diff --git a/src/import/PIXImporter.cpp b/src/import/PIXImporter.cpp
index 02185c14e..a36b02c70 100644
--- a/src/import/PIXImporter.cpp
+++ b/src/import/PIXImporter.cpp
@@ -194,12 +194,18 @@ FWObject* PIXImporter::makeSrvObj()
         if (!dst_port_spec.empty() &&
             named_objects_registry.count(dst_port_spec.c_str()) > 0)
             return named_objects_registry[dst_port_spec.c_str()];
-    } else
-    {
-        if (named_objects_registry.count(protocol.c_str()) > 0)
-            return named_objects_registry[protocol.c_str()];
     }
 
+    if (protocol == "icmp")
+    {
+        if (!icmp_spec.empty() &&
+            named_objects_registry.count(icmp_spec.c_str()) > 0)
+            return named_objects_registry[icmp_spec.c_str()];
+    }
+
+    if (named_objects_registry.count(protocol.c_str()) > 0)
+        return named_objects_registry[protocol.c_str()];
+
     return Importer::makeSrvObj();
 }
 
diff --git a/src/parsers/PIXCfgLexer.cpp b/src/parsers/PIXCfgLexer.cpp
index 1db4c6d9f..c505f03bc 100644
--- a/src/parsers/PIXCfgLexer.cpp
+++ b/src/parsers/PIXCfgLexer.cpp
@@ -542,7 +542,7 @@ void PIXCfgLexer::mNEWLINE(bool _createToken) {
 	
 	}
 	if ( inputState->guessing==0 ) {
-#line 2488 "pix.g"
+#line 2511 "pix.g"
 		newline();
 #line 548 "PIXCfgLexer.cpp"
 	}
@@ -666,7 +666,7 @@ void PIXCfgLexer::mWhitespace(bool _createToken) {
 	}
 	}
 	if ( inputState->guessing==0 ) {
-#line 2483 "pix.g"
+#line 2506 "pix.g"
 		_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
 #line 672 "PIXCfgLexer.cpp"
 	}
@@ -908,7 +908,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
 		}  // ( ... )+
 		}
 		if ( inputState->guessing==0 ) {
-#line 2529 "pix.g"
+#line 2552 "pix.g"
 			_ttype = IPV6;
 #line 914 "PIXCfgLexer.cpp"
 		}
@@ -1055,7 +1055,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
 				}  // ( ... )+
 				}
 				if ( inputState->guessing==0 ) {
-#line 2517 "pix.g"
+#line 2540 "pix.g"
 					_ttype = IPV4;
 #line 1061 "PIXCfgLexer.cpp"
 				}
@@ -1138,7 +1138,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
 					}  // ( ... )+
 					}
 					if ( inputState->guessing==0 ) {
-#line 2520 "pix.g"
+#line 2543 "pix.g"
 						_ttype = NUMBER;
 #line 1144 "PIXCfgLexer.cpp"
 					}
@@ -1159,7 +1159,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
 					_loop336:;
 					}  // ( ... )+
 					if ( inputState->guessing==0 ) {
-#line 2522 "pix.g"
+#line 2545 "pix.g"
 						_ttype = INT_CONST;
 #line 1165 "PIXCfgLexer.cpp"
 					}
@@ -1421,7 +1421,7 @@ void PIXCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
 			_loop351:;
 			} // ( ... )*
 			if ( inputState->guessing==0 ) {
-#line 2537 "pix.g"
+#line 2560 "pix.g"
 				_ttype = WORD;
 #line 1427 "PIXCfgLexer.cpp"
 			}
diff --git a/src/parsers/PIXCfgParser.cpp b/src/parsers/PIXCfgParser.cpp
index 2b28a1d1f..6a5c2d877 100644
--- a/src/parsers/PIXCfgParser.cpp
+++ b/src/parsers/PIXCfgParser.cpp
@@ -458,7 +458,7 @@ void PIXCfgParser::intrface() {
 }
 
 void PIXCfgParser::nameif_top_level() {
-#line 1451 "pix.g"
+#line 1474 "pix.g"
 	
 	std::string intf_name, intf_label, sec_level;
 	
@@ -468,24 +468,24 @@ void PIXCfgParser::nameif_top_level() {
 		match(NAMEIF);
 		match(WORD);
 		if ( inputState->guessing==0 ) {
-#line 1456 "pix.g"
+#line 1479 "pix.g"
 			intf_name = LT(0)->getText();
 #line 474 "PIXCfgParser.cpp"
 		}
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 1457 "pix.g"
+#line 1480 "pix.g"
 			intf_label = LT(0)->getText();
 #line 480 "PIXCfgParser.cpp"
 		}
 		match(WORD);
 		if ( inputState->guessing==0 ) {
-#line 1458 "pix.g"
+#line 1481 "pix.g"
 			sec_level = LT(0)->getText();
 #line 486 "PIXCfgParser.cpp"
 		}
 		if ( inputState->guessing==0 ) {
-#line 1459 "pix.g"
+#line 1482 "pix.g"
 			
 			importer->setInterfaceParametes(intf_name, intf_label, sec_level);
 			*dbg << " NAMEIF: "
@@ -547,7 +547,7 @@ void PIXCfgParser::controller() {
 	try {      // for error handling
 		match(CONTROLLER);
 		if ( inputState->guessing==0 ) {
-#line 1363 "pix.g"
+#line 1386 "pix.g"
 			
 			importer->clearCurrentInterface();
 			consumeUntil(NEWLINE);
@@ -644,7 +644,7 @@ void PIXCfgParser::ssh_command() {
 	try {      // for error handling
 		match(SSH);
 		if ( inputState->guessing==0 ) {
-#line 1709 "pix.g"
+#line 1732 "pix.g"
 			
 			importer->clear();
 			
@@ -659,7 +659,7 @@ void PIXCfgParser::ssh_command() {
 			match(INT_CONST);
 			}
 			if ( inputState->guessing==0 ) {
-#line 1714 "pix.g"
+#line 1737 "pix.g"
 				
 				// set ssh timeout here
 				
@@ -688,7 +688,7 @@ void PIXCfgParser::ssh_command() {
 			{
 			hostaddr_expr();
 			if ( inputState->guessing==0 ) {
-#line 1724 "pix.g"
+#line 1747 "pix.g"
 				
 				importer->SaveTmpAddrToSrc();
 				
@@ -697,7 +697,7 @@ void PIXCfgParser::ssh_command() {
 			interface_label();
 			}
 			if ( inputState->guessing==0 ) {
-#line 1729 "pix.g"
+#line 1752 "pix.g"
 				
 				std::string intf_label = LT(0)->getText();
 				std::string acl_name = "ssh_commands_" + intf_label;
@@ -740,7 +740,7 @@ void PIXCfgParser::telnet_command() {
 	try {      // for error handling
 		match(TELNET);
 		if ( inputState->guessing==0 ) {
-#line 1749 "pix.g"
+#line 1772 "pix.g"
 			
 			importer->clear();
 			
@@ -766,7 +766,7 @@ void PIXCfgParser::telnet_command() {
 			{
 			hostaddr_expr();
 			if ( inputState->guessing==0 ) {
-#line 1756 "pix.g"
+#line 1779 "pix.g"
 				
 				importer->SaveTmpAddrToSrc();
 				
@@ -775,7 +775,7 @@ void PIXCfgParser::telnet_command() {
 			interface_label();
 			}
 			if ( inputState->guessing==0 ) {
-#line 1761 "pix.g"
+#line 1784 "pix.g"
 				
 				std::string intf_label = LT(0)->getText();
 				std::string acl_name = "telnet_commands_" + intf_label;
@@ -818,7 +818,7 @@ void PIXCfgParser::http_command() {
 	try {      // for error handling
 		match(HTTP);
 		if ( inputState->guessing==0 ) {
-#line 1783 "pix.g"
+#line 1806 "pix.g"
 			
 			importer->clear();
 			
@@ -854,7 +854,7 @@ void PIXCfgParser::http_command() {
 			}
 			}
 			if ( inputState->guessing==0 ) {
-#line 1788 "pix.g"
+#line 1811 "pix.g"
 				
 				consumeUntil(NEWLINE);
 				
@@ -872,7 +872,7 @@ void PIXCfgParser::http_command() {
 			{
 			hostaddr_expr();
 			if ( inputState->guessing==0 ) {
-#line 1794 "pix.g"
+#line 1817 "pix.g"
 				
 				importer->SaveTmpAddrToSrc();
 				
@@ -881,7 +881,7 @@ void PIXCfgParser::http_command() {
 			interface_label();
 			}
 			if ( inputState->guessing==0 ) {
-#line 1799 "pix.g"
+#line 1822 "pix.g"
 				
 				std::string intf_label = LT(0)->getText();
 				std::string acl_name = "http_commands_" + intf_label;
@@ -933,7 +933,7 @@ void PIXCfgParser::icmp_top_level_command() {
 			{
 			match(UNREACHABLE);
 			if ( inputState->guessing==0 ) {
-#line 1829 "pix.g"
+#line 1852 "pix.g"
 				
 				consumeUntil(NEWLINE);
 				
@@ -967,7 +967,7 @@ void PIXCfgParser::icmp_top_level_command() {
 			}
 			}
 			if ( inputState->guessing==0 ) {
-#line 1836 "pix.g"
+#line 1859 "pix.g"
 				
 				importer->clear();
 				
@@ -975,7 +975,7 @@ void PIXCfgParser::icmp_top_level_command() {
 			}
 			hostaddr_expr();
 			if ( inputState->guessing==0 ) {
-#line 1840 "pix.g"
+#line 1863 "pix.g"
 				
 				importer->SaveTmpAddrToSrc();
 				
@@ -1005,7 +1005,7 @@ void PIXCfgParser::icmp_top_level_command() {
 			}
 			interface_label();
 			if ( inputState->guessing==0 ) {
-#line 1845 "pix.g"
+#line 1868 "pix.g"
 				
 				std::string intf_label = LT(0)->getText();
 				std::string acl_name = "icmp_commands_" + intf_label;
@@ -1048,7 +1048,7 @@ void PIXCfgParser::nat_top_level_command() {
 		match(NAT);
 		match(OPENING_PAREN);
 		if ( inputState->guessing==0 ) {
-#line 1931 "pix.g"
+#line 1954 "pix.g"
 			
 			importer->clear();
 			importer->setCurrentLineNumber(LT(0)->getLine());
@@ -1085,7 +1085,7 @@ void PIXCfgParser::global_top_level_command() {
 		match(GLOBAL);
 		match(OPENING_PAREN);
 		if ( inputState->guessing==0 ) {
-#line 2027 "pix.g"
+#line 2050 "pix.g"
 			
 			importer->clear();
 			importer->setCurrentLineNumber(LT(0)->getLine());
@@ -1094,7 +1094,7 @@ void PIXCfgParser::global_top_level_command() {
 		}
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 2032 "pix.g"
+#line 2055 "pix.g"
 			
 			importer->tmp_global_pool.pool_interface = LT(0)->getText();
 			
@@ -1104,7 +1104,7 @@ void PIXCfgParser::global_top_level_command() {
 		num = LT(1);
 		match(INT_CONST);
 		if ( inputState->guessing==0 ) {
-#line 2037 "pix.g"
+#line 2060 "pix.g"
 			
 			importer->tmp_global_pool.str_num = num->getText();
 			importer->tmp_global_pool.netmask = "255.255.255.255";
@@ -1121,7 +1121,7 @@ void PIXCfgParser::global_top_level_command() {
 		{
 			match(INTRFACE);
 			if ( inputState->guessing==0 ) {
-#line 2050 "pix.g"
+#line 2073 "pix.g"
 				
 				importer->tmp_global_pool.start = LT(0)->getText();
 				importer->tmp_global_pool.end = LT(0)->getText();
@@ -1135,7 +1135,7 @@ void PIXCfgParser::global_top_level_command() {
 		{
 			single_addr();
 			if ( inputState->guessing==0 ) {
-#line 2056 "pix.g"
+#line 2079 "pix.g"
 				
 				importer->tmp_global_pool.start = importer->tmp_a;
 				importer->tmp_global_pool.end = importer->tmp_a;
@@ -1157,7 +1157,7 @@ void PIXCfgParser::global_top_level_command() {
 			match(MINUS);
 			single_addr();
 			if ( inputState->guessing==0 ) {
-#line 2065 "pix.g"
+#line 2088 "pix.g"
 				
 				importer->tmp_global_pool.end = importer->tmp_a;
 				
@@ -1183,7 +1183,7 @@ void PIXCfgParser::global_top_level_command() {
 			match(NETMASK);
 			match(IPV4);
 			if ( inputState->guessing==0 ) {
-#line 2074 "pix.g"
+#line 2097 "pix.g"
 				
 				importer->tmp_global_pool.netmask = LT(0)->getText();
 				
@@ -1203,7 +1203,7 @@ void PIXCfgParser::global_top_level_command() {
 		}
 		match(NEWLINE);
 		if ( inputState->guessing==0 ) {
-#line 2080 "pix.g"
+#line 2103 "pix.g"
 			
 			importer->addGlobalPool();
 			*dbg << " " << importer->tmp_global_pool.start
@@ -1230,7 +1230,7 @@ void PIXCfgParser::static_top_level_command() {
 		match(STATIC);
 		match(OPENING_PAREN);
 		if ( inputState->guessing==0 ) {
-#line 2092 "pix.g"
+#line 2115 "pix.g"
 			
 			importer->clear();
 			importer->setCurrentLineNumber(LT(0)->getLine());
@@ -1239,20 +1239,20 @@ void PIXCfgParser::static_top_level_command() {
 		}
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 2096 "pix.g"
+#line 2119 "pix.g"
 			importer->prenat_interface = LT(0)->getText();
 #line 1245 "PIXCfgParser.cpp"
 		}
 		match(COMMA);
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 2098 "pix.g"
+#line 2121 "pix.g"
 			importer->postnat_interface = LT(0)->getText();
 #line 1252 "PIXCfgParser.cpp"
 		}
 		match(CLOSING_PAREN);
 		if ( inputState->guessing==0 ) {
-#line 2100 "pix.g"
+#line 2123 "pix.g"
 			
 			importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME );
 			*dbg << " DNAT rule ";
@@ -1283,7 +1283,7 @@ void PIXCfgParser::static_top_level_command() {
 		}
 		match(NEWLINE);
 		if ( inputState->guessing==0 ) {
-#line 2115 "pix.g"
+#line 2138 "pix.g"
 			
 			importer->pushNATRule();
 			*dbg << std::endl;
@@ -1314,7 +1314,7 @@ void PIXCfgParser::access_group() {
 		match(INTRFACE);
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 1904 "pix.g"
+#line 1927 "pix.g"
 			
 			std::string intf_label = LT(0)->getText();
 			importer->setCurrentLineNumber(LT(0)->getLine());
@@ -2978,7 +2978,7 @@ void PIXCfgParser::dst_port_spec() {
 }
 
 void PIXCfgParser::xoperator() {
-#line 1139 "pix.g"
+#line 1162 "pix.g"
 	importer->tmp_port_spec = "";
 #line 2984 "PIXCfgParser.cpp"
 	
@@ -4115,7 +4115,7 @@ void PIXCfgParser::remark() {
 	try {      // for error handling
 		match(REMARK);
 		if ( inputState->guessing==0 ) {
-#line 1886 "pix.g"
+#line 1909 "pix.g"
 			
 			importer->setCurrentLineNumber(LT(0)->getLine());
 			*dbg << LT(1)->getLine() << ":";
@@ -4143,6 +4143,7 @@ void PIXCfgParser::remark() {
 }
 
 void PIXCfgParser::rule_extended() {
+	ANTLR_USE_NAMESPACE(antlr)RefToken  grp_name = ANTLR_USE_NAMESPACE(antlr)nullToken;
 	
 	try {      // for error handling
 		{
@@ -4171,13 +4172,13 @@ void PIXCfgParser::rule_extended() {
 			if ( inputState->guessing==0 ) {
 #line 1006 "pix.g"
 				importer->SaveTmpAddrToSrc(); *dbg << "(src) ";
-#line 4175 "PIXCfgParser.cpp"
+#line 4176 "PIXCfgParser.cpp"
 			}
 			hostaddr_expr();
 			if ( inputState->guessing==0 ) {
 #line 1007 "pix.g"
 				importer->SaveTmpAddrToDst(); *dbg << "(dst) ";
-#line 4181 "PIXCfgParser.cpp"
+#line 4182 "PIXCfgParser.cpp"
 			}
 			{
 			switch ( LA(1)) {
@@ -4247,22 +4248,38 @@ void PIXCfgParser::rule_extended() {
 				importer->protocol = LT(0)->getText();
 				*dbg << "protocol " << LT(0)->getText() << " ";
 				
-#line 4251 "PIXCfgParser.cpp"
+#line 4252 "PIXCfgParser.cpp"
 			}
 			hostaddr_expr();
 			if ( inputState->guessing==0 ) {
 #line 1017 "pix.g"
 				importer->SaveTmpAddrToSrc(); *dbg << "(src) ";
-#line 4257 "PIXCfgParser.cpp"
+#line 4258 "PIXCfgParser.cpp"
 			}
 			hostaddr_expr();
 			if ( inputState->guessing==0 ) {
 #line 1018 "pix.g"
 				importer->SaveTmpAddrToDst(); *dbg << "(dst) ";
-#line 4263 "PIXCfgParser.cpp"
+#line 4264 "PIXCfgParser.cpp"
 			}
 			{
 			switch ( LA(1)) {
+			case OBJECT_GROUP:
+			{
+				match(OBJECT_GROUP);
+				grp_name = LT(1);
+				match(WORD);
+				if ( inputState->guessing==0 ) {
+#line 1035 "pix.g"
+					
+					importer->icmp_spec = grp_name->getText();
+					*dbg << "service gorup: "
+					<< grp_name->getText() << std::endl;
+					
+#line 4280 "PIXCfgParser.cpp"
+				}
+				break;
+			}
 			case INT_CONST:
 			case ECHO:
 			case ALTERNATE_ADDRESS:
@@ -4373,11 +4390,11 @@ void PIXCfgParser::rule_extended() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1026 "pix.g"
+#line 1049 "pix.g"
 			
 			*dbg << std::endl;
 			
-#line 4381 "PIXCfgParser.cpp"
+#line 4398 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -4400,7 +4417,7 @@ void PIXCfgParser::rule_standard() {
 			importer->tmp_nm = "0.0.0.0";
 			importer->SaveTmpAddrToSrc();
 			
-#line 4404 "PIXCfgParser.cpp"
+#line 4421 "PIXCfgParser.cpp"
 		}
 		hostaddr_expr();
 		if ( inputState->guessing==0 ) {
@@ -4409,7 +4426,7 @@ void PIXCfgParser::rule_standard() {
 			importer->SaveTmpAddrToDst();
 			*dbg << "(dst) " << std::endl;
 			
-#line 4413 "PIXCfgParser.cpp"
+#line 4430 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -4435,13 +4452,13 @@ void PIXCfgParser::hostaddr_expr() {
 			match(INTRFACE);
 			interface_label();
 			if ( inputState->guessing==0 ) {
-#line 1273 "pix.g"
+#line 1296 "pix.g"
 				
 				importer->tmp_a = LT(0)->getText();
 				importer->tmp_nm = "interface";
 				*dbg << "object " << LT(0)->getText() << " ";
 				
-#line 4445 "PIXCfgParser.cpp"
+#line 4462 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4471,13 +4488,13 @@ void PIXCfgParser::hostaddr_expr() {
 			match(WORD);
 			}
 			if ( inputState->guessing==0 ) {
-#line 1280 "pix.g"
+#line 1303 "pix.g"
 				
 				importer->tmp_a = name->getText();
 				importer->tmp_nm = "";
 				*dbg << "object " << name->getText() << " ";
 				
-#line 4481 "PIXCfgParser.cpp"
+#line 4498 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4489,13 +4506,13 @@ void PIXCfgParser::hostaddr_expr() {
 			match(IPV4);
 			}
 			if ( inputState->guessing==0 ) {
-#line 1287 "pix.g"
+#line 1310 "pix.g"
 				
 				importer->tmp_a = h->getText();
 				importer->tmp_nm = "255.255.255.255";
 				*dbg << h->getText() << "/255.255.255.255";
 				
-#line 4499 "PIXCfgParser.cpp"
+#line 4516 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4508,13 +4525,13 @@ void PIXCfgParser::hostaddr_expr() {
 			match(IPV4);
 			}
 			if ( inputState->guessing==0 ) {
-#line 1294 "pix.g"
+#line 1317 "pix.g"
 				
 				importer->tmp_a = a->getText();
 				importer->tmp_nm = m->getText();
 				*dbg << a->getText() << "/" << m->getText();
 				
-#line 4518 "PIXCfgParser.cpp"
+#line 4535 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4522,13 +4539,13 @@ void PIXCfgParser::hostaddr_expr() {
 		{
 			match(ANY);
 			if ( inputState->guessing==0 ) {
-#line 1301 "pix.g"
+#line 1324 "pix.g"
 				
 				importer->tmp_a = "0.0.0.0";
 				importer->tmp_nm = "0.0.0.0";
 				*dbg << "0.0.0.0/0.0.0.0";
 				
-#line 4532 "PIXCfgParser.cpp"
+#line 4549 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4604,12 +4621,12 @@ void PIXCfgParser::ip_protocols() {
 			}
 			}
 			if ( inputState->guessing==0 ) {
-#line 1220 "pix.g"
+#line 1243 "pix.g"
 				
 				importer->protocol = LT(0)->getText();
 				*dbg << "protocol " << LT(0)->getText() << " ";
 				
-#line 4613 "PIXCfgParser.cpp"
+#line 4630 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4639,12 +4656,12 @@ void PIXCfgParser::ip_protocols() {
 			match(WORD);
 			}
 			if ( inputState->guessing==0 ) {
-#line 1226 "pix.g"
+#line 1249 "pix.g"
 				
 				importer->protocol = name->getText();
 				*dbg << "protocol " << name->getText() << " ";
 				
-#line 4648 "PIXCfgParser.cpp"
+#line 4665 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4673,12 +4690,12 @@ void PIXCfgParser::time_range() {
 		tr_name = LT(1);
 		match(WORD);
 		if ( inputState->guessing==0 ) {
-#line 1353 "pix.g"
+#line 1376 "pix.g"
 			
 			importer->time_range_name = tr_name->getText();
 			*dbg << "time_range " << tr_name->getText() << " ";
 			
-#line 4682 "PIXCfgParser.cpp"
+#line 4699 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -4696,12 +4713,12 @@ void PIXCfgParser::fragments() {
 	try {      // for error handling
 		match(FRAGMENTS);
 		if ( inputState->guessing==0 ) {
-#line 1346 "pix.g"
+#line 1369 "pix.g"
 			
 			importer->fragments = true;
 			*dbg << "fragments ";
 			
-#line 4705 "PIXCfgParser.cpp"
+#line 4722 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -4736,11 +4753,11 @@ void PIXCfgParser::log() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1312 "pix.g"
+#line 1335 "pix.g"
 			
 			importer->logging = true;
 			
-#line 4744 "PIXCfgParser.cpp"
+#line 4761 "PIXCfgParser.cpp"
 		}
 		{
 		{
@@ -4821,9 +4838,9 @@ void PIXCfgParser::log() {
 			}
 			}
 			if ( inputState->guessing==0 ) {
-#line 1329 "pix.g"
+#line 1352 "pix.g"
 				importer->log_level = LT(0)->getText();
-#line 4827 "PIXCfgParser.cpp"
+#line 4844 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4847,9 +4864,9 @@ void PIXCfgParser::log() {
 			match(INT_CONST);
 			}
 			if ( inputState->guessing==0 ) {
-#line 1334 "pix.g"
+#line 1357 "pix.g"
 				importer->log_interval = LT(0)->getText();
-#line 4853 "PIXCfgParser.cpp"
+#line 4870 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4865,14 +4882,14 @@ void PIXCfgParser::log() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1337 "pix.g"
+#line 1360 "pix.g"
 			
 			//        if (importer->log_level == "log") importer->log_level = "";
 			//        if (importer->log_interval == "log") importer->log_interval = "";
 			*dbg << "logging level '" << importer->log_level
 			<< "' interval '" << importer->log_interval << "'";
 			
-#line 4876 "PIXCfgParser.cpp"
+#line 4893 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -4901,7 +4918,7 @@ void PIXCfgParser::icmp_spec() {
 			match(INT_CONST);
 			}
 			if ( inputState->guessing==0 ) {
-#line 1236 "pix.g"
+#line 1259 "pix.g"
 				
 				importer->icmp_type = icmp_type->getText();
 				importer->icmp_code = icmp_code->getText();
@@ -4909,7 +4926,7 @@ void PIXCfgParser::icmp_spec() {
 				*dbg << icmp_type->getText() << " "
 				<< icmp_code->getText() << " ";
 				
-#line 4913 "PIXCfgParser.cpp"
+#line 4930 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4935,12 +4952,12 @@ void PIXCfgParser::icmp_spec() {
 		{
 			icmp_names();
 			if ( inputState->guessing==0 ) {
-#line 1245 "pix.g"
+#line 1268 "pix.g"
 				
 				importer->icmp_spec = LT(0)->getText();
 				*dbg << LT(0)->getText() << " ";
 				
-#line 4944 "PIXCfgParser.cpp"
+#line 4961 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -4985,18 +5002,18 @@ void PIXCfgParser::tcp_udp_rule_extended() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1033 "pix.g"
+#line 1056 "pix.g"
 			
 			importer->protocol = LT(0)->getText();
 			*dbg << "protocol " << LT(0)->getText() << " ";
 			
-#line 4994 "PIXCfgParser.cpp"
+#line 5011 "PIXCfgParser.cpp"
 		}
 		hostaddr_expr();
 		if ( inputState->guessing==0 ) {
-#line 1037 "pix.g"
+#line 1060 "pix.g"
 			importer->SaveTmpAddrToSrc(); *dbg << "(src) ";
-#line 5000 "PIXCfgParser.cpp"
+#line 5017 "PIXCfgParser.cpp"
 		}
 		{
 		bool synPredMatched131 = false;
@@ -5022,34 +5039,34 @@ void PIXCfgParser::tcp_udp_rule_extended() {
 				src_grp_name = LT(1);
 				match(WORD);
 				if ( inputState->guessing==0 ) {
-#line 1047 "pix.g"
+#line 1070 "pix.g"
 					
 					importer->src_port_spec = src_grp_name->getText();
 					*dbg << "src port spec: "
 					<< src_grp_name->getText() << std::endl;
 					
-#line 5032 "PIXCfgParser.cpp"
+#line 5049 "PIXCfgParser.cpp"
 				}
 				hostaddr_expr_1();
 				if ( inputState->guessing==0 ) {
-#line 1055 "pix.g"
+#line 1078 "pix.g"
 					
 					importer->SaveTmpAddrToDst();
 					*dbg << "(dst) ";
 					
-#line 5041 "PIXCfgParser.cpp"
+#line 5058 "PIXCfgParser.cpp"
 				}
 				acl_tcp_udp_dst_port_spec();
 			}
 			else if ((_tokenSet_21.member(LA(1))) && (_tokenSet_24.member(LA(2)))) {
 				hostaddr_expr_2();
 				if ( inputState->guessing==0 ) {
-#line 1064 "pix.g"
+#line 1087 "pix.g"
 					
 					importer->SaveTmpAddrToDst();
 					*dbg << "(dst) ";
 					
-#line 5053 "PIXCfgParser.cpp"
+#line 5070 "PIXCfgParser.cpp"
 				}
 				acl_tcp_udp_dst_port_spec();
 			}
@@ -5086,7 +5103,7 @@ void PIXCfgParser::tcp_udp_rule_extended() {
 			
 			}
 			if ( inputState->guessing==0 ) {
-#line 1073 "pix.g"
+#line 1096 "pix.g"
 				
 				// looks like "object foo" at this point can only be dest addr.
 				// (judging by cli prompts on 8.3)
@@ -5095,7 +5112,7 @@ void PIXCfgParser::tcp_udp_rule_extended() {
 				importer->SaveTmpAddrToDst();
 				*dbg << "dst addr object " << dst_addr_name->getText() << " ";
 				
-#line 5099 "PIXCfgParser.cpp"
+#line 5116 "PIXCfgParser.cpp"
 			}
 			acl_tcp_udp_dst_port_spec();
 		}
@@ -5110,11 +5127,11 @@ void PIXCfgParser::tcp_udp_rule_extended() {
 			{
 				xoperator();
 				if ( inputState->guessing==0 ) {
-#line 1087 "pix.g"
+#line 1110 "pix.g"
 					
 					importer->SaveTmpPortToSrc();
 					
-#line 5118 "PIXCfgParser.cpp"
+#line 5135 "PIXCfgParser.cpp"
 				}
 				break;
 			}
@@ -5135,9 +5152,9 @@ void PIXCfgParser::tcp_udp_rule_extended() {
 			}
 			hostaddr_expr_3();
 			if ( inputState->guessing==0 ) {
-#line 1091 "pix.g"
+#line 1114 "pix.g"
 				importer->SaveTmpAddrToDst(); *dbg << "(dst) ";
-#line 5141 "PIXCfgParser.cpp"
+#line 5158 "PIXCfgParser.cpp"
 			}
 			acl_tcp_udp_dst_port_spec();
 		}
@@ -5243,13 +5260,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() {
 			dst_port_group_name = LT(1);
 			match(WORD);
 			if ( inputState->guessing==0 ) {
-#line 1109 "pix.g"
+#line 1132 "pix.g"
 				
 				importer->dst_port_spec = dst_port_group_name->getText();
 				*dbg << "dst port spec: "
 				<< dst_port_group_name->getText() << std::endl;
 				
-#line 5253 "PIXCfgParser.cpp"
+#line 5270 "PIXCfgParser.cpp"
 			}
 			{
 			switch ( LA(1)) {
@@ -5281,13 +5298,13 @@ void PIXCfgParser::acl_tcp_udp_dst_port_spec() {
 			dst_port_obj_name = LT(1);
 			match(WORD);
 			if ( inputState->guessing==0 ) {
-#line 1119 "pix.g"
+#line 1142 "pix.g"
 				
 				importer->dst_port_spec = dst_port_obj_name->getText();
 				*dbg << "dst addr object " << dst_port_obj_name->getText()
 				<< std::endl;
 				
-#line 5291 "PIXCfgParser.cpp"
+#line 5308 "PIXCfgParser.cpp"
 			}
 			{
 			switch ( LA(1)) {
@@ -5410,11 +5427,11 @@ void PIXCfgParser::acl_xoperator_dst() {
 	try {      // for error handling
 		xoperator();
 		if ( inputState->guessing==0 ) {
-#line 1134 "pix.g"
+#line 1157 "pix.g"
 			
 			importer->SaveTmpPortToDst();
 			
-#line 5418 "PIXCfgParser.cpp"
+#line 5435 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -5432,12 +5449,12 @@ void PIXCfgParser::established() {
 	try {      // for error handling
 		match(ESTABLISHED);
 		if ( inputState->guessing==0 ) {
-#line 1209 "pix.g"
+#line 1232 "pix.g"
 			
 			importer->established = true;
 			*dbg << "established ";
 			
-#line 5441 "PIXCfgParser.cpp"
+#line 5458 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -5497,12 +5514,12 @@ void PIXCfgParser::single_port_op() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1146 "pix.g"
+#line 1169 "pix.g"
 			
 			importer->tmp_port_op = LT(0)->getText();
 			*dbg << LT(0)->getText() << " ";
 			
-#line 5506 "PIXCfgParser.cpp"
+#line 5523 "PIXCfgParser.cpp"
 		}
 		port_spec();
 	}
@@ -5522,12 +5539,12 @@ void PIXCfgParser::port_range() {
 		match(RANGE);
 		pair_of_ports_spec();
 		if ( inputState->guessing==0 ) {
-#line 1165 "pix.g"
+#line 1188 "pix.g"
 			
 			importer->tmp_port_op = "range";
 			*dbg << "range " << importer->tmp_port_spec;
 			
-#line 5531 "PIXCfgParser.cpp"
+#line 5548 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -5544,20 +5561,20 @@ void PIXCfgParser::port_spec() {
 	
 	try {      // for error handling
 		if ( inputState->guessing==0 ) {
-#line 1154 "pix.g"
+#line 1177 "pix.g"
 			
 			importer->tmp_port_spec_2 = "";
 			
-#line 5552 "PIXCfgParser.cpp"
+#line 5569 "PIXCfgParser.cpp"
 		}
 		tcp_udp_port_spec();
 		if ( inputState->guessing==0 ) {
-#line 1158 "pix.g"
+#line 1181 "pix.g"
 			
 			importer->tmp_port_spec = std::string(" ") + importer->tmp_port_spec_2;
 			*dbg << LT(0)->getText() << " " << importer->tmp_port_spec;
 			
-#line 5561 "PIXCfgParser.cpp"
+#line 5578 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -5602,11 +5619,11 @@ void PIXCfgParser::tcp_udp_port_spec() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1189 "pix.g"
+#line 1212 "pix.g"
 			
 			importer->tmp_port_spec_2 = LT(0)->getText();
 			
-#line 5610 "PIXCfgParser.cpp"
+#line 5627 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -5623,28 +5640,28 @@ void PIXCfgParser::pair_of_ports_spec() {
 	
 	try {      // for error handling
 		if ( inputState->guessing==0 ) {
-#line 1172 "pix.g"
+#line 1195 "pix.g"
 			
 			importer->tmp_port_spec_2 = "";
 			
-#line 5631 "PIXCfgParser.cpp"
+#line 5648 "PIXCfgParser.cpp"
 		}
 		tcp_udp_port_spec();
 		if ( inputState->guessing==0 ) {
-#line 1176 "pix.g"
+#line 1199 "pix.g"
 			
 			importer->tmp_port_spec += importer->tmp_port_spec_2;
 			
-#line 5639 "PIXCfgParser.cpp"
+#line 5656 "PIXCfgParser.cpp"
 		}
 		tcp_udp_port_spec();
 		if ( inputState->guessing==0 ) {
-#line 1180 "pix.g"
+#line 1203 "pix.g"
 			
 			importer->tmp_port_spec += " ";
 			importer->tmp_port_spec += importer->tmp_port_spec_2;
 			
-#line 5648 "PIXCfgParser.cpp"
+#line 5665 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -5747,14 +5764,14 @@ void PIXCfgParser::interface_command_6() {
 		match(WORD);
 		pix6_interface_hw_speed();
 		if ( inputState->guessing==0 ) {
-#line 1417 "pix.g"
+#line 1440 "pix.g"
 			
 			importer->setCurrentLineNumber(LT(0)->getLine());
 			importer->newInterface( in->getText() );
 			*dbg << in->getLine() << ":"
 			<< " INTRFACE: " << in->getText() << std::endl;
 			
-#line 5758 "PIXCfgParser.cpp"
+#line 5775 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -5769,23 +5786,23 @@ void PIXCfgParser::interface_command_6() {
 
 void PIXCfgParser::interface_command_7() {
 	ANTLR_USE_NAMESPACE(antlr)RefToken  in = ANTLR_USE_NAMESPACE(antlr)nullToken;
-#line 1425 "pix.g"
+#line 1448 "pix.g"
 	bool have_interface_parameters = false;
-#line 5775 "PIXCfgParser.cpp"
+#line 5792 "PIXCfgParser.cpp"
 	
 	try {      // for error handling
 		in = LT(1);
 		match(WORD);
 		match(NEWLINE);
 		if ( inputState->guessing==0 ) {
-#line 1426 "pix.g"
+#line 1449 "pix.g"
 			
 			importer->setCurrentLineNumber(LT(0)->getLine());
 			importer->newInterface( in->getText() );
 			*dbg << in->getLine() << ":"
 			<< " INTRFACE: " << in->getText() << std::endl;
 			
-#line 5789 "PIXCfgParser.cpp"
+#line 5806 "PIXCfgParser.cpp"
 		}
 		{
 		{ // ( ... )*
@@ -5793,9 +5810,9 @@ void PIXCfgParser::interface_command_7() {
 			if ((_tokenSet_34.member(LA(1)))) {
 				interface_parameters();
 				if ( inputState->guessing==0 ) {
-#line 1433 "pix.g"
+#line 1456 "pix.g"
 					have_interface_parameters = true;
-#line 5799 "PIXCfgParser.cpp"
+#line 5816 "PIXCfgParser.cpp"
 				}
 			}
 			else {
@@ -5824,7 +5841,7 @@ void PIXCfgParser::interface_command_7() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1435 "pix.g"
+#line 1458 "pix.g"
 			
 			if ( ! have_interface_parameters )
 			{
@@ -5833,7 +5850,7 @@ void PIXCfgParser::interface_command_7() {
 			<< " EMPTY INTERFACE " << std::endl;
 			}
 			
-#line 5837 "PIXCfgParser.cpp"
+#line 5854 "PIXCfgParser.cpp"
 		}
 		}
 	}
@@ -5923,11 +5940,11 @@ void PIXCfgParser::interface_parameters() {
 	
 	try {      // for error handling
 		if ( inputState->guessing==0 ) {
-#line 1470 "pix.g"
+#line 1493 "pix.g"
 			
 			importer->setCurrentLineNumber(LT(0)->getLine());
 			
-#line 5931 "PIXCfgParser.cpp"
+#line 5948 "PIXCfgParser.cpp"
 		}
 		{
 		switch ( LA(1)) {
@@ -6016,12 +6033,12 @@ void PIXCfgParser::vlan_interface() {
 		vlan_id = LT(1);
 		match(INT_CONST);
 		if ( inputState->guessing==0 ) {
-#line 1496 "pix.g"
+#line 1519 "pix.g"
 			
 			importer->setInterfaceVlanId(vlan_id->getText());
 			*dbg << " VLAN: " << vlan_id->getText() << std::endl;
 			
-#line 6025 "PIXCfgParser.cpp"
+#line 6042 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6042,12 +6059,12 @@ void PIXCfgParser::sec_level() {
 		sec_level = LT(1);
 		match(INT_CONST);
 		if ( inputState->guessing==0 ) {
-#line 1550 "pix.g"
+#line 1573 "pix.g"
 			
 			importer->setInterfaceSecurityLevel(sec_level->getText());
 			*dbg << "SEC_LEVEL: " << sec_level->getText() << std::endl;
 			
-#line 6051 "PIXCfgParser.cpp"
+#line 6068 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6066,12 +6083,12 @@ void PIXCfgParser::nameif() {
 		match(NAMEIF);
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 1569 "pix.g"
+#line 1592 "pix.g"
 			
 			importer->setInterfaceParametes(LT(0)->getText(), "", "");
 			*dbg << " NAMEIF: " << LT(0)->getText() << std::endl;
 			
-#line 6075 "PIXCfgParser.cpp"
+#line 6092 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6089,7 +6106,7 @@ void PIXCfgParser::interface_description() {
 	try {      // for error handling
 		match(DESCRIPTION);
 		if ( inputState->guessing==0 ) {
-#line 1578 "pix.g"
+#line 1601 "pix.g"
 			
 			*dbg << LT(1)->getLine() << ":";
 			std::string descr;
@@ -6102,7 +6119,7 @@ void PIXCfgParser::interface_description() {
 			*dbg << " DESCRIPTION " << descr << std::endl;
 			//consumeUntil(NEWLINE);
 			
-#line 6106 "PIXCfgParser.cpp"
+#line 6123 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6125,12 +6142,12 @@ void PIXCfgParser::switchport() {
 		vlan_num = LT(1);
 		match(INT_CONST);
 		if ( inputState->guessing==0 ) {
-#line 1699 "pix.g"
+#line 1722 "pix.g"
 			
 			importer->addMessageToLog("Switch port vlan " + vlan_num->getText());
 			*dbg << "Switch port vlan " <<  vlan_num->getText() << std::endl;
 			
-#line 6134 "PIXCfgParser.cpp"
+#line 6151 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6148,13 +6165,13 @@ void PIXCfgParser::shutdown() {
 	try {      // for error handling
 		match(SHUTDOWN);
 		if ( inputState->guessing==0 ) {
-#line 1593 "pix.g"
+#line 1616 "pix.g"
 			
 			importer->ignoreCurrentInterface();
 			*dbg<< LT(1)->getLine() << ":"
 			<< " INTERFACE SHUTDOWN " << std::endl;
 			
-#line 6158 "PIXCfgParser.cpp"
+#line 6175 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6200,13 +6217,13 @@ void PIXCfgParser::interface_no_commands() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1542 "pix.g"
+#line 1565 "pix.g"
 			
 			*dbg << " INTERFACE \"NO\" COMMAND: "
 			<< LT(0)->getText() << std::endl;
 			consumeUntil(NEWLINE);
 			
-#line 6210 "PIXCfgParser.cpp"
+#line 6227 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6306,13 +6323,13 @@ void PIXCfgParser::unsupported_interface_commands() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1534 "pix.g"
+#line 1557 "pix.g"
 			
 			*dbg << " UNSUPPORTED INTERFACE COMMAND: "
 			<< LT(0)->getText() << std::endl;
 			consumeUntil(NEWLINE);
 			
-#line 6316 "PIXCfgParser.cpp"
+#line 6333 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6381,23 +6398,23 @@ void PIXCfgParser::v7_ip_address() {
 
 void PIXCfgParser::v6_dhcp_address() {
 	ANTLR_USE_NAMESPACE(antlr)RefToken  dhcp = ANTLR_USE_NAMESPACE(antlr)nullToken;
-#line 1627 "pix.g"
+#line 1650 "pix.g"
 	std::string lbl;
-#line 6387 "PIXCfgParser.cpp"
+#line 6404 "PIXCfgParser.cpp"
 	
 	try {      // for error handling
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 1629 "pix.g"
+#line 1652 "pix.g"
 			
 			lbl = LT(0)->getText();
 			
-#line 6396 "PIXCfgParser.cpp"
+#line 6413 "PIXCfgParser.cpp"
 		}
 		dhcp = LT(1);
 		match(DHCP);
 		if ( inputState->guessing==0 ) {
-#line 1633 "pix.g"
+#line 1656 "pix.g"
 			
 			std::string addr = dhcp->getText();
 			importer->addInterfaceAddress(lbl, addr, "");
@@ -6407,7 +6424,7 @@ void PIXCfgParser::v6_dhcp_address() {
 			// "setroute", "retry" etc.  which we do not support
 			consumeUntil(NEWLINE);
 			
-#line 6411 "PIXCfgParser.cpp"
+#line 6428 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6423,25 +6440,25 @@ void PIXCfgParser::v6_dhcp_address() {
 void PIXCfgParser::v6_static_address() {
 	ANTLR_USE_NAMESPACE(antlr)RefToken  a = ANTLR_USE_NAMESPACE(antlr)nullToken;
 	ANTLR_USE_NAMESPACE(antlr)RefToken  m = ANTLR_USE_NAMESPACE(antlr)nullToken;
-#line 1644 "pix.g"
+#line 1667 "pix.g"
 	std::string lbl;
-#line 6429 "PIXCfgParser.cpp"
+#line 6446 "PIXCfgParser.cpp"
 	
 	try {      // for error handling
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 1646 "pix.g"
+#line 1669 "pix.g"
 			
 			lbl = LT(0)->getText();
 			
-#line 6438 "PIXCfgParser.cpp"
+#line 6455 "PIXCfgParser.cpp"
 		}
 		a = LT(1);
 		match(IPV4);
 		m = LT(1);
 		match(IPV4);
 		if ( inputState->guessing==0 ) {
-#line 1650 "pix.g"
+#line 1673 "pix.g"
 			
 			std::string addr = a->getText();
 			std::string netm = m->getText();
@@ -6451,7 +6468,7 @@ void PIXCfgParser::v6_static_address() {
 			// in case there are some other parameters after address and netmask
 			consumeUntil(NEWLINE);
 			
-#line 6455 "PIXCfgParser.cpp"
+#line 6472 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6471,7 +6488,7 @@ void PIXCfgParser::v7_dhcp_address() {
 		dhcp = LT(1);
 		match(DHCP);
 		if ( inputState->guessing==0 ) {
-#line 1666 "pix.g"
+#line 1689 "pix.g"
 			
 			std::string addr = dhcp->getText();
 			importer->addInterfaceAddress(addr, "");
@@ -6479,7 +6496,7 @@ void PIXCfgParser::v7_dhcp_address() {
 			<< " INTRFACE ADDRESS: " << addr << std::endl;
 			consumeUntil(NEWLINE);
 			
-#line 6483 "PIXCfgParser.cpp"
+#line 6500 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6556,7 +6573,7 @@ void PIXCfgParser::v7_static_address() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 1677 "pix.g"
+#line 1700 "pix.g"
 			
 			std::string addr = a->getText();
 			std::string netm = m->getText();
@@ -6574,7 +6591,7 @@ void PIXCfgParser::v7_static_address() {
 			}
 			consumeUntil(NEWLINE);
 			
-#line 6578 "PIXCfgParser.cpp"
+#line 6595 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6595,13 +6612,13 @@ void PIXCfgParser::icmp_types_for_icmp_command() {
 		{
 			match(INT_CONST);
 			if ( inputState->guessing==0 ) {
-#line 1865 "pix.g"
+#line 1888 "pix.g"
 				
 				importer->icmp_type = LT(0)->getText();
 				importer->icmp_code = "0";
 				importer->icmp_spec = "";
 				
-#line 6605 "PIXCfgParser.cpp"
+#line 6622 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -6639,13 +6656,13 @@ void PIXCfgParser::icmp_types_for_icmp_command() {
 			}
 			}
 			if ( inputState->guessing==0 ) {
-#line 1872 "pix.g"
+#line 1895 "pix.g"
 				
 				importer->icmp_type = "";
 				importer->icmp_code = "0";
 				importer->icmp_spec = LT(0)->getText();
 				
-#line 6649 "PIXCfgParser.cpp"
+#line 6666 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -6670,29 +6687,29 @@ void PIXCfgParser::nat_old_top_level_command() {
 	try {      // for error handling
 		interface_label();
 		if ( inputState->guessing==0 ) {
-#line 1940 "pix.g"
+#line 1963 "pix.g"
 			
 			importer->prenat_interface = LT(0)->getText();
 			
-#line 6678 "PIXCfgParser.cpp"
+#line 6695 "PIXCfgParser.cpp"
 		}
 		match(CLOSING_PAREN);
 		if ( inputState->guessing==0 ) {
-#line 1944 "pix.g"
+#line 1967 "pix.g"
 			
 			importer->newUnidirRuleSet("nat", libfwbuilder::NAT::TYPENAME );
 			*dbg << " SNAT rule ";
 			importer->rule_type = libfwbuilder::NATRule::SNAT;
 			
-#line 6688 "PIXCfgParser.cpp"
+#line 6705 "PIXCfgParser.cpp"
 		}
 		match(INT_CONST);
 		if ( inputState->guessing==0 ) {
-#line 1952 "pix.g"
+#line 1975 "pix.g"
 			
 			importer->nat_num = LT(0)->getText();
 			
-#line 6696 "PIXCfgParser.cpp"
+#line 6713 "PIXCfgParser.cpp"
 		}
 		nat_addr_match();
 		{ // ( ... )*
@@ -6709,12 +6726,12 @@ void PIXCfgParser::nat_old_top_level_command() {
 		} // ( ... )*
 		match(NEWLINE);
 		if ( inputState->guessing==0 ) {
-#line 1964 "pix.g"
+#line 1987 "pix.g"
 			
 			importer->pushNATRule();
 			*dbg << std::endl;
 			
-#line 6718 "PIXCfgParser.cpp"
+#line 6735 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6735,14 +6752,14 @@ void PIXCfgParser::nat_new_top_level_command() {
 		interface_label();
 		match(CLOSING_PAREN);
 		if ( inputState->guessing==0 ) {
-#line 2016 "pix.g"
+#line 2039 "pix.g"
 			
 			importer->addMessageToLog(
 			QString("Warning: Import of ASA 8.3 nat command "
 			"is not supported at this time"));
 			consumeUntil(NEWLINE);
 			
-#line 6746 "PIXCfgParser.cpp"
+#line 6763 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6765,11 +6782,11 @@ void PIXCfgParser::nat_addr_match() {
 		{
 			single_addr();
 			if ( inputState->guessing==0 ) {
-#line 1972 "pix.g"
+#line 1995 "pix.g"
 				
 				importer->nat_a = importer->tmp_a;
 				
-#line 6773 "PIXCfgParser.cpp"
+#line 6790 "PIXCfgParser.cpp"
 			}
 			{
 			switch ( LA(1)) {
@@ -6778,11 +6795,11 @@ void PIXCfgParser::nat_addr_match() {
 			{
 				single_addr();
 				if ( inputState->guessing==0 ) {
-#line 1980 "pix.g"
+#line 2003 "pix.g"
 					
 					importer->nat_nm = importer->tmp_a;
 					
-#line 6786 "PIXCfgParser.cpp"
+#line 6803 "PIXCfgParser.cpp"
 				}
 				break;
 			}
@@ -6809,11 +6826,11 @@ void PIXCfgParser::nat_addr_match() {
 			acl_name = LT(1);
 			match(WORD);
 			if ( inputState->guessing==0 ) {
-#line 1986 "pix.g"
+#line 2009 "pix.g"
 				
 				importer->nat_acl = acl_name->getText();
 				
-#line 6817 "PIXCfgParser.cpp"
+#line 6834 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -6914,13 +6931,13 @@ void PIXCfgParser::nat_command_last_parameters() {
 		
 		}
 		if ( inputState->guessing==0 ) {
-#line 2004 "pix.g"
+#line 2027 "pix.g"
 			
 			importer->static_max_conn = max_conn->getText();
 			if (max_emb_conn)
 			importer->static_max_emb_conn = max_emb_conn->getText();
 			
-#line 6924 "PIXCfgParser.cpp"
+#line 6941 "PIXCfgParser.cpp"
 		}
 	}
 	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
@@ -6984,22 +7001,22 @@ void PIXCfgParser::static_starts_with_tcp_udp() {
 		}
 		}
 		if ( inputState->guessing==0 ) {
-#line 2168 "pix.g"
+#line 2191 "pix.g"
 			
 			importer->protocol = LT(0)->getText();
 			*dbg << " SERVICE TCP/UDP " << LT(0)->getText() << " ";
 			
-#line 6993 "PIXCfgParser.cpp"
+#line 7010 "PIXCfgParser.cpp"
 		}
 		static_mapped_addr_match();
 		tcp_udp_port_spec();
 		if ( inputState->guessing==0 ) {
-#line 2182 "pix.g"
+#line 2205 "pix.g"
 			
 			importer->mapped_port_spec = importer->tmp_port_spec_2;
 			*dbg << "mapped port " << importer->mapped_port_spec << " ";
 			
-#line 7003 "PIXCfgParser.cpp"
+#line 7020 "PIXCfgParser.cpp"
 		}
 		{
 		switch ( LA(1)) {
@@ -7008,22 +7025,22 @@ void PIXCfgParser::static_starts_with_tcp_udp() {
 		{
 			single_addr();
 			if ( inputState->guessing==0 ) {
-#line 2192 "pix.g"
+#line 2215 "pix.g"
 				
 				importer->real_a = importer->tmp_a;
 				importer->real_nm = importer->tmp_nm;
 				*dbg << "real: " << importer->real_a;
 				
-#line 7018 "PIXCfgParser.cpp"
+#line 7035 "PIXCfgParser.cpp"
 			}
 			tcp_udp_port_spec();
 			if ( inputState->guessing==0 ) {
-#line 2203 "pix.g"
+#line 2226 "pix.g"
 				
 				importer->real_port_spec = importer->tmp_port_spec_2;
 				*dbg << "real port " << importer->real_port_spec << " ";
 				
-#line 7027 "PIXCfgParser.cpp"
+#line 7044 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7033,12 +7050,12 @@ void PIXCfgParser::static_starts_with_tcp_udp() {
 			acl_name = LT(1);
 			match(WORD);
 			if ( inputState->guessing==0 ) {
-#line 2210 "pix.g"
+#line 2233 "pix.g"
 				
 				importer->real_addr_acl = acl_name->getText();
 				*dbg << "real: " << importer->real_addr_acl;
 				
-#line 7042 "PIXCfgParser.cpp"
+#line 7059 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7081,13 +7098,13 @@ void PIXCfgParser::static_mapped_addr_match() {
 		{
 			single_addr();
 			if ( inputState->guessing==0 ) {
-#line 2135 "pix.g"
+#line 2158 "pix.g"
 				
 				importer->mapped_a = importer->tmp_a;
 				importer->mapped_nm = importer->tmp_nm;
 				*dbg << "mapped: " << importer->mapped_a;
 				
-#line 7091 "PIXCfgParser.cpp"
+#line 7108 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7095,13 +7112,13 @@ void PIXCfgParser::static_mapped_addr_match() {
 		{
 			match(INTRFACE);
 			if ( inputState->guessing==0 ) {
-#line 2142 "pix.g"
+#line 2165 "pix.g"
 				
 				importer->mapped_a = "interface";
 				importer->mapped_nm = "";
 				*dbg << "mapped: " << importer->mapped_a;
 				
-#line 7105 "PIXCfgParser.cpp"
+#line 7122 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7133,13 +7150,13 @@ void PIXCfgParser::static_real_addr_match() {
 		{
 			single_addr();
 			if ( inputState->guessing==0 ) {
-#line 2153 "pix.g"
+#line 2176 "pix.g"
 				
 				importer->real_a = importer->tmp_a;
 				importer->real_nm = importer->tmp_nm;
 				*dbg << "real: " << importer->real_a;
 				
-#line 7143 "PIXCfgParser.cpp"
+#line 7160 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7149,12 +7166,12 @@ void PIXCfgParser::static_real_addr_match() {
 			acl_name = LT(1);
 			match(WORD);
 			if ( inputState->guessing==0 ) {
-#line 2160 "pix.g"
+#line 2183 "pix.g"
 				
 				importer->real_addr_acl = acl_name->getText();
 				*dbg << "real: " << importer->real_addr_acl;
 				
-#line 7158 "PIXCfgParser.cpp"
+#line 7175 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7186,12 +7203,12 @@ void PIXCfgParser::static_command_common_last_parameters() {
 		{
 			match(DNS);
 			if ( inputState->guessing==0 ) {
-#line 2240 "pix.g"
+#line 2263 "pix.g"
 				
 				importer->addMessageToLog(
 				QString("Warning: 'static' command option 'dns' is not supported"));
 				
-#line 7195 "PIXCfgParser.cpp"
+#line 7212 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7199,12 +7216,12 @@ void PIXCfgParser::static_command_common_last_parameters() {
 		{
 			match(NORANDOMSEQ);
 			if ( inputState->guessing==0 ) {
-#line 2246 "pix.g"
+#line 2269 "pix.g"
 				
 				importer->addMessageToLog(
 				QString("Warning: 'static' command option 'norandomseq' is not supported"));
 				
-#line 7208 "PIXCfgParser.cpp"
+#line 7225 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7214,12 +7231,12 @@ void PIXCfgParser::static_command_common_last_parameters() {
 			nm = LT(1);
 			match(IPV4);
 			if ( inputState->guessing==0 ) {
-#line 2252 "pix.g"
+#line 2275 "pix.g"
 				
 				importer->real_nm = nm->getText();
 				*dbg << "real netmask: " << importer->real_nm;
 				
-#line 7223 "PIXCfgParser.cpp"
+#line 7240 "PIXCfgParser.cpp"
 			}
 			break;
 		}
@@ -7264,13 +7281,13 @@ void PIXCfgParser::static_command_common_last_parameters() {
 			
 			}
 			if ( inputState->guessing==0 ) {
-#line 2259 "pix.g"
+#line 2282 "pix.g"
 				
 				importer->static_max_conn = max_conn->getText();
 				if (max_emb_conn)
 				importer->static_max_emb_conn = max_emb_conn->getText();
 				
-#line 7274 "PIXCfgParser.cpp"
+#line 7291 "PIXCfgParser.cpp"
 			}
 			break;
 		}
diff --git a/src/parsers/pix.g b/src/parsers/pix.g
index c8c12d667..db6d0c7f6 100644
--- a/src/parsers/pix.g
+++ b/src/parsers/pix.g
@@ -1016,7 +1016,30 @@ rule_extended :
             }
             hostaddr_expr { importer->SaveTmpAddrToSrc(); *dbg << "(src) "; }
             hostaddr_expr { importer->SaveTmpAddrToDst(); *dbg << "(dst) "; }
-            (icmp_spec)?
+
+            // at this point:
+         
+            // configure mode commands/options:
+            //   <0-255>               Enter ICMP type number (0 - 255)
+            //   alternate-address     
+            //   conversion-error      
+            //   echo                  
+            //   echo-reply            
+            //   inactive              Keyword for disabling an ACL element
+            //       . . . . more icmp service names
+            //  object-group          ICMP object-group for destination port
+            //       . . . . more icmp service names
+            //  <cr>
+            (
+                OBJECT_GROUP grp_name:WORD
+                {
+                    importer->icmp_spec = grp_name->getText();
+                    *dbg << "service gorup: "
+                     << grp_name->getText() << std::endl;
+                }
+            |
+                icmp_spec
+            )?
             (time_range)?
             (fragments)?
             (log)?
diff --git a/src/unit_tests/PIXImporterTest/test_data/pix6.fwb b/src/unit_tests/PIXImporterTest/test_data/pix6.fwb
index a02495d6b..ff916c2a3 100644
--- a/src/unit_tests/PIXImporterTest/test_data/pix6.fwb
+++ b/src/unit_tests/PIXImporterTest/test_data/pix6.fwb
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE FWObjectDatabase SYSTEM "fwbuilder.dtd">
-<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302832156" id="root">
+<FWObjectDatabase xmlns="http://www.fwbuilder.org/1.0/" version="18" lastModified="1302910457" id="root">
   <Library id="syslib000" color="#d4f8ff" name="Standard" comment="Standard objects" ro="True">
     <AnyNetwork id="sysid0" name="Any" comment="Any Network" ro="False" address="0.0.0.0" netmask="0.0.0.0"/>
     <AnyIPService id="sysid1" protocol_num="0" name="Any" comment="Any IP Service" ro="False"/>
@@ -433,107 +433,108 @@
     <ObjectGroup id="id1" name="Objects" comment="" ro="False">
       <ObjectGroup id="id2" name="Addresses" comment="" ro="False">
         <IPv4 id="id3" name="h-10.1.1.202" comment="Created during import of  line 53" ro="False" address="10.1.1.202" netmask="255.255.255.255"/>
-        <IPv4 id="id4" name="h-10.1.1.10" comment="Created during import of  line 67" ro="False" address="10.1.1.10" netmask="255.255.255.255"/>
-        <IPv4 id="id5" name="h-10.1.1.43" comment="Created during import of  line 114" ro="False" address="10.1.1.43" netmask="255.255.255.255"/>
-        <IPv4 id="id6" name="h-127.0.0.1" comment="Created during import of  line 115" ro="False" address="127.0.0.1" netmask="255.255.255.255"/>
-        <IPv4 id="id7" name="h-10.1.1.42" comment="Created during import of  line 118" ro="False" address="10.1.1.42" netmask="255.255.255.255"/>
-        <IPv4 id="id8" name="h-10.1.1.46" comment="Created during import of  line 121" ro="False" address="10.1.1.46" netmask="255.255.255.255"/>
-        <IPv4 id="id9" name="h-10.1.1.32" comment="Created during import of  line 123" ro="False" address="10.1.1.32" netmask="255.255.255.255"/>
-        <IPv4 id="id10" name="h-10.1.1.102" comment="Created during import of  line 124" ro="False" address="10.1.1.102" netmask="255.255.255.255"/>
-        <IPv4 id="id11" name="h-10.1.1.30" comment="Created during import of  line 158" ro="False" address="10.1.1.30" netmask="255.255.255.255"/>
-        <IPv4 id="id12" name="h-10.1.1.40" comment="Created during import of  line 202" ro="False" address="10.1.1.40" netmask="255.255.255.255"/>
+        <IPv4 id="id4" name="h-255.255.255.255" comment="Created during import of  line 63" ro="False" address="255.255.255.255" netmask="255.255.255.255"/>
+        <IPv4 id="id5" name="h-10.1.1.10" comment="Created during import of  line 67" ro="False" address="10.1.1.10" netmask="255.255.255.255"/>
+        <IPv4 id="id6" name="h-10.1.1.43" comment="Created during import of  line 74" ro="False" address="10.1.1.43" netmask="255.255.255.255"/>
+        <IPv4 id="id7" name="h-10.1.1.46" comment="Created during import of  line 78" ro="False" address="10.1.1.46" netmask="255.255.255.255"/>
+        <IPv4 id="id8" name="h-127.0.0.1" comment="Created during import of  line 115" ro="False" address="127.0.0.1" netmask="255.255.255.255"/>
+        <IPv4 id="id9" name="h-10.1.1.42" comment="Created during import of  line 118" ro="False" address="10.1.1.42" netmask="255.255.255.255"/>
+        <IPv4 id="id10" name="h-10.1.1.32" comment="Created during import of  line 123" ro="False" address="10.1.1.32" netmask="255.255.255.255"/>
+        <IPv4 id="id11" name="h-10.1.1.102" comment="Created during import of  line 124" ro="False" address="10.1.1.102" netmask="255.255.255.255"/>
+        <IPv4 id="id12" name="h-10.1.1.30" comment="Created during import of  line 154" ro="False" address="10.1.1.30" netmask="255.255.255.255"/>
+        <IPv4 id="id13" name="h-10.1.1.40" comment="Created during import of  line 196" ro="False" address="10.1.1.40" netmask="255.255.255.255"/>
       </ObjectGroup>
-      <ObjectGroup id="id13" name="DNS Names" comment="" ro="False"/>
-      <ObjectGroup id="id14" name="Address Tables" comment="" ro="False"/>
-      <ObjectGroup id="id15" name="Groups" comment="" ro="False"/>
-      <ObjectGroup id="id16" name="Hosts" comment="" ro="False"/>
-      <ObjectGroup id="id17" name="Networks" comment="" ro="False">
-        <Network id="id18" name="net-10.1.1.0/255.255.255.0" comment="Created during import of  line 54" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
+      <ObjectGroup id="id14" name="DNS Names" comment="" ro="False"/>
+      <ObjectGroup id="id15" name="Address Tables" comment="" ro="False"/>
+      <ObjectGroup id="id16" name="Groups" comment="" ro="False"/>
+      <ObjectGroup id="id17" name="Hosts" comment="" ro="False"/>
+      <ObjectGroup id="id18" name="Networks" comment="" ro="False">
+        <Network id="id19" name="net-10.1.1.0/255.255.255.0" comment="Created during import of  line 54" ro="False" address="10.1.1.0" netmask="255.255.255.0"/>
       </ObjectGroup>
-      <ObjectGroup id="id19" name="Address Ranges" comment="" ro="False"/>
+      <ObjectGroup id="id20" name="Address Ranges" comment="" ro="False"/>
     </ObjectGroup>
-    <ServiceGroup id="id20" name="Services" comment="" ro="False">
-      <ServiceGroup id="id21" name="Groups" comment="" ro="False">
-        <ServiceGroup id="id22" name="inside.id12349X2458.srv.icmp.0" comment="Created during import of  line 34" ro="False">
-          <ServiceRef ref="id41"/>
+    <ServiceGroup id="id21" name="Services" comment="" ro="False">
+      <ServiceGroup id="id22" name="Groups" comment="" ro="False">
+        <ServiceGroup id="id23" name="inside.id12349X2458.srv.icmp.0" comment="Created during import of  line 34" ro="False">
           <ServiceRef ref="id42"/>
           <ServiceRef ref="id43"/>
-        </ServiceGroup>
-        <ServiceGroup id="id26" name="outside.id12363X2458.srv.icmp.0" comment="Created during import of  line 38" ro="False">
           <ServiceRef ref="id44"/>
-          <ServiceRef ref="id41"/>
+        </ServiceGroup>
+        <ServiceGroup id="id27" name="outside.id12363X2458.srv.icmp.0" comment="Created during import of  line 38" ro="False">
+          <ServiceRef ref="id45"/>
           <ServiceRef ref="id42"/>
           <ServiceRef ref="id43"/>
+          <ServiceRef ref="id44"/>
         </ServiceGroup>
-        <ServiceGroup id="id31" name="outside.id12376X2458.srv.udp.0" comment="Created during import of  line 43" ro="False">
-          <ServiceRef ref="id70"/>
+        <ServiceGroup id="id32" name="outside.id12376X2458.srv.udp.0" comment="Created during import of  line 43" ro="False">
           <ServiceRef ref="id71"/>
+          <ServiceRef ref="id72"/>
         </ServiceGroup>
-        <ServiceGroup id="id34" name="outside.id12438X2458.srv.tcp.0" comment="Created during import of  line 46" ro="False">
-          <ServiceRef ref="id50"/>
+        <ServiceGroup id="id35" name="outside.id12438X2458.srv.tcp.0" comment="Created during import of  line 46" ro="False">
+          <ServiceRef ref="id51"/>
+          <ServiceRef ref="id52"/>
+        </ServiceGroup>
+        <ServiceGroup id="id38" name="outside.id12466X2458.srv.tcp.0" comment="Created during import of  line 49" ro="False">
+          <ServiceRef ref="id53"/>
           <ServiceRef ref="id51"/>
         </ServiceGroup>
-        <ServiceGroup id="id37" name="outside.id12466X2458.srv.tcp.0" comment="Created during import of  line 49" ro="False">
-          <ServiceRef ref="id52"/>
-          <ServiceRef ref="id50"/>
-        </ServiceGroup>
       </ServiceGroup>
-      <ServiceGroup id="id40" name="ICMP" comment="" ro="False">
-        <ICMPService id="id41" code="0" type="11" name="icmp 11/0" comment="Created during import of  line 35" ro="False"/>
-        <ICMPService id="id42" code="0" type="0" name="icmp 0/0" comment="Created during import of  line 36" ro="False"/>
-        <ICMPService id="id43" code="-1" type="3" name="icmp 3/-1" comment="Created during import of  line 37" ro="False"/>
-        <ICMPService id="id44" code="-1" type="8" name="icmp 8/-1" comment="Created during import of  line 39" ro="False"/>
-        <ICMPService id="id45" code="-1" type="-1" name="icmp -1/-1" comment="Created during import of  line 80" ro="False"/>
-        <ICMPService id="id46" code="0" type="111" name="icmp 111/0" comment="Created during import of  line 141" ro="False"/>
+      <ServiceGroup id="id41" name="ICMP" comment="" ro="False">
+        <ICMPService id="id42" code="0" type="11" name="icmp 11/0" comment="Created during import of  line 35" ro="False"/>
+        <ICMPService id="id43" code="0" type="0" name="icmp 0/0" comment="Created during import of  line 36" ro="False"/>
+        <ICMPService id="id44" code="-1" type="3" name="icmp 3/-1" comment="Created during import of  line 37" ro="False"/>
+        <ICMPService id="id45" code="-1" type="8" name="icmp 8/-1" comment="Created during import of  line 39" ro="False"/>
+        <ICMPService id="id46" code="-1" type="-1" name="icmp -1/-1" comment="Created during import of  line 80" ro="False"/>
+        <ICMPService id="id47" code="0" type="111" name="icmp 111/0" comment="Created during import of  line 137" ro="False"/>
       </ServiceGroup>
-      <ServiceGroup id="id47" name="IP" comment="" ro="False">
-        <IPService id="id48" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip" comment="Created during import of  line 53" ro="False"/>
+      <ServiceGroup id="id48" name="IP" comment="" ro="False">
+        <IPService id="id49" any_opt="False" dscp="" fragm="False" lsrr="False" protocol_num="0" rr="False" rtralt="False" rtralt_value="False" short_fragm="False" ssrr="False" tos="" ts="False" name="ip" comment="Created during import of  line 53" ro="False"/>
       </ServiceGroup>
-      <ServiceGroup id="id49" name="TCP" comment="" ro="False">
-        <TCPService id="id50" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of  line 47" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
-        <TCPService id="id51" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of  line 48" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
-        <TCPService id="id52" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 8765:8765" comment="Created during import of  line 50" ro="False" src_range_start="0" src_range_end="0" dst_range_start="8765" dst_range_end="8765"/>
-        <TCPService id="id53" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 113:113" comment="Created during import of  line 65" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
-        <TCPService id="id54" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of  line 67" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
-        <TCPService id="id55" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 2222:2222" comment="Created during import of  line 77" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2222" dst_range_end="2222"/>
-        <TCPService id="id56" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of  line 114" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id57" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of  line 116" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id58" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 25:25 / 0:0" comment="Created during import of  line 118" ro="False" src_range_start="25" src_range_end="25" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id59" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 993:993 / 0:0" comment="Created during import of  line 119" ro="False" src_range_start="993" src_range_end="993" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id60" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 587:587 / 0:0" comment="Created during import of  line 120" ro="False" src_range_start="587" src_range_end="587" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id61" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 8765:8765 / 0:0" comment="Created during import of  line 122" ro="False" src_range_start="8765" src_range_end="8765" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id62" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 5900:5900 / 0:0" comment="Created during import of  line 123" ro="False" src_range_start="5900" src_range_end="5900" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id63" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 5901:5901 / 0:0" comment="Created during import of  line 124" ro="False" src_range_start="5901" src_range_end="5901" dst_range_start="0" dst_range_end="0"/>
-        <TCPService id="id64" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 23:23" comment="Created during import of  line 156" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
-        <TCPService id="id65" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 993:993" comment="Created during import of  line 175" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
-        <TCPService id="id66" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 587:587" comment="Created during import of  line 176" ro="False" src_range_start="0" src_range_end="0" dst_range_start="587" dst_range_end="587"/>
-        <TCPService id="id67" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 5900:5900" comment="Created during import of  line 179" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
-        <TCPService id="id68" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 5901:5901" comment="Created during import of  line 180" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
+      <ServiceGroup id="id50" name="TCP" comment="" ro="False">
+        <TCPService id="id51" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 22:22" comment="Created during import of  line 47" ro="False" src_range_start="0" src_range_end="0" dst_range_start="22" dst_range_end="22"/>
+        <TCPService id="id52" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 80:80" comment="Created during import of  line 48" ro="False" src_range_start="0" src_range_end="0" dst_range_start="80" dst_range_end="80"/>
+        <TCPService id="id53" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 8765:8765" comment="Created during import of  line 50" ro="False" src_range_start="0" src_range_end="0" dst_range_start="8765" dst_range_end="8765"/>
+        <TCPService id="id54" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 113:113" comment="Created during import of  line 65" ro="False" src_range_start="0" src_range_end="0" dst_range_start="113" dst_range_end="113"/>
+        <TCPService id="id55" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 25:25" comment="Created during import of  line 67" ro="False" src_range_start="0" src_range_end="0" dst_range_start="25" dst_range_end="25"/>
+        <TCPService id="id56" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 2222:2222" comment="Created during import of  line 77" ro="False" src_range_start="0" src_range_end="0" dst_range_start="2222" dst_range_end="2222"/>
+        <TCPService id="id57" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 80:80 / 0:0" comment="Created during import of  line 114" ro="False" src_range_start="80" src_range_end="80" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id58" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 22:22 / 0:0" comment="Created during import of  line 116" ro="False" src_range_start="22" src_range_end="22" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id59" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 25:25 / 0:0" comment="Created during import of  line 118" ro="False" src_range_start="25" src_range_end="25" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id60" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 993:993 / 0:0" comment="Created during import of  line 119" ro="False" src_range_start="993" src_range_end="993" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id61" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 587:587 / 0:0" comment="Created during import of  line 120" ro="False" src_range_start="587" src_range_end="587" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id62" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 8765:8765 / 0:0" comment="Created during import of  line 122" ro="False" src_range_start="8765" src_range_end="8765" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id63" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 5900:5900 / 0:0" comment="Created during import of  line 123" ro="False" src_range_start="5900" src_range_end="5900" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id64" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 5901:5901 / 0:0" comment="Created during import of  line 124" ro="False" src_range_start="5901" src_range_end="5901" dst_range_start="0" dst_range_end="0"/>
+        <TCPService id="id65" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 23:23" comment="Created during import of  line 152" ro="False" src_range_start="0" src_range_end="0" dst_range_start="23" dst_range_end="23"/>
+        <TCPService id="id66" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 993:993" comment="Created during import of  line 171" ro="False" src_range_start="0" src_range_end="0" dst_range_start="993" dst_range_end="993"/>
+        <TCPService id="id67" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 587:587" comment="Created during import of  line 172" ro="False" src_range_start="0" src_range_end="0" dst_range_start="587" dst_range_end="587"/>
+        <TCPService id="id68" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 5900:5900" comment="Created during import of  line 175" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5900" dst_range_end="5900"/>
+        <TCPService id="id69" ack_flag="False" ack_flag_mask="False" established="False" fin_flag="False" fin_flag_mask="False" psh_flag="False" psh_flag_mask="False" rst_flag="False" rst_flag_mask="False" syn_flag="False" syn_flag_mask="False" urg_flag="False" urg_flag_mask="False" name="tcp 0:0 / 5901:5901" comment="Created during import of  line 176" ro="False" src_range_start="0" src_range_end="0" dst_range_start="5901" dst_range_end="5901"/>
       </ServiceGroup>
-      <ServiceGroup id="id69" name="UDP" comment="" ro="False">
-        <UDPService id="id70" name="udp 0:0 / 68:68" comment="Created during import of  line 44" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
-        <UDPService id="id71" name="udp 0:0 / 67:67" comment="Created during import of  line 45" ro="False" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
-        <UDPService id="id72" name="udp 0:0 / 161:161" comment="Created during import of  line 87" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
+      <ServiceGroup id="id70" name="UDP" comment="" ro="False">
+        <UDPService id="id71" name="udp 0:0 / 68:68" comment="Created during import of  line 44" ro="False" src_range_start="0" src_range_end="0" dst_range_start="68" dst_range_end="68"/>
+        <UDPService id="id72" name="udp 0:0 / 67:67" comment="Created during import of  line 45" ro="False" src_range_start="0" src_range_end="0" dst_range_start="67" dst_range_end="67"/>
+        <UDPService id="id73" name="udp 0:0 / 161:161" comment="Created during import of  line 87" ro="False" src_range_start="0" src_range_end="0" dst_range_start="161" dst_range_end="161"/>
       </ServiceGroup>
-      <ServiceGroup id="id73" name="Users" comment="" ro="False"/>
-      <ServiceGroup id="id74" name="Custom" comment="" ro="False"/>
-      <ServiceGroup id="id75" name="TagServices" comment="" ro="False"/>
+      <ServiceGroup id="id74" name="Users" comment="" ro="False"/>
+      <ServiceGroup id="id75" name="Custom" comment="" ro="False"/>
+      <ServiceGroup id="id76" name="TagServices" comment="" ro="False"/>
     </ServiceGroup>
-    <ObjectGroup id="id76" name="Firewalls" comment="" ro="False">
-      <Firewall id="id77" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="test_fw" comment="Created during import of  line 4" ro="False">
-        <NAT id="id573" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <NATRule id="id576" disabled="False" group="" position="0" action="Translate" comment="Created during import of  line 171">
+    <ObjectGroup id="id77" name="Firewalls" comment="" ro="False">
+      <Firewall id="id78" host_OS="pix_os" lastCompiled="0" lastInstalled="0" lastModified="0" platform="pix" version="6.3" name="test_fw" comment="Created during import of  line 4" ro="False">
+        <NAT id="id694" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <NATRule id="id697" disabled="False" group="" position="0" action="Translate" comment="Created during import of  line 167">
             <OSrc neg="False">
-              <ObjectRef ref="id18"/>
+              <ObjectRef ref="id19"/>
             </OSrc>
             <ODst neg="False">
               <ObjectRef ref="sysid0"/>
             </ODst>
             <OSrv neg="False">
-              <ServiceRef ref="id48"/>
+              <ServiceRef ref="id49"/>
             </OSrv>
             <TSrc neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </TSrc>
             <TDst neg="False">
               <ObjectRef ref="sysid0"/>
@@ -542,19 +543,46 @@
               <ServiceRef ref="sysid1"/>
             </TSrv>
             <ItfInb neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </ItfInb>
             <ItfOutb neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id594" disabled="False" group="" position="1" action="Translate" comment="Created during import of  line 172">
+          <NATRule id="id715" disabled="False" group="" position="1" action="Translate" comment="Created during import of  line 168">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="id52"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="id6"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="id52"/>
+            </TSrv>
+            <ItfInb neg="False">
+              <ObjectRef ref="id879"/>
+            </ItfInb>
+            <ItfOutb neg="False">
+              <ObjectRef ref="id881"/>
+            </ItfOutb>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id733" disabled="False" group="" position="2" action="Translate" comment="Created during import of  line 169">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id879"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id51"/>
@@ -563,133 +591,25 @@
               <ObjectRef ref="sysid0"/>
             </TSrc>
             <TDst neg="False">
-              <ObjectRef ref="id5"/>
+              <ObjectRef ref="id6"/>
             </TDst>
             <TSrv neg="False">
               <ServiceRef ref="id51"/>
             </TSrv>
             <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ItfInb>
             <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id612" disabled="False" group="" position="2" action="Translate" comment="Created during import of  line 173">
+          <NATRule id="id751" disabled="False" group="" position="3" action="Translate" comment="Created during import of  line 170">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id758"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id50"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id5"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="id50"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id630" disabled="False" group="" position="3" action="Translate" comment="Created during import of  line 174">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id758"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id54"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id7"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="id54"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id648" disabled="False" group="" position="4" action="Translate" comment="Created during import of  line 175">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id758"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id65"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id7"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="id65"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id666" disabled="False" group="" position="5" action="Translate" comment="Created during import of  line 176">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id758"/>
-            </ODst>
-            <OSrv neg="False">
-              <ServiceRef ref="id66"/>
-            </OSrv>
-            <TSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </TSrc>
-            <TDst neg="False">
-              <ObjectRef ref="id7"/>
-            </TDst>
-            <TSrv neg="False">
-              <ServiceRef ref="id66"/>
-            </TSrv>
-            <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
-            </ItfInb>
-            <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
-            </ItfOutb>
-            <NATRuleOptions/>
-          </NATRule>
-          <NATRule id="id684" disabled="False" group="" position="6" action="Translate" comment="Created during import of  line 177">
-            <OSrc neg="False">
-              <ObjectRef ref="sysid0"/>
-            </OSrc>
-            <ODst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id55"/>
@@ -698,52 +618,52 @@
               <ObjectRef ref="sysid0"/>
             </TSrc>
             <TDst neg="False">
-              <ObjectRef ref="id8"/>
+              <ObjectRef ref="id9"/>
             </TDst>
             <TSrv neg="False">
-              <ServiceRef ref="id50"/>
+              <ServiceRef ref="id55"/>
             </TSrv>
             <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ItfInb>
             <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id702" disabled="False" group="" position="7" action="Translate" comment="Created during import of  line 178">
+          <NATRule id="id769" disabled="False" group="" position="4" action="Translate" comment="Created during import of  line 171">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ODst>
             <OSrv neg="False">
-              <ServiceRef ref="id52"/>
+              <ServiceRef ref="id66"/>
             </OSrv>
             <TSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </TSrc>
             <TDst neg="False">
-              <ObjectRef ref="id8"/>
+              <ObjectRef ref="id9"/>
             </TDst>
             <TSrv neg="False">
-              <ServiceRef ref="id52"/>
+              <ServiceRef ref="id66"/>
             </TSrv>
             <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ItfInb>
             <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id720" disabled="False" group="" position="8" action="Translate" comment="Created during import of  line 179">
+          <NATRule id="id787" disabled="False" group="" position="5" action="Translate" comment="Created during import of  line 172">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id67"/>
@@ -758,19 +678,73 @@
               <ServiceRef ref="id67"/>
             </TSrv>
             <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ItfInb>
             <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
-          <NATRule id="id738" disabled="False" group="" position="9" action="Translate" comment="Created during import of  line 180">
+          <NATRule id="id805" disabled="False" group="" position="6" action="Translate" comment="Created during import of  line 173">
             <OSrc neg="False">
               <ObjectRef ref="sysid0"/>
             </OSrc>
             <ODst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="id56"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="id7"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="id51"/>
+            </TSrv>
+            <ItfInb neg="False">
+              <ObjectRef ref="id879"/>
+            </ItfInb>
+            <ItfOutb neg="False">
+              <ObjectRef ref="id881"/>
+            </ItfOutb>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id823" disabled="False" group="" position="7" action="Translate" comment="Created during import of  line 174">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id879"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="id53"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="id7"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="id53"/>
+            </TSrv>
+            <ItfInb neg="False">
+              <ObjectRef ref="id879"/>
+            </ItfInb>
+            <ItfOutb neg="False">
+              <ObjectRef ref="id881"/>
+            </ItfOutb>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id841" disabled="False" group="" position="8" action="Translate" comment="Created during import of  line 175">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id879"/>
             </ODst>
             <OSrv neg="False">
               <ServiceRef ref="id68"/>
@@ -785,28 +759,55 @@
               <ServiceRef ref="id68"/>
             </TSrv>
             <ItfInb neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </ItfInb>
             <ItfOutb neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
+            </ItfOutb>
+            <NATRuleOptions/>
+          </NATRule>
+          <NATRule id="id859" disabled="False" group="" position="9" action="Translate" comment="Created during import of  line 176">
+            <OSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </OSrc>
+            <ODst neg="False">
+              <ObjectRef ref="id879"/>
+            </ODst>
+            <OSrv neg="False">
+              <ServiceRef ref="id69"/>
+            </OSrv>
+            <TSrc neg="False">
+              <ObjectRef ref="sysid0"/>
+            </TSrc>
+            <TDst neg="False">
+              <ObjectRef ref="id11"/>
+            </TDst>
+            <TSrv neg="False">
+              <ServiceRef ref="id69"/>
+            </TSrv>
+            <ItfInb neg="False">
+              <ObjectRef ref="id879"/>
+            </ItfInb>
+            <ItfOutb neg="False">
+              <ObjectRef ref="id881"/>
             </ItfOutb>
             <NATRuleOptions/>
           </NATRule>
           <RuleSetOptions/>
         </NAT>
-        <Policy id="id79" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
-          <PolicyRule id="id81" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Imported from telnet_commands_inside&#10;Created during import of  line 156">
+        <Policy id="id80" name="Policy" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+          <PolicyRule id="id82" disabled="False" group="" log="False" position="0" action="Accept" direction="Inbound" comment="Imported from telnet_commands_inside&#10;Created during import of  line 152">
             <Src neg="False">
-              <ObjectRef ref="id18"/>
+              <ObjectRef ref="id19"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id64"/>
+              <ServiceRef ref="id65"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -815,18 +816,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id93" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of  line 158">
+          <PolicyRule id="id94" disabled="False" group="" log="False" position="1" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of  line 154">
             <Src neg="False">
-              <ObjectRef ref="id11"/>
+              <ObjectRef ref="id12"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id50"/>
+              <ServiceRef ref="id51"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -835,18 +836,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id105" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of  line 159">
+          <PolicyRule id="id106" disabled="False" group="" log="False" position="2" action="Accept" direction="Inbound" comment="Imported from ssh_commands_inside&#10;Created during import of  line 155">
             <Src neg="False">
-              <ObjectRef ref="id18"/>
+              <ObjectRef ref="id19"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id50"/>
+              <ServiceRef ref="id51"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -855,18 +856,98 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id117" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 140">
+          <PolicyRule id="id118" disabled="False" group="" log="False" position="3" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 136">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id45"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id130" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 137">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id78"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id47"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id142" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 138">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id78"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id42"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id154" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 139">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id78"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id43"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id166" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 140">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id44"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -875,18 +956,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id129" disabled="False" group="" log="False" position="4" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 141">
+          <PolicyRule id="id178" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 141">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id46"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -895,38 +976,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id141" disabled="False" group="" log="False" position="5" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 142">
+          <PolicyRule id="id190" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 142">
             <Src neg="False">
-              <ObjectRef ref="sysid0"/>
+              <ObjectRef ref="id3"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id41"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id758"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id153" disabled="False" group="" log="False" position="6" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 143">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id42"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -935,18 +996,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id165" disabled="False" group="" log="False" position="7" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 144">
+          <PolicyRule id="id202" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 143">
             <Src neg="False">
-              <ObjectRef ref="sysid0"/>
+              <ObjectRef ref="id3"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id43"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -955,98 +1016,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id177" disabled="False" group="" log="False" position="8" action="Accept" direction="Inbound" comment="Imported from icmp_commands_outside&#10;Created during import of  line 145">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id45"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id758"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id189" disabled="False" group="" log="False" position="9" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 146">
+          <PolicyRule id="id214" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 144">
             <Src neg="False">
               <ObjectRef ref="id3"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id41"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id201" disabled="False" group="" log="False" position="10" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 147">
-            <Src neg="False">
-              <ObjectRef ref="id3"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id42"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id213" disabled="False" group="" log="False" position="11" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 148">
-            <Src neg="False">
-              <ObjectRef ref="id3"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id43"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id225" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 149">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id44"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1055,18 +1036,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id237" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 150">
+          <PolicyRule id="id226" disabled="False" group="" log="False" position="12" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 145">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id41"/>
+              <ServiceRef ref="id45"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1075,18 +1056,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id249" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 151">
+          <PolicyRule id="id238" disabled="False" group="" log="False" position="13" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 146">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id42"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1095,18 +1076,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id261" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 152">
+          <PolicyRule id="id250" disabled="False" group="" log="False" position="14" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 147">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id43"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id760"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1115,321 +1096,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id273" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 153">
+          <PolicyRule id="id262" disabled="False" group="" log="False" position="15" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 148">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id45"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id285" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 154">
-            <Src neg="False">
-              <ObjectRef ref="id18"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id45"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id297" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Imported from http_commands_inside&#10;Created during import of  line 202">
-            <Src neg="False">
-              <ObjectRef ref="id12"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id51"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id309" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Imported from http_commands_inside&#10;Created during import of  line 203">
-            <Src neg="False">
-              <ObjectRef ref="id18"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id77"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id51"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id321" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;1 ( global ) &#10;Created during import of  line 86">
-            <Src neg="False">
-              <ObjectRef ref="id18"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id3"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id51"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id333" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;Created during import of  line 87">
-            <Src neg="False">
-              <ObjectRef ref="id18"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id3"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id72"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id345" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;5 ( global ) &#10;Created during import of  line 94">
-            <Src neg="False">
-              <ObjectRef ref="id3"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id48"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id357" disabled="False" group="" log="False" position="23" action="Deny" direction="Inbound" comment="Imported from inside_acl_in&#10;6 ( global ) &#10;Created during import of  line 96">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id3"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id53"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">True</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id369" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;7 ( global ) &#10;Created during import of  line 98">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id4"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id54"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id381" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;17 ( global ) &#10;Created during import of  line 107">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id3"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id45"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id393" disabled="False" group="" log="False" position="26" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;Created during import of  line 108">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id45"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id405" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;18 ( global ) &#10;Created during import of  line 110">
-            <Src neg="False">
-              <ObjectRef ref="id18"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id48"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id417" disabled="False" group="" log="True" position="28" action="Deny" direction="Inbound" comment="Imported from inside_acl_in&#10;19 ( global ) ' catch all' rule &#10;Created during import of  line 113">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id48"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id760"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="log_level">notice</Option>
-              <Option name="stateless">True</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id429" disabled="False" group="" log="True" position="29" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;0 ( ethernet0 ) &#10;Created during import of  line 53">
-            <Src neg="False">
-              <ObjectRef ref="id3"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id48"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id758"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="log_level">notice</Option>
-              <Option name="stateless">True</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id441" disabled="False" group="" log="True" position="30" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 54">
-            <Src neg="False">
-              <ObjectRef ref="id18"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id48"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id758"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="log_level">notice</Option>
-              <Option name="stateless">True</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id453" disabled="False" group="" log="False" position="31" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;3 ( global ) &#10;Created during import of  line 56">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id44"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1438,38 +1116,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id465" disabled="False" group="" log="False" position="32" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;4 ( global ) fw uses DHCP plus many DHCP requests from cable modem 6 ( global ) &#10;Created during import of  line 65">
+          <PolicyRule id="id274" disabled="False" group="" log="False" position="16" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 149">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id53"/>
+              <ServiceRef ref="id46"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">True</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id477" disabled="False" group="" log="False" position="33" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;7 ( global ) &#10;Created during import of  line 67">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id4"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id54"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1478,18 +1136,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id489" disabled="False" group="" log="False" position="34" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;10 ( global ) using swatch to automatically block probing ssh connections , so no need to limit &#10;Created during import of  line 72">
+          <PolicyRule id="id286" disabled="False" group="" log="False" position="17" action="Accept" direction="Inbound" comment="Imported from icmp_commands_inside&#10;Created during import of  line 150">
             <Src neg="False">
-              <ObjectRef ref="sysid0"/>
+              <ObjectRef ref="id19"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id50"/>
+              <ServiceRef ref="id46"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1498,38 +1156,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id501" disabled="False" group="" log="False" position="35" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 73">
+          <PolicyRule id="id298" disabled="False" group="" log="False" position="18" action="Accept" direction="Inbound" comment="Imported from http_commands_inside&#10;Created during import of  line 196">
             <Src neg="False">
-              <ObjectRef ref="sysid0"/>
+              <ObjectRef ref="id13"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id758"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id51"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="id758"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <PolicyRule id="id513" disabled="False" group="" log="False" position="36" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;11 ( global ) &#10;Created during import of  line 76">
-            <Src neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id78"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id52"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1538,18 +1176,178 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id525" disabled="False" group="" log="False" position="37" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 77">
+          <PolicyRule id="id310" disabled="False" group="" log="False" position="19" action="Accept" direction="Inbound" comment="Imported from http_commands_inside&#10;Created during import of  line 197">
+            <Src neg="False">
+              <ObjectRef ref="id19"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id78"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id52"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id322" disabled="False" group="" log="False" position="20" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;1 ( global ) &#10;Created during import of  line 86">
+            <Src neg="False">
+              <ObjectRef ref="id19"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id3"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id52"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id334" disabled="False" group="" log="False" position="21" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;Created during import of  line 87">
+            <Src neg="False">
+              <ObjectRef ref="id19"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id3"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id73"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id346" disabled="False" group="" log="False" position="22" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;2 ( global ) &#10;Created during import of  line 89">
+            <Src neg="False">
+              <ObjectRef ref="id3"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id3"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id23"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id358" disabled="False" group="" log="False" position="23" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;Created during import of  line 90">
+            <Src neg="False">
+              <ObjectRef ref="id3"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id23"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id370" disabled="False" group="" log="False" position="24" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;3 ( global ) &#10;Created during import of  line 92">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id3"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id27"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id382" disabled="False" group="" log="False" position="25" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;5 ( global ) &#10;Created during import of  line 94">
+            <Src neg="False">
+              <ObjectRef ref="id3"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id49"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id394" disabled="False" group="" log="False" position="26" action="Deny" direction="Inbound" comment="Imported from inside_acl_in&#10;6 ( global ) &#10;Created during import of  line 96">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id3"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id54"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id406" disabled="False" group="" log="False" position="27" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;7 ( global ) &#10;Created during import of  line 98">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id5"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id55"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id881"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1558,18 +1356,181 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id537" disabled="False" group="" log="False" position="38" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;17 ( global ) &#10;Created during import of  line 80">
+          <PolicyRule id="id418" disabled="False" group="" log="False" position="28" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;10 ( global ) using swatch to automatically block probing ssh connections , so no need to limit &#10;Created during import of  line 103">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id6"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id35"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id430" disabled="False" group="" log="False" position="29" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;11 ( global ) &#10;Created during import of  line 105">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id7"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id38"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id442" disabled="False" group="" log="False" position="30" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;17 ( global ) &#10;Created during import of  line 107">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id3"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id46"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id454" disabled="False" group="" log="False" position="31" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;Created during import of  line 108">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id46"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id466" disabled="False" group="" log="False" position="32" action="Accept" direction="Inbound" comment="Imported from inside_acl_in&#10;18 ( global ) &#10;Created during import of  line 110">
+            <Src neg="False">
+              <ObjectRef ref="id19"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id49"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id478" disabled="False" group="" log="True" position="33" action="Deny" direction="Inbound" comment="Imported from inside_acl_in&#10;19 ( global ) ' catch all' rule &#10;Created during import of  line 113">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id49"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id881"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="log_level">notice</Option>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id490" disabled="False" group="" log="True" position="34" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;0 ( ethernet0 ) &#10;Created during import of  line 53">
+            <Src neg="False">
+              <ObjectRef ref="id3"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id49"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="log_level">notice</Option>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id502" disabled="False" group="" log="True" position="35" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 54">
+            <Src neg="False">
+              <ObjectRef ref="id19"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id49"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="log_level">notice</Option>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id514" disabled="False" group="" log="False" position="36" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;3 ( global ) &#10;Created during import of  line 56">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
             </Dst>
             <Srv neg="False">
               <ServiceRef ref="id45"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1578,18 +1539,18 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id549" disabled="False" group="" log="False" position="39" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 81">
+          <PolicyRule id="id526" disabled="False" group="" log="False" position="37" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 57">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
             <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
+              <ObjectRef ref="id879"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id45"/>
+              <ServiceRef ref="id27"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1598,7 +1559,227 @@
               <Option name="stateless">False</Option>
             </PolicyRuleOptions>
           </PolicyRule>
-          <PolicyRule id="id561" disabled="False" group="" log="True" position="40" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;19 ( global ) ' catch all' rule &#10;Created during import of  line 84">
+          <PolicyRule id="id538" disabled="False" group="" log="False" position="38" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;4 ( global ) fw uses DHCP plus many DHCP requests from cable modem &#10;Created during import of  line 62">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id32"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id550" disabled="False" group="" log="False" position="39" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 63">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id4"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id32"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id562" disabled="False" group="" log="False" position="40" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;6 ( global ) &#10;Created during import of  line 65">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id54"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">True</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id574" disabled="False" group="" log="False" position="41" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;7 ( global ) &#10;Created during import of  line 67">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id5"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id55"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id586" disabled="False" group="" log="False" position="42" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;10 ( global ) using swatch to automatically block probing ssh connections , so no need to limit &#10;Created during import of  line 72">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id51"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id598" disabled="False" group="" log="False" position="43" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 73">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id52"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id610" disabled="False" group="" log="False" position="44" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 74">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id6"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id35"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id622" disabled="False" group="" log="False" position="45" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;11 ( global ) &#10;Created during import of  line 76">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id53"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id634" disabled="False" group="" log="False" position="46" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 77">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id56"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id646" disabled="False" group="" log="False" position="47" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 78">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id7"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id38"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id658" disabled="False" group="" log="False" position="48" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;17 ( global ) &#10;Created during import of  line 80">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="id879"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id46"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id670" disabled="False" group="" log="False" position="49" action="Accept" direction="Inbound" comment="Imported from outside_acl_in&#10;Created during import of  line 81">
             <Src neg="False">
               <ObjectRef ref="sysid0"/>
             </Src>
@@ -1606,10 +1787,30 @@
               <ObjectRef ref="sysid0"/>
             </Dst>
             <Srv neg="False">
-              <ServiceRef ref="id48"/>
+              <ServiceRef ref="id46"/>
             </Srv>
             <Itf neg="False">
-              <ObjectRef ref="id758"/>
+              <ObjectRef ref="id879"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <PolicyRule id="id682" disabled="False" group="" log="True" position="50" action="Deny" direction="Inbound" comment="Imported from outside_acl_in&#10;19 ( global ) ' catch all' rule &#10;Created during import of  line 84">
+            <Src neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id49"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="id879"/>
             </Itf>
             <When neg="False">
               <IntervalRef ref="sysid2"/>
@@ -1621,33 +1822,10 @@
           </PolicyRule>
           <RuleSetOptions/>
         </Policy>
-        <Policy id="id763" name="id12594X2458.1" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
-          <PolicyRule id="id765" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Created during import of  line 115">
+        <Policy id="id884" name="id12594X2458.1" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
+          <PolicyRule id="id886" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Created during import of  line 115">
             <Src neg="False">
-              <ObjectRef ref="id6"/>
-            </Src>
-            <Dst neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Dst>
-            <Srv neg="False">
-              <ServiceRef ref="id56"/>
-            </Srv>
-            <Itf neg="False">
-              <ObjectRef ref="sysid0"/>
-            </Itf>
-            <When neg="False">
-              <IntervalRef ref="sysid2"/>
-            </When>
-            <PolicyRuleOptions>
-              <Option name="stateless">False</Option>
-            </PolicyRuleOptions>
-          </PolicyRule>
-          <RuleSetOptions/>
-        </Policy>
-        <Policy id="id777" name="id12594X2458.3" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
-          <PolicyRule id="id779" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Created during import of  line 117">
-            <Src neg="False">
-              <ObjectRef ref="id6"/>
+              <ObjectRef ref="id8"/>
             </Src>
             <Dst neg="False">
               <ObjectRef ref="sysid0"/>
@@ -1667,14 +1845,37 @@
           </PolicyRule>
           <RuleSetOptions/>
         </Policy>
-        <Routing id="id756" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
+        <Policy id="id898" name="id12594X2458.3" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="False">
+          <PolicyRule id="id900" disabled="False" group="" log="False" position="0" action="Accept" direction="Both" comment="Created during import of  line 117">
+            <Src neg="False">
+              <ObjectRef ref="id8"/>
+            </Src>
+            <Dst neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Dst>
+            <Srv neg="False">
+              <ServiceRef ref="id58"/>
+            </Srv>
+            <Itf neg="False">
+              <ObjectRef ref="sysid0"/>
+            </Itf>
+            <When neg="False">
+              <IntervalRef ref="sysid2"/>
+            </When>
+            <PolicyRuleOptions>
+              <Option name="stateless">False</Option>
+            </PolicyRuleOptions>
+          </PolicyRule>
+          <RuleSetOptions/>
+        </Policy>
+        <Routing id="id877" name="Routing" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <RuleSetOptions/>
         </Routing>
-        <Interface id="id758" dedicated_failover="False" dyn="True" label="outside" security_level="0" unnum="False" unprotected="False" name="ethernet0" comment="Created during import of  line 4" ro="False">
+        <Interface id="id879" dedicated_failover="False" dyn="True" label="outside" security_level="0" unnum="False" unprotected="False" name="ethernet0" comment="Created during import of  line 4" ro="False">
           <InterfaceOptions/>
         </Interface>
-        <Interface id="id760" dedicated_failover="False" dyn="False" label="inside" security_level="100" unnum="False" unprotected="False" name="ethernet1" comment="Created during import of  line 5" ro="False">
-          <IPv4 id="id761" name="test_fw:ethernet1:ip" comment="Created during import of  line 159" ro="False" address="10.1.1.202" netmask="255.255.255.0"/>
+        <Interface id="id881" dedicated_failover="False" dyn="False" label="inside" security_level="100" unnum="False" unprotected="False" name="ethernet1" comment="Created during import of  line 5" ro="False">
+          <IPv4 id="id882" name="test_fw:ethernet1:ip" comment="Created during import of  line 155" ro="False" address="10.1.1.202" netmask="255.255.255.0"/>
           <InterfaceOptions/>
         </Interface>
         <FirewallOptions>
@@ -1696,7 +1897,7 @@
         </FirewallOptions>
       </Firewall>
     </ObjectGroup>
-    <ObjectGroup id="id791" name="Clusters" comment="" ro="False"/>
-    <IntervalGroup id="id792" name="Time" comment="" ro="False"/>
+    <ObjectGroup id="id912" name="Clusters" comment="" ro="False"/>
+    <IntervalGroup id="id913" name="Time" comment="" ro="False"/>
   </Library>
 </FWObjectDatabase>
diff --git a/src/unit_tests/PIXImporterTest/test_data/pix6.output b/src/unit_tests/PIXImporterTest/test_data/pix6.output
index 1aefc836e..58df51ee6 100644
--- a/src/unit_tests/PIXImporterTest/test_data/pix6.output
+++ b/src/unit_tests/PIXImporterTest/test_data/pix6.output
@@ -14,10 +14,13 @@
 54: filtering rule: access list outside_acl_in, action deny
 55: Rule comment: 3 ( global ) 
 56: filtering rule: access list outside_acl_in, action permit
+57: filtering rule: access list outside_acl_in, action permit
 58: Rule comment: 4 ( global ) 
 59: Rule comment: fw uses DHCP 
 60: Rule comment: plus many DHCP requests 
 61: Rule comment: from cable modem 
+62: filtering rule: access list outside_acl_in, action permit
+63: filtering rule: access list outside_acl_in, action permit
 64: Rule comment: 6 ( global ) 
 65: filtering rule: access list outside_acl_in, action deny
 66: Rule comment: 7 ( global ) 
@@ -28,9 +31,11 @@
 71: Rule comment: need to limit 
 72: filtering rule: access list outside_acl_in, action permit
 73: filtering rule: access list outside_acl_in, action permit
+74: filtering rule: access list outside_acl_in, action permit
 75: Rule comment: 11 ( global ) 
 76: filtering rule: access list outside_acl_in, action permit
 77: filtering rule: access list outside_acl_in, action permit
+78: filtering rule: access list outside_acl_in, action permit
 79: Rule comment: 17 ( global ) 
 80: filtering rule: access list outside_acl_in, action permit
 81: filtering rule: access list outside_acl_in, action permit
@@ -40,12 +45,24 @@
 85: Rule comment: 1 ( global ) 
 86: filtering rule: access list inside_acl_in, action permit
 87: filtering rule: access list inside_acl_in, action permit
+88: Rule comment: 2 ( global ) 
+89: filtering rule: access list inside_acl_in, action permit
+90: filtering rule: access list inside_acl_in, action permit
+91: Rule comment: 3 ( global ) 
+92: filtering rule: access list inside_acl_in, action permit
 93: Rule comment: 5 ( global ) 
 94: filtering rule: access list inside_acl_in, action permit
 95: Rule comment: 6 ( global ) 
 96: filtering rule: access list inside_acl_in, action deny
 97: Rule comment: 7 ( global ) 
 98: filtering rule: access list inside_acl_in, action permit
+99: Rule comment: 10 ( global ) 
+100: Rule comment: using swatch to automatically 
+101: Rule comment: block probing ssh connections , so no 
+102: Rule comment: need to limit 
+103: filtering rule: access list inside_acl_in, action permit
+104: Rule comment: 11 ( global ) 
+105: filtering rule: access list inside_acl_in, action permit
 106: Rule comment: 17 ( global ) 
 107: filtering rule: access list inside_acl_in, action permit
 108: filtering rule: access list inside_acl_in, action permit
@@ -66,20 +83,26 @@
 123: filtering rule: access list id12670X2458.0, action permit
 124: filtering rule: access list id12684X2458.0, action permit
 125: filtering rule: access list id12743X2458.0, action permit
-127: Interface ethernet0 ruleset outside_acl_in direction 'in'
-128: Interface ethernet1 ruleset inside_acl_in direction 'in'
+136: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
+136: filtering rule: access list icmp_commands_outside, action permit
+137: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
+137: filtering rule: access list icmp_commands_outside, action permit
+138: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
+138: filtering rule: access list icmp_commands_outside, action permit
+139: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
+139: filtering rule: access list icmp_commands_outside, action permit
 140: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
 140: filtering rule: access list icmp_commands_outside, action permit
 141: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
 141: filtering rule: access list icmp_commands_outside, action permit
-142: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
-142: filtering rule: access list icmp_commands_outside, action permit
-143: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
-143: filtering rule: access list icmp_commands_outside, action permit
-144: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
-144: filtering rule: access list icmp_commands_outside, action permit
-145: Interface ethernet0 ruleset icmp_commands_outside direction 'in'
-145: filtering rule: access list icmp_commands_outside, action permit
+142: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
+142: filtering rule: access list icmp_commands_inside, action permit
+143: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
+143: filtering rule: access list icmp_commands_inside, action permit
+144: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
+144: filtering rule: access list icmp_commands_inside, action permit
+145: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
+145: filtering rule: access list icmp_commands_inside, action permit
 146: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
 146: filtering rule: access list icmp_commands_inside, action permit
 147: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
@@ -90,34 +113,28 @@
 149: filtering rule: access list icmp_commands_inside, action permit
 150: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
 150: filtering rule: access list icmp_commands_inside, action permit
-151: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
-151: filtering rule: access list icmp_commands_inside, action permit
-152: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
-152: filtering rule: access list icmp_commands_inside, action permit
-153: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
-153: filtering rule: access list icmp_commands_inside, action permit
-154: Interface ethernet1 ruleset icmp_commands_inside direction 'in'
-154: filtering rule: access list icmp_commands_inside, action permit
-156: Interface ethernet1 ruleset telnet_commands_inside direction 'in'
-156: filtering rule: access list telnet_commands_inside, action permit
-158: Interface ethernet1 ruleset ssh_commands_inside direction 'in'
-158: filtering rule: access list ssh_commands_inside, action permit
-159: Interface ethernet1 ruleset ssh_commands_inside direction 'in'
-159: filtering rule: access list ssh_commands_inside, action permit
-159: Interface address: dhcp/
-159: Interface address: 10.1.1.202/255.255.255.0
-170: Global address pool: number 1, interface outside, address range interface-interface, netmask 255.255.255.255 
-171: Source translation rule ("nat" command)
+152: Interface ethernet1 ruleset telnet_commands_inside direction 'in'
+152: filtering rule: access list telnet_commands_inside, action permit
+154: Interface ethernet1 ruleset ssh_commands_inside direction 'in'
+154: filtering rule: access list ssh_commands_inside, action permit
+155: Interface ethernet1 ruleset ssh_commands_inside direction 'in'
+155: filtering rule: access list ssh_commands_inside, action permit
+155: Interface address: dhcp/
+155: Interface address: 10.1.1.202/255.255.255.0
+166: Global address pool: number 1, interface outside, address range interface-interface, netmask 255.255.255.255 
+167: Source translation rule ("nat" command)
+168: Destination translation rule ("static" command)
+169: Destination translation rule ("static" command)
+170: Destination translation rule ("static" command)
+171: Destination translation rule ("static" command)
 172: Destination translation rule ("static" command)
 173: Destination translation rule ("static" command)
 174: Destination translation rule ("static" command)
 175: Destination translation rule ("static" command)
 176: Destination translation rule ("static" command)
-177: Destination translation rule ("static" command)
-178: Destination translation rule ("static" command)
-179: Destination translation rule ("static" command)
-180: Destination translation rule ("static" command)
-202: Interface ethernet1 ruleset http_commands_inside direction 'in'
-202: filtering rule: access list http_commands_inside, action permit
-203: Interface ethernet1 ruleset http_commands_inside direction 'in'
-203: filtering rule: access list http_commands_inside, action permit
+177: Interface ethernet0 ruleset outside_acl_in direction 'in'
+178: Interface ethernet1 ruleset inside_acl_in direction 'in'
+196: Interface ethernet1 ruleset http_commands_inside direction 'in'
+196: filtering rule: access list http_commands_inside, action permit
+197: Interface ethernet1 ruleset http_commands_inside direction 'in'
+197: filtering rule: access list http_commands_inside, action permit
diff --git a/src/unit_tests/PIXImporterTest/test_data/pix6.test b/src/unit_tests/PIXImporterTest/test_data/pix6.test
index 2e3686fe5..2b3794d1d 100755
--- a/src/unit_tests/PIXImporterTest/test_data/pix6.test
+++ b/src/unit_tests/PIXImporterTest/test_data/pix6.test
@@ -54,13 +54,13 @@ access-list outside_acl_in deny ip host 10.1.1.202 any log 5
 access-list outside_acl_in deny ip 10.1.1.0 255.255.255.0 any log 5 
 access-list outside_acl_in remark 3 (global)
 access-list outside_acl_in permit icmp any interface outside echo
-! access-list outside_acl_in permit icmp any interface outside object-group outside.id12363X2458.srv.icmp.0 
+access-list outside_acl_in permit icmp any interface outside object-group outside.id12363X2458.srv.icmp.0 
 access-list outside_acl_in remark 4 (global)
 access-list outside_acl_in remark fw uses DHCP
 access-list outside_acl_in remark plus many DHCP requests
 access-list outside_acl_in remark from cable modem
-! access-list outside_acl_in permit udp any interface outside object-group outside.id12376X2458.srv.udp.0 
-! access-list outside_acl_in permit udp any host 255.255.255.255 object-group outside.id12376X2458.srv.udp.0 
+access-list outside_acl_in permit udp any interface outside object-group outside.id12376X2458.srv.udp.0 
+access-list outside_acl_in permit udp any host 255.255.255.255 object-group outside.id12376X2458.srv.udp.0 
 access-list outside_acl_in remark 6 (global)
 access-list outside_acl_in deny tcp any interface outside eq ident 
 access-list outside_acl_in remark 7 (global)
@@ -71,11 +71,11 @@ access-list outside_acl_in remark block probing ssh connections, so no
 access-list outside_acl_in remark need to limit
 access-list outside_acl_in permit tcp any interface outside eq ssh 
 access-list outside_acl_in permit tcp any interface outside eq www 
-! access-list outside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 
+access-list outside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 
 access-list outside_acl_in remark 11 (global)
 access-list outside_acl_in permit tcp any interface outside eq 8765 
 access-list outside_acl_in permit tcp any interface outside eq 2222 
-! access-list outside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 
+access-list outside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 
 access-list outside_acl_in remark 17 (global)
 access-list outside_acl_in permit icmp any interface outside 
 access-list outside_acl_in permit icmp any any 
@@ -85,24 +85,24 @@ access-list outside_acl_in deny ip any any log 5
 access-list inside_acl_in remark 1 (global)
 access-list inside_acl_in permit tcp 10.1.1.0 255.255.255.0 host 10.1.1.202 eq www 
 access-list inside_acl_in permit udp 10.1.1.0 255.255.255.0 host 10.1.1.202 eq snmp 
-! access-list inside_acl_in remark 2 (global)
-! access-list inside_acl_in permit icmp host 10.1.1.202 host 10.1.1.202 object-group inside.id12349X2458.srv.icmp.0 
-! access-list inside_acl_in permit icmp host 10.1.1.202 any object-group inside.id12349X2458.srv.icmp.0 
-! access-list inside_acl_in remark 3 (global)
-! access-list inside_acl_in permit icmp any host 10.1.1.202 object-group outside.id12363X2458.srv.icmp.0 
+access-list inside_acl_in remark 2 (global)
+access-list inside_acl_in permit icmp host 10.1.1.202 host 10.1.1.202 object-group inside.id12349X2458.srv.icmp.0 
+access-list inside_acl_in permit icmp host 10.1.1.202 any object-group inside.id12349X2458.srv.icmp.0 
+access-list inside_acl_in remark 3 (global)
+access-list inside_acl_in permit icmp any host 10.1.1.202 object-group outside.id12363X2458.srv.icmp.0 
 access-list inside_acl_in remark 5 (global)
 access-list inside_acl_in permit ip host 10.1.1.202 any 
 access-list inside_acl_in remark 6 (global)
 access-list inside_acl_in deny tcp any host 10.1.1.202 eq ident 
 access-list inside_acl_in remark 7 (global)
 access-list inside_acl_in permit tcp any host 10.1.1.10 eq smtp 
-! access-list inside_acl_in remark 10 (global)
-! access-list inside_acl_in remark using swatch to automatically
-! access-list inside_acl_in remark block probing ssh connections, so no
-! access-list inside_acl_in remark need to limit
-! access-list inside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 
-! access-list inside_acl_in remark 11 (global)
-! access-list inside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 
+access-list inside_acl_in remark 10 (global)
+access-list inside_acl_in remark using swatch to automatically
+access-list inside_acl_in remark block probing ssh connections, so no
+access-list inside_acl_in remark need to limit
+access-list inside_acl_in permit tcp any host 10.1.1.43 object-group outside.id12438X2458.srv.tcp.0 
+access-list inside_acl_in remark 11 (global)
+access-list inside_acl_in permit tcp any host 10.1.1.46 object-group outside.id12466X2458.srv.tcp.0 
 access-list inside_acl_in remark 17 (global)
 access-list inside_acl_in permit icmp any host 10.1.1.202 
 access-list inside_acl_in permit icmp any any 
@@ -123,10 +123,6 @@ access-list id12656X2458.0 permit tcp host 10.1.1.46 eq 8765 any
 access-list id12670X2458.0 permit tcp host 10.1.1.32 eq 5900 any 
 access-list id12684X2458.0 permit tcp host 10.1.1.102 eq 5901 any 
 access-list id12743X2458.0 permit ip 10.1.1.0 255.255.255.0 any 
-
-access-group outside_acl_in in interface outside
-access-group inside_acl_in in interface inside
-
 no pager
 logging on
 logging timestamp
@@ -178,10 +174,8 @@ static (inside,outside) tcp interface 2222 access-list id12642X2458.0 0 0
 static (inside,outside) tcp interface 8765 access-list id12656X2458.0 0 0 
 static (inside,outside) tcp interface 5900 access-list id12670X2458.0 0 0 
 static (inside,outside) tcp interface 5901 access-list id12684X2458.0 0 0 
-
-! access-group outside_acl_in in interface outside
-! access-group inside_acl_in in interface inside
-
+access-group outside_acl_in in interface outside
+access-group inside_acl_in in interface inside
 timeout xlate 3:00:00
 timeout conn 1:00:00 half-closed 0:00:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
 timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:00:00