NATCompiler_pf.cpp (_expand_addr): see #2455 NAT Compiler for PF

should use "(interface)" syntax to the right of "->" in NAT rules. This now works for all interfaces, including those that have ip addresses in fwbuilder configuration, when interface object appears in "Translated Source" in a nat rule. When firewall object appears in "Translated Source", it gets replaced with a set of its interfaces which also get translated into "-> (interface)".
2026-03-21 02:37:16 +01:00 · 2011-06-03 18:59:44 -07:00 · 2011-06-03 18:59:44 -07:00 · 6a9fdbf3af
commit 6a9fdbf3af
parent 15bab71f49
105 changed files with 359 additions and 249 deletions
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@ -1,5 +1,13 @@
 2011-06-03  vadim  <vadim@netcitadel.com>
 	* NATCompiler_pf.cpp (_expand_addr): see #2455 NAT Compiler for PF
 	should use "(interface)" syntax to the right of "->" in NAT rules.
 	This now works for all interfaces, including those that have ip
 	addresses in fwbuilder configuration, when interface object
 	appears in "Translated Source" in a nat rule. When firewall object
 	appears in "Translated Source", it gets replaced with a set of its
 	interfaces which also get translated into "-> (interface)".
 	* NATCompiler_ipt.cpp (compile): see #2456 Added support for
 	single object negation in "Inbound Interface" and "Outbound
 	Interface" columns in compiler for iptables.
--- a/src/pflib/NATCompiler_pf.cpp
+++ b/src/pflib/NATCompiler_pf.cpp
@ -119,6 +119,39 @@ string NATCompiler_pf::debugPrintRule(libfwbuilder::Rule *r)
        " (type=" + rule->getRuleTypeAsString() + ")";
 }
 void NATCompiler_pf::_expand_addr(Rule *rule,
                                  FWObject *s,
                                  bool expand_cluster_interfaces_fully)
 {
    if (RuleElementTSrc::isA(s))
    {
        // do not replace interfaces with their ip addresses in TSrc
        // to be able to generate "nat ... -> (em0)" command later
        list<FWObject*> interfaces_in_re;
        for (FWObject::iterator i1=s->begin(); i1!=s->end(); ++i1) 
        {
            FWObject *o = FWReference::getObject(*i1);
            assert(o);
            if (Interface::isA(o))
                interfaces_in_re.push_back(o);
        }
        if (interfaces_in_re.size() > 1)
        {
            for (list<FWObject*>::iterator i=interfaces_in_re.begin();
                 i!=interfaces_in_re.end(); ++i) s->removeRef(*i);
            NATCompiler::_expand_addr(
                rule, s, expand_cluster_interfaces_fully);
            for (list<FWObject*>::iterator i=interfaces_in_re.begin();
                 i!=interfaces_in_re.end(); ++i) s->addRef(*i);
        }
    } else
        NATCompiler::_expand_addr(
            rule, s, expand_cluster_interfaces_fully);
 }
 bool NATCompiler_pf::NATRuleType::processNext()
 {
    NATRule *rule=getNext(); if (rule==NULL) return false;
--- a/src/pflib/NATCompiler_pf.h
+++ b/src/pflib/NATCompiler_pf.h
@ -87,6 +87,10 @@ namespace fwcompiler
        virtual std::string debugPrintRule(libfwbuilder::Rule *rule);
 	virtual void _expand_addr(libfwbuilder::Rule *rule,
                                  libfwbuilder::FWObject *s,
                                  bool expand_cluster_interfaces_fully);
        /**
         * analyse given address and decide which interface this NAT
         * rule should be tied to. If interface is found, use
--- a/src/pflib/NATCompiler_pf_writers.cpp
+++ b/src/pflib/NATCompiler_pf_writers.cpp
@ -521,12 +521,8 @@ void NATCompiler_pf::PrintRule::_printAddr(FWObject *o)
    if (Interface::cast(o)!=NULL)
    {
-        Interface *iface=Interface::cast(o);
+        compiler->output << "(" << o->getName() << ") ";
-        if (iface->isDyn())
+        return;
        {
            compiler->output << "(" << iface->getName() << ") ";
            return;
        }
    }
    Address *a = Address::cast(o);
--- a/test/pf/firewall-base-rulesets.fw.orig
+++ b/test/pf/firewall-base-rulesets.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:38 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:43 2011 PDT by vadim
 #
 # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
 # files:   firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
@ -169,7 +169,7 @@ configure_interfaces() {
    update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:38 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:43 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall-ipv6-1.fw.orig
+++ b/test/pf/firewall-ipv6-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:39 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:43 2011 PDT by vadim
 #
 # files: * firewall-ipv6-1.fw pf-ipv6.fw
 # files:   firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
@ -181,7 +181,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:39 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:43 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall-ipv6-2.fw.orig
+++ b/test/pf/firewall-ipv6-2.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:39 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * firewall-ipv6-2.fw pf.fw
 # files:   firewall-ipv6-2.conf pf.conf
@ -185,7 +185,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:39 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:44 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall-ipv6-3.fw.orig
+++ b/test/pf/firewall-ipv6-3.fw.orig
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
 # files:   firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf
--- a/test/pf/firewall.conf.orig
+++ b/test/pf/firewall.conf.orig
@ -32,8 +32,8 @@ table <tbl.r9.s> { 211.11.11.11 , 211.22.22.22 }
 # 
 # Rule  0 (NAT)
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1) 
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  2 (NAT)
 rdr proto tcp from any to <tbl.r2> port 25 -> 192.168.1.10 port 25 
--- a/test/pf/firewall.fw.orig
+++ b/test/pf/firewall.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:13 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:17 2011 PDT by vadim
 #
 # files: * firewall.fw /etc/pf.fw
 # files:   firewall.conf /etc/pf.conf
@ -173,7 +173,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:13 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:17 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall1.conf.orig
+++ b/test/pf/firewall1.conf.orig
@ -38,14 +38,14 @@ nat proto {tcp udp icmp} from 192.168.1.10 to any -> 22.22.22.23
 nat proto {tcp udp icmp} from ! 192.168.1.0/24 to 200.200.200.200 -> 22.22.22.23 
 # 
 # Rule  3 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1) 
-nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 
+nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth2) 
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3) 
 # 
 # Rule  4 (NAT)
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1) 
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3) 
 # 
 # Rule  5 (NAT)
 # more examples
@ -55,22 +55,22 @@ nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23
 nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.50 , 22.22.22.51 } 
 # 
 # Rule  6 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth0) 
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.22.22 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth1) 
-nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1 
+nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth2) 
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 22.22.23.23 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth3) 
 # 
 # Rule  7 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth0) 
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.22.22 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth1) 
-nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 192.168.2.1 
+nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth2) 
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> 22.22.23.23 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! <tbl.r7> -> (eth3) 
 # 
 # Rule  8 (NAT)
-nat on  eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth0) 
-nat on  eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.22.22 
+nat on  eth1 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth1) 
-nat on  eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 192.168.2.1 
+nat on  eth2 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth2) 
-nat on  eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> 22.22.23.23 
+nat on  eth3 proto {tcp udp icmp} from ! 192.168.2.0/24 to any -> (eth3) 
 # 
 # Rule  9 (NAT)
 rdr proto tcp from 192.168.1.0/24 to ! <tbl.r9> port 80 -> 127.0.0.1 port 3128 
--- a/test/pf/firewall1.fw.orig
+++ b/test/pf/firewall1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:13 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:18 2011 PDT by vadim
 #
 # files: * firewall1.fw /etc/fw/firewall1.fw
 # files:   firewall1.conf /etc/fw/firewall1.conf
@ -76,7 +76,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:13 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:18 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall10-1.conf.orig
+++ b/test/pf/firewall10-1.conf.orig
@ -7,7 +7,7 @@ scrub in all fragment reassemble
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  backup ssh access rule
--- a/test/pf/firewall10-1.fw.orig
+++ b/test/pf/firewall10-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:14 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:19 2011 PDT by vadim
 #
 # files: * firewall10-1.fw /etc/fw/firewall10-1.fw
 # files:   firewall10-1.conf /etc/fw/firewall10-1.conf
@ -74,7 +74,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:14 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:19 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall10-2.conf.orig
+++ b/test/pf/firewall10-2.conf.orig
@ -8,7 +8,7 @@ scrub in all fragment reassemble
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  backup ssh access rule
--- a/test/pf/firewall10-2.fw.orig
+++ b/test/pf/firewall10-2.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:15 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:20 2011 PDT by vadim
 #
 # files: * firewall10-2.fw /etc/fw/firewall10-2.fw
 # files:   firewall10-2.conf /etc/fw/firewall10-2.conf
@ -74,7 +74,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:15 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:20 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall10-3.conf.orig
+++ b/test/pf/firewall10-3.conf.orig
@ -7,7 +7,7 @@ scrub in all fragment reassemble
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  backup ssh access rule
--- a/test/pf/firewall10-3.fw.orig
+++ b/test/pf/firewall10-3.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:16 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:21 2011 PDT by vadim
 #
 # files: * firewall10-3.fw /etc/fw/firewall10-3.fw
 # files:   firewall10-3.conf /etc/fw/firewall10-3.conf
@ -76,7 +76,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:16 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:21 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall10-4.conf.orig
+++ b/test/pf/firewall10-4.conf.orig
@ -8,7 +8,7 @@ scrub in all fragment reassemble
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  backup ssh access rule
--- a/test/pf/firewall10-4.fw.orig
+++ b/test/pf/firewall10-4.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:18 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:22 2011 PDT by vadim
 #
 # files: * firewall10-4.fw /etc/fw/firewall10-4.fw
 # files:   firewall10-4.conf /etc/fw/firewall10-4.conf
@ -76,7 +76,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:18 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:22 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall10-5.conf.orig
+++ b/test/pf/firewall10-5.conf.orig
@ -7,7 +7,7 @@ scrub in all fragment reassemble
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  backup ssh access rule
--- a/test/pf/firewall10-5.fw.orig
+++ b/test/pf/firewall10-5.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:20 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:24 2011 PDT by vadim
 #
 # files: * firewall10-5.fw /etc/fw/firewall10-5.fw
 # files:   firewall10-5.conf /etc/fw/firewall10-5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:20 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:24 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall10-6.conf.orig
+++ b/test/pf/firewall10-6.conf.orig
@ -8,7 +8,7 @@ scrub in all fragment reassemble
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  backup ssh access rule
--- a/test/pf/firewall10-6.fw.orig
+++ b/test/pf/firewall10-6.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:20 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:25 2011 PDT by vadim
 #
 # files: * firewall10-6.fw /etc/fw/firewall10-6.fw
 # files:   firewall10-6.conf /etc/fw/firewall10-6.conf
@ -77,7 +77,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:20 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:25 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall100.fw.orig
+++ b/test/pf/firewall100.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:13 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:18 2011 PDT by vadim
 #
 # files: * firewall100.fw /etc/fw/pf.fw
 # files:   firewall100.conf /etc/fw/path\ with\ space/pf.conf
@ -167,7 +167,7 @@ configure_interfaces() {
    update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:13 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:18 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall101.fw.orig
+++ b/test/pf/firewall101.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:14 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:19 2011 PDT by vadim
 #
 # files: * firewall101.fw /etc/fw/pf.fw
 # files:   firewall101.conf /etc/fw/path\ with\ space/pf.conf
@ -170,7 +170,7 @@ configure_interfaces() {
    update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:14 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:19 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall102.fw.orig
+++ b/test/pf/firewall102.fw.orig
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:15 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:20 2011 PDT by vadim
 #
 # files: * firewall102.fw /etc/fw/pf.fw
 # files:   firewall102.conf /etc/fw/path\ with\ space/pf.conf
--- a/test/pf/firewall103-1.fw.orig
+++ b/test/pf/firewall103-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:17 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:22 2011 PDT by vadim
 #
 # files: * firewall103-1.fw /etc/fw/pf.fw
 # files:   firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
@ -394,7 +394,7 @@ configure_interfaces() {
    update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:17 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:22 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall103-2.fw.orig
+++ b/test/pf/firewall103-2.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:17 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:22 2011 PDT by vadim
 #
 # files: * firewall103-2.fw /etc/fw/pf.fw
 # files:   firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
@ -394,7 +394,7 @@ configure_interfaces() {
    update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:17 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:22 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall103.fw.orig
+++ b/test/pf/firewall103.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:16 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:21 2011 PDT by vadim
 #
 # files: * firewall103.fw /etc/fw/pf.fw
 # files:   firewall103.conf /etc/fw/path\ with\ space/pf.conf
@ -397,7 +397,7 @@ configure_interfaces() {
    update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:16 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:21 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall104-1.fw.orig
+++ b/test/pf/firewall104-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:19 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:23 2011 PDT by vadim
 #
 # files: * firewall104-1.fw /etc/fw/pf.fw
 # files:   firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
@ -393,7 +393,7 @@ configure_interfaces() {
    $IFCONFIG bridge0 -stp em3
 }
-log "Activating firewall script generated Fri Jun  3 17:49:19 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:23 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall104.fw.orig
+++ b/test/pf/firewall104.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:18 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:22 2011 PDT by vadim
 #
 # files: * firewall104.fw /etc/fw/pf.fw
 # files:   firewall104.conf /etc/fw/path\ with\ space/pf.conf
@ -396,7 +396,7 @@ configure_interfaces() {
    $IFCONFIG bridge0 stp em3
 }
-log "Activating firewall script generated Fri Jun  3 17:49:18 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:22 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall105.fw.orig
+++ b/test/pf/firewall105.fw.orig
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:19 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:23 2011 PDT by vadim
 #
 # files: * firewall105.fw /etc/fw/pf.fw
 # files:   firewall105.conf /etc/fw/path\ with\ space/pf.conf
--- a/test/pf/firewall106.fw.orig
+++ b/test/pf/firewall106.fw.orig
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:20 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:24 2011 PDT by vadim
 #
 # files: * firewall106.fw /etc/fw/pf.fw
 # files:   firewall106.conf /etc/fw/path\ with\ space/pf.conf
--- a/test/pf/firewall107.fw.orig
+++ b/test/pf/firewall107.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:21 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:25 2011 PDT by vadim
 #
 # files: * firewall107.fw /etc/fw/pf.fw
 # files:   firewall107.conf /etc/fw/path\ with\ space/pf.conf
@ -395,7 +395,7 @@ configure_interfaces() {
    update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:21 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:25 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall108.fw.orig
+++ b/test/pf/firewall108.fw.orig
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:21 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:26 2011 PDT by vadim
 #
 # files: * firewall108.fw /etc/fw/pf.fw
 # files:   firewall108.conf /etc/fw/path\ with\ space/pf.conf
--- a/test/pf/firewall109-1.fw.orig
+++ b/test/pf/firewall109-1.fw.orig
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:22 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:27 2011 PDT by vadim
 #
 # files: * firewall109-1.fw /etc/fw/pf.fw
 # files:   firewall109-1.conf /etc/fw/path\ with\ space/pf.conf
--- a/test/pf/firewall109-2.fw.orig
+++ b/test/pf/firewall109-2.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:22 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:27 2011 PDT by vadim
 #
 # files: * firewall109-2.fw /etc/fw/pf.fw
 # files:   firewall109-2.conf /etc/fw/path\ with\ space/pf.conf
@ -400,7 +400,7 @@ configure_interfaces() {
    update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:22 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:27 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall109-3.fw.orig
+++ b/test/pf/firewall109-3.fw.orig
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:23 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:28 2011 PDT by vadim
 #
 # files: * firewall109-3.fw /etc/fw/pf.fw
 # files:   firewall109-3.conf /etc/fw/path\ with\ space/pf.conf
--- a/test/pf/firewall109.fw.orig
+++ b/test/pf/firewall109.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:21 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:26 2011 PDT by vadim
 #
 # files: * firewall109.fw /etc/fw/pf.fw
 # files:   firewall109.conf /etc/fw/path\ with\ space/pf.conf
@ -401,7 +401,7 @@ configure_interfaces() {
    update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:21 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:26 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall11.fw.orig
+++ b/test/pf/firewall11.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:23 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:28 2011 PDT by vadim
 #
 # files: * firewall11.fw /etc/firewall11.fw
 # files:   firewall11.conf /etc/firewall11.conf
@ -77,7 +77,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:23 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:28 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall110.fw.orig
+++ b/test/pf/firewall110.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:24 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:28 2011 PDT by vadim
 #
 # files: * firewall110.fw /etc/fw/firewall110.fw
 # files:   firewall110.conf /etc/fw/firewall110.conf
@ -76,7 +76,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:24 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:28 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall111.fw.orig
+++ b/test/pf/firewall111.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:24 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:29 2011 PDT by vadim
 #
 # files: * firewall111.fw /etc/fw/firewall111.fw
 # files:   firewall111.conf /etc/fw/firewall111.conf
@ -86,7 +86,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:24 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:29 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall12.conf.orig
+++ b/test/pf/firewall12.conf.orig
@ -10,8 +10,8 @@ table <tbl.r4> { 22.22.22.22 , 22.22.23.22 }
 rdr proto tcp from any to <tbl.r4> port 80 -> 127.0.0.1 port 8080 
 # 
 # Rule  7 (NAT)
-nat on  en0 proto udp from any port 6767 to any  -> 22.22.22.22 port 67 
+nat on  en0 proto udp from any port 6767 to any  -> (en0) port 67 
-nat on  en1 proto udp from any port 6767 to any  -> 22.22.23.22 port 67 
+nat on  en1 proto udp from any port 6767 to any  -> (en1) port 67 
 # 
 # Rule  9 (NAT)
 rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080 
@ -19,33 +19,33 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 8080
 # Rule  10 (NAT)
 # SDNAT 
 rdr proto tcp from any to <tbl.r4> port 22 -> 192.168.1.10 port 22 
-nat on  en0 proto tcp from any to 192.168.1.10 port 22 -> 22.22.22.22 
+nat on  en0 proto tcp from any to 192.168.1.10 port 22 -> (en0) 
-nat on  en1 proto tcp from any to 192.168.1.10 port 22 -> 22.22.23.22 
+nat on  en1 proto tcp from any to 192.168.1.10 port 22 -> (en1) 
 # 
 # Rule  11 (NAT)
 # SDNAT with source port
 rdr proto udp from any port 123 to <tbl.r4>  -> 192.168.1.10  
-nat on  en0 proto udp from any port 123 to 192.168.1.10  -> 22.22.22.22 port 5050 
+nat on  en0 proto udp from any port 123 to 192.168.1.10  -> (en0) port 5050 
-nat on  en1 proto udp from any port 123 to 192.168.1.10  -> 22.22.23.22 port 5050 
+nat on  en1 proto udp from any port 123 to 192.168.1.10  -> (en1) port 5050 
 # 
 # Rule  12 (NAT)
 # SDNAT with dest port
 rdr proto udp from 192.168.1.0/24 to any port 53 -> 192.168.1.10 port 1053 
-nat on  en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 
+nat on  en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en0) 
-nat on  en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 
+nat on  en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en1) 
 # 
 # Rule  13 (NAT)
 # SDNAT
 # translate src and dst addresses
 # and src and dst ports
 rdr proto udp from 192.168.1.0/24 port 1024:65535 to any port 53 -> 192.168.1.10 port 1053 
-nat on  en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.22.22 port 32767:* 
+nat on  en0 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en0) port 32767:* 
-nat on  en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> 22.22.23.22 port 32767:* 
+nat on  en1 proto udp from 192.168.1.0/24 to 192.168.1.10 port 1053 -> (en1) port 32767:* 
 # 
 # Rule  14 (NAT)
 # Matches destination port, translates source port
-nat on  en0 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.22.22 port 5050 
+nat on  en0 proto udp from 192.168.1.0/24 to any port 53 -> (en0) port 5050 
-nat on  en1 proto udp from 192.168.1.0/24 to any port 53 -> 22.22.23.22 port 5050 
+nat on  en1 proto udp from 192.168.1.0/24 to any port 53 -> (en1) port 5050 
 # 
 # Rule  0 (global)
--- a/test/pf/firewall12.fw.orig
+++ b/test/pf/firewall12.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:25 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:29 2011 PDT by vadim
 #
 # files: * firewall12.fw /etc/fw/firewall12.fw
 # files:   firewall12.conf /etc/fw/firewall12.conf
@ -165,7 +165,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:25 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:29 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall13.fw.orig
+++ b/test/pf/firewall13.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:25 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:29 2011 PDT by vadim
 #
 # files: * firewall13.fw /etc/fw/firewall13.fw
 # files:   firewall13.conf /etc/fw/firewall13.conf
@ -88,7 +88,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:25 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:29 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall14-1.fw.orig
+++ b/test/pf/firewall14-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:26 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:30 2011 PDT by vadim
 #
 # files: * firewall14-1.fw /etc/firewall14-1.fw
 # files:   firewall14-1.conf /etc/firewall14-1.conf
@ -248,7 +248,7 @@ configure_interfaces() {
    update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:26 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:30 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall14.fw.orig
+++ b/test/pf/firewall14.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:26 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:30 2011 PDT by vadim
 #
 # files: * firewall14.fw /etc/firewall14.fw
 # files:   firewall14.conf /etc/firewall14.conf
@ -248,7 +248,7 @@ configure_interfaces() {
    update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:26 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:30 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall2-1.conf.orig
+++ b/test/pf/firewall2-1.conf.orig
@ -53,7 +53,7 @@ no nat proto tcp from any to 22.22.22.22
 no rdr proto tcp from any to 22.22.22.22 
 # 
 # Rule  11 (NAT)
-rdr proto tcp from any to 22.22.22.22 port 1080 -> { 192.168.1.10 , 192.168.1.20 } port 1080 
+rdr proto tcp from any to (eth1) port 1080 -> { 192.168.1.10 , 192.168.1.20 } port 1080 
 # 
 # Rule  14 (NAT)
 nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.0/28 
--- a/test/pf/firewall2-1.fw.orig
+++ b/test/pf/firewall2-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:28 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:32 2011 PDT by vadim
 #
 # files: * firewall2-1.fw /etc/fw/firewall2-1.fw
 # files:   firewall2-1.conf /etc/fw/firewall2-1.conf
@ -88,7 +88,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:28 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:32 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall2-6.fw.orig
+++ b/test/pf/firewall2-6.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:28 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:33 2011 PDT by vadim
 #
 # files: * firewall2-6.fw /etc/firewall2-6.fw
 # files:   firewall2-6.conf /etc/firewall2-6.conf
@ -170,7 +170,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:28 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:33 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall2.conf.orig
+++ b/test/pf/firewall2.conf.orig
@ -24,16 +24,17 @@ scrub out all random-id min-ttl  32 max-mss  1460
 # Tables: (4)
 table <tbl.r1> { 192.168.1.10 , 192.168.1.20 } 
-table <tbl.r16> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } 
+table <tbl.r16> { eth4 , 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } 
 table <tbl.r29> { 192.168.1.0/24 , 192.168.2.0/24 } 
 table <tbl.r5.s> { self  , 192.168.1.0/24 } 
 # 
 # Rule  0 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.22 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1) 
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.23.23 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3) 
-nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 
+nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth2) 
 nat on  eth4 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth4) 
 # 
 # Rule  1 (NAT)
 nat proto {tcp udp icmp} from <tbl.r1> to any -> 22.22.22.23 
@ -42,10 +43,11 @@ nat proto {tcp udp icmp} from <tbl.r1> to any -> 22.22.22.23
 nat proto {tcp udp icmp} from 192.168.1.0/24 to <tbl.r1> -> 192.168.1.1 
 # 
 # Rule  3 (NAT)
-nat on  eth0 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1 
+nat on  eth0 proto tcp from 192.168.1.0/24 to any port 80 -> (eth0) 
-nat on  eth1 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.22.22 
+nat on  eth1 proto tcp from 192.168.1.0/24 to any port 80 -> (eth1) 
-nat on  eth3 proto tcp from 192.168.1.0/24 to any port 80 -> 22.22.23.23 
+nat on  eth3 proto tcp from 192.168.1.0/24 to any port 80 -> (eth3) 
-nat on  eth2 proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.2.1 
+nat on  eth2 proto tcp from 192.168.1.0/24 to any port 80 -> (eth2) 
 nat on  eth4 proto tcp from 192.168.1.0/24 to any port 80 -> (eth4) 
 # 
 # Rule  4 (NAT)
 nat proto tcp from <tbl.r1> to any port 80 -> 22.22.22.23 
@ -54,10 +56,11 @@ nat proto tcp from <tbl.r1> to any port 80 -> 22.22.22.23
 nat proto tcp from 192.168.1.0/24 to <tbl.r1> port 80 -> 192.168.1.1 
 # 
 # Rule  6 (NAT)
-nat on  eth0 proto 47 from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto 47 from 192.168.1.0/24 to any -> (eth0) 
-nat on  eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22 
+nat on  eth1 proto 47 from 192.168.1.0/24 to any -> (eth1) 
-nat on  eth3 proto 47 from 192.168.1.0/24 to any -> 22.22.23.23 
+nat on  eth3 proto 47 from 192.168.1.0/24 to any -> (eth3) 
-nat on  eth2 proto 47 from 192.168.1.0/24 to any -> 192.168.2.1 
+nat on  eth2 proto 47 from 192.168.1.0/24 to any -> (eth2) 
 nat on  eth4 proto 47 from 192.168.1.0/24 to any -> (eth4) 
 # 
 # Rule  7 (NAT)
 nat proto icmp from <tbl.r1> to any -> 22.22.22.23 
@ -110,7 +113,7 @@ rdr proto tcp from any to 22.22.22.23 port 80 -> 192.168.1.10 port 25
 rdr proto tcp from 192.168.1.0/24 to any port 80 -> 127.0.0.1 port 80 
 # 
 # Rule  26 (NAT)
-rdr proto tcp from 192.168.1.0/24 to any port 80 -> 192.168.1.1 port 80 
+rdr proto tcp from 192.168.1.0/24 to any port 80 -> (eth0) port 80 
 # 
 # Rule  27 (NAT)
 rdr proto tcp from any to <tbl.r16> port 1080 -> 127.0.0.1 port 80 
@ -145,6 +148,12 @@ nat on  eth1 proto tcp from 192.168.1.0/24 to any  -> 22.22.22.22
 nat on  eth1 proto udp from 192.168.1.0/24 to any  -> 22.22.22.22 
 nat on  eth1 proto 47 from 192.168.1.0/24 to any -> 22.22.22.22 
 nat on  eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22 
 # 
 # Rule  34 (NAT)
 nat on  eth0 proto tcp from 192.168.1.0/24 to any port 80 -> (eth0) 
 # 
 # Rule  35 (NAT)
 nat on  eth4 proto tcp from 192.168.1.0/24 to any port 80 -> (eth4) 
 # Policy compiler errors and warnings:
 # firewall2:Policy:12: warning: Changing rule direction due to self reference
--- a/test/pf/firewall2.fw.orig
+++ b/test/pf/firewall2.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:27 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:31 2011 PDT by vadim
 #
 # files: * firewall2.fw /etc/fw/firewall2.fw
 # files:   firewall2.conf /etc/fw/firewall2.conf
@ -73,7 +73,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:27 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:31 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall20.conf.orig
+++ b/test/pf/firewall20.conf.orig
@ -3,17 +3,18 @@
 # 
 # Rule  0 (NAT)
-nat on  dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  dc2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc2) 
-nat on  { dc0 dc1 } proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 10.1.1.1 , 222.222.222.20 , 222.222.222.21 } 
+nat on  dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc0) 
 nat on  dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc1) 
 # 
 # Rule  1 (NAT)
-nat on  dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20 
+nat on  dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (dc1) 
 # 
 # Rule  2 (NAT)
 nat on  dc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.20 
 # 
 # Rule  3 (NAT)
-nat on  dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.21 
+nat on  dc0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.40 
 # 
 # Rule  0 (dc0)
--- a/test/pf/firewall20.fw.orig
+++ b/test/pf/firewall20.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:27 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:31 2011 PDT by vadim
 #
 # files: * firewall20.fw /etc/fw/firewall20.fw
 # files:   firewall20.conf /etc/fw/firewall20.conf
@ -73,7 +73,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:27 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:31 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall21-NAT_1.conf.orig
+++ b/test/pf/firewall21-NAT_1.conf.orig
@ -1,5 +1,5 @@
 # 
 # Rule  NAT_1 0 (NAT)
-nat on  en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en1) 
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0) 
--- a/test/pf/firewall21.fw.orig
+++ b/test/pf/firewall21.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:27 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:32 2011 PDT by vadim
 #
 # files: * firewall21.fw /etc/fw/firewall21.fw
 # files:   firewall21.conf /etc/fw/firewall21.conf
@ -81,7 +81,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:27 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:32 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall22-NAT_1.conf.orig
+++ b/test/pf/firewall22-NAT_1.conf.orig
@ -1,5 +1,5 @@
 # 
 # Rule  NAT_1 0 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  en1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en1) 
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0) 
--- a/test/pf/firewall22.fw.orig
+++ b/test/pf/firewall22.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:28 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:33 2011 PDT by vadim
 #
 # files: * firewall22.fw /etc/fw/firewall22.fw
 # files:   firewall22.conf /etc/fw/firewall22.conf
@ -80,7 +80,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:28 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:33 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall3.conf.orig
+++ b/test/pf/firewall3.conf.orig
@ -22,7 +22,7 @@ scrub out all random-id
 nat on  le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.21 
 # 
 # Rule  1 (NAT)
-nat on  le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 22.22.22.21 , 22.22.22.22 } bitmask 
+nat on  le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le0) bitmask 
 # 
 # Rule  2 (NAT)
 nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.0/28 source-hash 
--- a/test/pf/firewall3.fw.orig
+++ b/test/pf/firewall3.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:29 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:34 2011 PDT by vadim
 #
 # files: * firewall3.fw /etc/firewall3.fw
 # files:   firewall3.conf /etc/firewall3.conf
@ -165,7 +165,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:29 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:34 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall33.fw.orig
+++ b/test/pf/firewall33.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:29 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:34 2011 PDT by vadim
 #
 # files: * firewall33.fw /etc/fw/firewall33.fw
 # files:   firewall33.conf /etc/fw/firewall33.conf
@ -168,7 +168,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:29 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:34 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall34.conf.orig
+++ b/test/pf/firewall34.conf.orig
@ -30,7 +30,7 @@ no nat proto {tcp udp icmp} from 192.168.1.0/24 to <block these>
 no rdr proto {tcp udp icmp} from 192.168.1.0/24 to <block these> 
 # 
 # Rule  6 (NAT)
-rdr proto {tcp udp icmp} from 192.168.1.0/24 to <block these> -> 127.0.0.1 
+rdr proto {tcp udp icmp} from 192.168.1.0/24 to <block these> -> (lo) 
 # 
 # Rule  0 (global)
--- a/test/pf/firewall34.fw.orig
+++ b/test/pf/firewall34.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:30 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:35 2011 PDT by vadim
 #
 # files: * firewall34.fw /etc/fw/firewall34.fw
 # files:   firewall34.conf /etc/fw/firewall34.conf
@ -164,7 +164,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:30 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:35 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall38.conf.orig
+++ b/test/pf/firewall38.conf.orig
@ -7,12 +7,12 @@ scrub in all fragment reassemble
 # 
 # Rule  0 (NAT)
-nat on  le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le0) 
-nat on  enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 
+nat on  enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (enc1) 
 # 
 # Rule  1 (NAT)
-nat on  le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1 
+nat on  le0 from 192.168.1.0/24 to any tagged ipsec_tag -> (le0) 
-nat on  enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1 
+nat on  enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> (enc1) 
 # 
 # Rule  0 (le0)
--- a/test/pf/firewall38.fw.orig
+++ b/test/pf/firewall38.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:30 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:35 2011 PDT by vadim
 #
 # files: * firewall38.fw /etc/fw/firewall38.fw
 # files:   firewall38.conf /etc/fw/firewall38.conf
@ -76,7 +76,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:30 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:35 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall39.conf.orig
+++ b/test/pf/firewall39.conf.orig
@ -7,12 +7,12 @@ scrub in all fragment reassemble
 # 
 # Rule  0 (NAT)
-nat on  le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le0) 
-nat on  enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.2.1 
+nat on  enc1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (enc1) 
 # 
 # Rule  1 (NAT)
-nat on  le0 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.1.1 
+nat on  le0 from 192.168.1.0/24 to any tagged ipsec_tag -> (le0) 
-nat on  enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> 192.168.2.1 
+nat on  enc1 from 192.168.1.0/24 to any tagged ipsec_tag -> (enc1) 
 # 
 # Rule  0 (le0)
--- a/test/pf/firewall39.fw.orig
+++ b/test/pf/firewall39.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:31 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:35 2011 PDT by vadim
 #
 # files: * firewall39.fw pf.fw
 # files:   firewall39.conf pf.conf
@ -79,7 +79,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:31 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:35 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall4.conf.orig
+++ b/test/pf/firewall4.conf.orig
@ -19,16 +19,16 @@ table <tbl.r6.s> { 192.168.1.10 , 192.168.1.20 }
 #
 # 
 # Rule  0 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth0) 
 nat on  eth1 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth1) 
-nat on  eth2 proto {tcp udp icmp} from 192.168.1.10 to any -> 192.168.2.1 
+nat on  eth2 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth2) 
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.10 to any -> 222.222.222.222 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.10 to any -> (eth3) 
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth0) 
 nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth1) 
-nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 192.168.2.1 
+nat on  eth2 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth2) 
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> 222.222.222.222 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to ! 192.168.2.0/24 -> (eth3) 
 # 
 # Rule  2 (NAT)
 rdr proto tcp from any to <tbl.r2> port 22 -> 192.168.1.10 port 22 
@ -36,10 +36,10 @@ rdr proto tcp from any to <tbl.r2> port 22 -> 192.168.1.10 port 22
 # Rule  3 (NAT)
 # SDNAT rule
 rdr on  eth3 proto tcp from 192.168.1.0/24 to 222.222.222.222 port 80 -> 192.168.1.10 port 80 
-nat on  eth0 proto tcp from 192.168.1.0/24 to 192.168.1.10 port 80 -> 192.168.1.1 
+nat on  eth0 proto tcp from 192.168.1.0/24 to 192.168.1.10 port 80 -> (eth0) 
 # 
 # Rule  4 (NAT)
-nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 222.222.222.222 
+nat on  eth3 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth3) 
 # 
 # Rule  5 (NAT)
 # eth1 is dynamic
--- a/test/pf/firewall4.fw.orig
+++ b/test/pf/firewall4.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:31 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:36 2011 PDT by vadim
 #
 # files: * firewall4.fw pf.fw
 # files:   firewall4.conf /etc/fw/pf.conf
@ -77,7 +77,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:31 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:36 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall40-1.conf.orig
+++ b/test/pf/firewall40-1.conf.orig
@ -5,12 +5,12 @@
 # Rule  0 (NAT)
 # Translate source address
 # for outgoing connections
-nat on  le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 
+nat on  le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le1) 
 # 
 # Rule  1 (NAT)
 # Translate source address
 # for outgoing connections
-nat on  le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1 
+nat on  le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le2) 
 # Policy compiler errors and warnings:
 # firewall40-1:Policy:9: error: Only one router specified with load balancing for rule action Route: 'route_through'
--- a/test/pf/firewall40-1.fw.orig
+++ b/test/pf/firewall40-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:32 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:37 2011 PDT by vadim
 #
 # files: * firewall40-1.fw /etc/firewall40-1.fw
 # files:   firewall40-1.conf /etc/firewall40-1.conf
@ -182,7 +182,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:32 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:37 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall40.conf.orig
+++ b/test/pf/firewall40.conf.orig
@ -5,12 +5,12 @@
 # Rule  0 (NAT)
 # Translate source address
 # for outgoing connections
-nat on  le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.2.1 
+nat on  le1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le1) 
 # 
 # Rule  1 (NAT)
 # Translate source address
 # for outgoing connections
-nat on  le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.0.3.1 
+nat on  le2 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (le2) 
 # 
 # Rule  0 (lo0)
--- a/test/pf/firewall40.fw.orig
+++ b/test/pf/firewall40.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:32 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:36 2011 PDT by vadim
 #
 # files: * firewall40.fw /etc/firewall40.fw
 # files:   firewall40.conf /etc/firewall40.conf
@ -166,7 +166,7 @@ configure_interfaces() {
    update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:32 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:36 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall41.fw.orig
+++ b/test/pf/firewall41.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:33 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:37 2011 PDT by vadim
 #
 # files: * firewall41.fw /etc/firewall41.fw
 # files:   firewall41.conf /etc/firewall41.conf
@ -169,7 +169,7 @@ configure_interfaces() {
    update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:33 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:37 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall5.fw.orig
+++ b/test/pf/firewall5.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:33 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:37 2011 PDT by vadim
 #
 # files: * firewall5.fw /etc/fw/firewall5.fw
 # files:   firewall5.conf /etc/fw/firewall5.conf
@ -77,7 +77,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:33 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:37 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall51.fw.orig
+++ b/test/pf/firewall51.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:33 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:38 2011 PDT by vadim
 #
 # files: * firewall51.fw /etc/fw/firewall51.fw
 # files:   firewall51.conf /etc/fw/firewall51.conf
@ -80,7 +80,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:33 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:38 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall6.fw.orig
+++ b/test/pf/firewall6.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:34 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:38 2011 PDT by vadim
 #
 # files: * firewall6.fw /etc/fw/firewall6.fw
 # files:   firewall6.conf /etc/fw/firewall6.conf
@ -73,7 +73,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:34 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:38 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall62.fw.orig
+++ b/test/pf/firewall62.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:34 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:39 2011 PDT by vadim
 #
 # files: * firewall62.fw /etc/firewall62.fw
 # files:   firewall62.conf /etc/firewall62.conf
@ -191,7 +191,7 @@ configure_interfaces() {
    update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:34 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:39 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall63.fw.orig
+++ b/test/pf/firewall63.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:34 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:39 2011 PDT by vadim
 #
 # files: * firewall63.fw /etc/fw/firewall63.fw
 # files:   firewall63.conf /etc/fw/firewall63.conf
@ -77,7 +77,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:34 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:39 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall7.fw.orig
+++ b/test/pf/firewall7.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:35 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:40 2011 PDT by vadim
 #
 # files: * firewall7.fw /etc/fw/firewall7.fw
 # files:   firewall7.conf /etc/fw/firewall7.conf
@ -73,7 +73,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:35 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:40 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall70.fw.orig
+++ b/test/pf/firewall70.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:35 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:40 2011 PDT by vadim
 #
 # files: * firewall70.fw /etc/fw/firewall70.fw
 # files:   firewall70.conf /etc/fw/firewall70.conf
@ -82,7 +82,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:35 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:40 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall8.conf.orig
+++ b/test/pf/firewall8.conf.orig
@ -8,12 +8,12 @@ table <tbl.r4.d> { 33.33.33.33 , 33.33.33.34 }
 # 
 # Rule  0 (NAT)
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 } 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1) 
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 nat on  ppp0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (ppp0) 
 # 
 # Rule  1 (NAT)
-nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 33.33.33.33 , 33.33.33.34 } 
+nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth1) 
 # 
 # Rule  2 (NAT)
 nat on  eth1 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 33.33.33.33 
@ -34,7 +34,7 @@ rdr on  eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22
 rdr on  eth1 proto tcp from any to 33.33.33.34 port 22 -> 192.168.1.100 port 22 
 # 
 # Rule  8 (NAT)
-rdr proto tcp from 192.168.1.0/24 to any port 80 -> 33.33.33.34 port 80 
+rdr proto tcp from 192.168.1.0/24 to any port 80 -> (eth1) port 80 
 # 
 # Rule  0 (global)
--- a/test/pf/firewall8.fw.orig
+++ b/test/pf/firewall8.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:36 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:41 2011 PDT by vadim
 #
 # files: * firewall8.fw /etc/firewall8.fw
 # files:   firewall8.conf /etc/firewall8.conf
@ -72,7 +72,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:36 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:41 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall80-4.5.fw.orig
+++ b/test/pf/firewall80-4.5.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:37 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:41 2011 PDT by vadim
 #
 # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw
 # files:   firewall80-4.5.conf /etc/firewall80-4.5.conf
@ -73,7 +73,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:37 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:41 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall80.fw.orig
+++ b/test/pf/firewall80.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:36 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:41 2011 PDT by vadim
 #
 # files: * firewall80.fw /etc/firewall80.fw
 # files:   firewall80.conf /etc/firewall80.conf
@ -73,7 +73,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:36 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:41 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall9.conf.orig
+++ b/test/pf/firewall9.conf.orig
@ -3,7 +3,7 @@
 # 
 # Rule  1 (NAT)
-nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1 
+nat on  eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (eth0) 
 # 
 # Rule  0 (eth0)
--- a/test/pf/firewall9.fw.orig
+++ b/test/pf/firewall9.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:37 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:42 2011 PDT by vadim
 #
 # files: * firewall9.fw /etc/fw/firewall9.fw
 # files:   firewall9.conf /etc/fw/firewall9.conf
@ -76,7 +76,7 @@ configure_interfaces() {
 }
-log "Activating firewall script generated Fri Jun  3 17:49:37 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:42 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall91.fw.orig
+++ b/test/pf/firewall91.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:38 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:42 2011 PDT by vadim
 #
 # files: * firewall91.fw /etc/fw/pf.fw
 # files:   firewall91.conf /etc/fw/pf.conf
@ -247,7 +247,7 @@ configure_interfaces() {
    update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:38 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:42 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/firewall92.conf.orig
+++ b/test/pf/firewall92.conf.orig
@ -11,7 +11,7 @@ match out all scrub (random-id min-ttl  1 max-mss  1460)
 # firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions
 # 
 # Rule  0 (NAT)
-match out on  em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.81 
+match out on  em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to (em0) 
 # 
 # Rule  1 (NAT)
 match in on  em0 proto udp from ! 10.3.14.41 to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 
@ -20,7 +20,7 @@ match in on  em0 proto udp from ! 10.3.14.41 to 10.3.14.81 port 161 rdr-to 10.1.
 match in on  em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 161 
 # 
 # Rule  4 (NAT)
-match out on  em1 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.81 
+match out on  em1 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to (em0) 
 # 
 # Rule  5 (NAT)
 match out on ! em0 proto {tcp udp icmp} from 10.1.1.0/24 to any nat-to 10.3.14.201 
--- a/test/pf/firewall92.fw.orig
+++ b/test/pf/firewall92.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:38 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:42 2011 PDT by vadim
 #
 # files: * firewall92.fw /etc/fw/pf.fw
 # files:   firewall92.conf /etc/fw/path\ with\ space/pf.conf
@ -166,7 +166,7 @@ configure_interfaces() {
    update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:38 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:42 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/objects-for-regression-tests.fwb
+++ b/test/pf/objects-for-regression-tests.fwb
@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="21" lastModified="1305062906" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="21" lastModified="1307149160" id="root">
  <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
    <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
    <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@ -4434,7 +4434,7 @@
          <Option name="use_tables">True</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id3AFB66C6" host_OS="openbsd" inactive="False" lastCompiled="1261961536" lastInstalled="0" lastModified="1297365393" platform="pf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
+      <Firewall id="id3AFB66C6" host_OS="openbsd" inactive="False" lastCompiled="1261961536" lastInstalled="0" lastModified="1307149256" platform="pf" version="" name="firewall2" comment="this object has several interfaces and shows different rules for NAT. Also testing policy rule options " ro="False">
        <NAT id="id3AFB66C7" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
          <NATRule id="id3AFB66C8" disabled="False" group="" position="0" action="Translate" comment="">
            <OSrc neg="False">
@ -5392,6 +5392,60 @@
            </ItfOutb>
            <NATRuleOptions/>
          </NATRule>
          <NATRule id="id96271X9659" disabled="False" group="" position="34" action="Translate" comment="">
            <OSrc neg="False">
              <ObjectRef ref="net-Internal_net"/>
            </OSrc>
            <ODst neg="False">
              <ObjectRef ref="sysid0"/>
            </ODst>
            <OSrv neg="False">
              <ServiceRef ref="tcp-HTTP"/>
            </OSrv>
            <TSrc neg="False">
              <ObjectRef ref="id3AFB6703"/>
            </TSrc>
            <TDst neg="False">
              <ObjectRef ref="sysid0"/>
            </TDst>
            <TSrv neg="False">
              <ServiceRef ref="sysid1"/>
            </TSrv>
            <ItfInb neg="False">
              <ObjectRef ref="sysid0"/>
            </ItfInb>
            <ItfOutb neg="False">
              <ObjectRef ref="sysid0"/>
            </ItfOutb>
            <NATRuleOptions/>
          </NATRule>
          <NATRule id="id68651X9659" disabled="False" group="" position="35" action="Translate" comment="">
            <OSrc neg="False">
              <ObjectRef ref="net-Internal_net"/>
            </OSrc>
            <ODst neg="False">
              <ObjectRef ref="sysid0"/>
            </ODst>
            <OSrv neg="False">
              <ServiceRef ref="tcp-HTTP"/>
            </OSrv>
            <TSrc neg="False">
              <ObjectRef ref="id68617X9659"/>
            </TSrc>
            <TDst neg="False">
              <ObjectRef ref="sysid0"/>
            </TDst>
            <TSrv neg="False">
              <ServiceRef ref="sysid1"/>
            </TSrv>
            <ItfInb neg="False">
              <ObjectRef ref="sysid0"/>
            </ItfInb>
            <ItfOutb neg="False">
              <ObjectRef ref="sysid0"/>
            </ItfOutb>
            <NATRuleOptions/>
          </NATRule>
          <RuleSetOptions/>
        </NAT>
        <Policy id="id3AFB66E4" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
@ -5742,6 +5796,11 @@
          <IPv4 id="id3CD2449F-ipv4" name="lo:ip" comment="" ro="False" address="127.0.0.1" netmask="255.0.0.0"/>
          <InterfaceOptions/>
        </Interface>
        <Interface id="id68617X9659" dedicated_failover="False" dyn="True" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="eth4" comment="" ro="False">
          <InterfaceOptions>
            <Option name="type">ethernet</Option>
          </InterfaceOptions>
        </Interface>
        <Management address="192.168.2.1">
          <SNMPManagement enabled="False" snmp_read_community="public" snmp_write_community=""/>
          <FWBDManagement enabled="True" identity="" port="9999"/>
@ -16244,7 +16303,7 @@
          <Option name="use_tables">True</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id14540X3490" host_OS="openbsd" inactive="False" lastCompiled="1226899264" lastInstalled="0" lastModified="1226899257" platform="pf" version="" name="firewall20" comment="firewall using proxy arp" ro="False">
+      <Firewall id="id14540X3490" host_OS="openbsd" inactive="False" lastCompiled="1226899264" lastInstalled="0" lastModified="1307151609" platform="pf" version="" name="firewall20" comment="firewall using proxy arp" ro="False">
        <NAT id="id14569X3490" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
          <NATRule id="id32714X3490" disabled="False" group="" position="0" action="Translate" comment="">
            <OSrc neg="False">
@ -16428,7 +16487,7 @@
        </Interface>
        <Interface id="id14574X3490" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="0" unnum="False" unprotected="False" name="dc0" comment="" ro="False">
          <IPv4 id="id14576X3490" name="firewall20:dc0:ip" comment="" ro="False" address="10.1.1.1" netmask="255.255.255.0"/>
-          <IPv4 id="id63095X3490" name="firewall20:dc0:ip-1" comment="" ro="False" address="222.222.222.21" netmask="255.255.255.240"/>
+          <IPv4 id="id63095X3490" name="firewall20:dc0:ip-1" comment="" ro="False" address="222.222.222.40" netmask="255.255.255.240"/>
          <InterfaceOptions/>
        </Interface>
        <Interface id="id14577X3490" dedicated_failover="False" dyn="False" label="" mgmt="False" security_level="100" unnum="False" unprotected="False" name="dc1" comment="" ro="False">
@ -18856,7 +18915,7 @@
          <Option name="use_tables">True</Option>
        </FirewallOptions>
      </Firewall>
-      <Firewall id="id19695X55350" host_OS="freebsd" inactive="False" lastCompiled="1258397758" lastInstalled="0" lastModified="1258397753" platform="pf" version="4.3" name="firewall22" comment="branching in NAT rules&#10;PF v4.3 and later" ro="False">
+      <Firewall id="id19695X55350" host_OS="freebsd" inactive="False" lastCompiled="1258397758" lastInstalled="0" lastModified="1307152273" platform="pf" version="4.3" name="firewall22" comment="branching in NAT rules&#10;PF v4.3 and later" ro="False">
        <NAT id="id19729X55350" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
          <NATRule id="id19730X55350" disabled="False" group="" position="0" action="NATBranch" comment="">
            <OSrc neg="False">
@ -18935,7 +18994,7 @@
            </ItfOutb>
            <NATRuleOptions>
              <Option name="action_on_reject"></Option>
-              <Option name="branch_id">id28067X46601</Option>
+              <Option name="branch_id">id19772X55350</Option>
              <Option name="classify_str"></Option>
              <Option name="custom_str"></Option>
              <Option name="ipf_route_opt_addr"></Option>
@ -18985,7 +19044,7 @@
            </ItfOutb>
            <NATRuleOptions>
              <Option name="action_on_reject"></Option>
-              <Option name="branch_id">id28067X46601</Option>
+              <Option name="branch_id">id19772X55350</Option>
              <Option name="classify_str"></Option>
              <Option name="custom_str"></Option>
              <Option name="ipf_route_opt_addr"></Option>
--- a/test/pf/pf_cluster_1_openbsd-1.conf.orig
+++ b/test/pf/pf_cluster_1_openbsd-1.conf.orig
@ -8,7 +8,7 @@ table <tbl.r2.s> { 172.24.0.1 , 172.24.0.2 }
 # 
 # Rule  0 (NAT)
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0) 
 # 
 # Rule  1 (NAT)
 nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
@ -17,13 +17,13 @@ nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
 nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
 # 
 # Rule  3 (NAT)
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { (en0) , (en0) } 
 # 
 # Rule  4 (NAT)
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0) 
 # 
 # Rule  5 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3 
+nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0) 
 # 
 # Rule  6 (NAT)
 rdr on  en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
--- a/test/pf/pf_cluster_1_openbsd-1.fw.orig
+++ b/test/pf/pf_cluster_1_openbsd-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw
 # files:   pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf
@ -299,7 +299,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:44 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/pf_cluster_1_openbsd-2.conf.orig
+++ b/test/pf/pf_cluster_1_openbsd-2.conf.orig
@ -8,7 +8,7 @@ table <tbl.r2.s> { 172.24.0.1 , 172.24.0.3 }
 # 
 # Rule  0 (NAT)
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0) 
 # 
 # Rule  1 (NAT)
 nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
@ -17,13 +17,13 @@ nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1
 nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
 # 
 # Rule  3 (NAT)
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { 172.24.0.2 , 172.24.0.3 } 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> { (en0) , (en0) } 
 # 
 # Rule  4 (NAT)
-nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.2 
+nat proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0) 
 # 
 # Rule  5 (NAT)
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.3 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (en0) 
 # 
 # Rule  6 (NAT)
 rdr on  en0 proto tcp from any to 172.24.0.1 port 80 -> 172.24.0.100 port 80 
--- a/test/pf/pf_cluster_1_openbsd-2.fw.orig
+++ b/test/pf/pf_cluster_1_openbsd-2.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw
 # files:   pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf
@ -195,7 +195,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:44 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/pf_cluster_2_freebsd-1.fw.orig
+++ b/test/pf/pf_cluster_2_freebsd-1.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw
 # files:   pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf
@ -301,7 +301,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:44 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/pf_cluster_2_freebsd-2.fw.orig
+++ b/test/pf/pf_cluster_2_freebsd-2.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw
 # files:   pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf
@ -197,7 +197,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:44 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/pf_cluster_3_openbsd-3.fw.orig
+++ b/test/pf/pf_cluster_3_openbsd-3.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw
 # files:   pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf
@ -302,7 +302,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:44 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/pf_cluster_3_openbsd-4.fw.orig
+++ b/test/pf/pf_cluster_3_openbsd-4.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:44 2011 PDT by vadim
 #
 # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw
 # files:   pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf
@ -199,7 +199,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:44 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/pf_cluster_4_rc.conf.local
+++ b/test/pf/pf_cluster_4_rc.conf.local
@ -3,7 +3,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:45 2011 PDT by vadim
 #
 # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
 # files:   pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf
--- a/test/pf/pf_cluster_5_openbsd-3.conf.orig
+++ b/test/pf/pf_cluster_5_openbsd-3.conf.orig
@ -5,7 +5,7 @@
 # Rule  0 (NAT)
 # rule is attached to physical interface en0 
 # but uses address of carp0 for translation
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0) 
 # 
 # Rule  -3 CARP (automatic)
--- a/test/pf/pf_cluster_5_openbsd-3.fw.orig
+++ b/test/pf/pf_cluster_5_openbsd-3.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:45 2011 PDT by vadim
 #
 # files: * pf_cluster_5_openbsd-3.fw /etc/pf_cluster_5_openbsd-3.fw
 # files:   pf_cluster_5_openbsd-3.conf /etc/pf_cluster_5_openbsd-3.conf
@ -302,7 +302,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:45 2011 by vadim"
 set_kernel_vars
 configure_interfaces
--- a/test/pf/pf_cluster_5_openbsd-4.conf.orig
+++ b/test/pf/pf_cluster_5_openbsd-4.conf.orig
@ -5,7 +5,7 @@
 # Rule  0 (NAT)
 # rule is attached to physical interface en0 
 # but uses address of carp0 for translation
-nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 172.24.0.1 
+nat on  en0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> (carp0) 
 # 
 # Rule  -3 CARP (automatic)
--- a/test/pf/pf_cluster_5_openbsd-4.fw.orig
+++ b/test/pf/pf_cluster_5_openbsd-4.fw.orig
@ -4,7 +4,7 @@
 #
 #  Firewall Builder  fwb_pf v5.0.0.3547
 #
-#  Generated Fri Jun  3 17:49:40 2011 PDT by vadim
+#  Generated Fri Jun  3 18:57:45 2011 PDT by vadim
 #
 # files: * pf_cluster_5_openbsd-4.fw /etc/pf_cluster_5_openbsd-4.fw
 # files:   pf_cluster_5_openbsd-4.conf /etc/pf_cluster_5_openbsd-4.conf
@ -199,7 +199,7 @@ configure_interfaces() {
    update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
-log "Activating firewall script generated Fri Jun  3 17:49:40 2011 by vadim"
+log "Activating firewall script generated Fri Jun  3 18:57:45 2011 by vadim"
 set_kernel_vars
 configure_interfaces