1" to_minute="-1" to_month="-1" to_weekday="-1" to_year="-1"/>
diff --git a/test/ipf/run.all b/test/ipf/run.all
index d6077e92b..7266526a3 100755
--- a/test/ipf/run.all
+++ b/test/ipf/run.all
@@ -8,6 +8,8 @@ while (<>) {
   while ( $str=~ /<Firewall / ) {
     $str=~ /<Firewall [^>]+name="([^"]*).*$"/;
     $fw=$1;
+    printf "\n";
+    printf "echo '******* $fw'\n";
     printf "fwb_ipf -v -f $XMLFILE $fw\n";
     $str=~ s/^.*<Firewall [^>]+name="$fw"[^>]+>//;
   }