diff --git a/VERSION b/VERSION
index 58c5e455f..62044b3ca 100644
--- a/VERSION
+++ b/VERSION
@@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3509"
+BUILD_NUM="3510"
 
 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"
 
diff --git a/VERSION.h b/VERSION.h
index ec4c77558..fc6482d3f 100644
--- a/VERSION.h
+++ b/VERSION.h
@@ -1,2 +1,2 @@
-#define VERSION      "4.2.0.3509"
+#define VERSION      "4.2.0.3510"
 #define GENERATION   "4.2"
diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec
index e0bf64f8a..050733108 100644
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@@ -3,7 +3,7 @@
 
 
 %define name    fwbuilder
-%define version 4.2.0.3509
+%define version 4.2.0.3510
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control
index e3ad43df4..86247b085 100644
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
 Priority: extra
 Section: checkinstall
 Maintainer: vadim@fwbuilder.org
-Version: 4.2.0.3509-1
+Version: 4.2.0.3510-1
 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
 Description: Firewall Builder GUI and policy compilers
diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec
index dd071b408..53c4eafd1 100644
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@@ -1,6 +1,6 @@
 
 %define name    fwbuilder
-%define version 4.2.0.3509
+%define version 4.2.0.3510
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/src/import/PIXImporter.cpp b/src/import/PIXImporter.cpp
index cd1c94b79..39d3d83a5 100644
--- a/src/import/PIXImporter.cpp
+++ b/src/import/PIXImporter.cpp
@@ -249,6 +249,14 @@ void PIXImporter::rearrangeVlanInterfaces()
 
 }
 
+bool compare_ruleset_names(string a, string b)
+{
+    if (a.find("ssh_commands") == 0) return true;
+    if (a.find("telnet_commands") == 0) return true;
+    if (a.find("icmp_commands") == 0) return true;
+    return a < b;
+}
+
 Firewall* PIXImporter::finalize()
 {
     // scan all UnidirectionalRuleSet objects, set interface and
@@ -282,10 +290,21 @@ Firewall* PIXImporter::finalize()
                 qDebug() << "all_rulesets.size()=" << all_rulesets.size();
             }
 
+            list<string> ruleset_names;
             std::map<const std::string,UnidirectionalRuleSet*>::iterator i;
             for (i=all_rulesets.begin(); i!=all_rulesets.end(); ++i)
             {
-                UnidirectionalRuleSet *irs = (*i).second;
+                ruleset_names.push_back((*i).first);
+            }
+
+            // sort rule sets by name, making sure "ssh_commands_*",
+            // "telnet_commands_*" and "icmp_commands_*" stay on top
+            ruleset_names.sort(compare_ruleset_names);
+
+            list<string>::iterator it;
+            for (it=ruleset_names.begin(); it!=ruleset_names.end(); ++it)
+            {
+                UnidirectionalRuleSet *irs = all_rulesets[*it];
 
                 if (fwbdebug)
                 {