diff --git a/doc/ChangeLog b/doc/ChangeLog
index 9b000041f..9dd38d03d 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,9 @@
+2011-11-08  Vadim Kurland  <vadim@netcitadel.com>
+
+	* PolicyCompiler_ipfw_writers.cpp (PrintRule::_printAddr): fixed
+	SF bug #3426843 "ipfw doesn't work for self-reference, in
+	5.0.0.3568 version".
+
 2011-10-19  Vadim Kurland  <vadim@netcitadel.com>
 
 	* PolicyCompiler_pix.cpp (AddressRangesIfTcpServiceToFW::processNext): 
diff --git a/src/pflib/PolicyCompiler_ipfw.h b/src/pflib/PolicyCompiler_ipfw.h
index e62ae831f..04b7ec3e3 100644
--- a/src/pflib/PolicyCompiler_ipfw.h
+++ b/src/pflib/PolicyCompiler_ipfw.h
@@ -220,7 +220,7 @@ namespace fwcompiler {
             virtual std::string _printPort(int rs,int re,bool neg=false);
             virtual void _printProtocol(libfwbuilder::Service *srv);
             virtual void _printAction(libfwbuilder::PolicyRule *r);
-            virtual void _printAddr(libfwbuilder::Address  *o,bool neg=false);
+            virtual void _printAddr(libfwbuilder::FWObject  *o,bool neg=false);
             virtual void _printDirection(libfwbuilder::PolicyRule *r);
             virtual void _printOppositeDirection(libfwbuilder::PolicyRule *r);
             virtual void _printInterface(libfwbuilder::PolicyRule *r);
diff --git a/src/pflib/PolicyCompiler_ipfw_writers.cpp b/src/pflib/PolicyCompiler_ipfw_writers.cpp
index a7bb29ce5..912201686 100644
--- a/src/pflib/PolicyCompiler_ipfw_writers.cpp
+++ b/src/pflib/PolicyCompiler_ipfw_writers.cpp
@@ -249,14 +249,18 @@ void PolicyCompiler_ipfw::PrintRule::_printAction(PolicyRule *rule)
  *  not print interface name for dynamic interface ('cause ipfilter
  *  does not support it)
  */
-void PolicyCompiler_ipfw::PrintRule::_printAddr(Address  *o,bool neg)
+void PolicyCompiler_ipfw::PrintRule::_printAddr(FWObject *o, bool neg)
 {
+
     if (o->getId()==compiler->fw->getId())
     {
         compiler->output << "me ";
         return;
     }
 
+    Address *addr_obj = Address::cast(o);
+    assert(addr_obj!=NULL);
+
     MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
     if (atrt!=NULL)
     {
@@ -273,19 +277,19 @@ void PolicyCompiler_ipfw::PrintRule::_printAddr(Address  *o,bool neg)
         assert(atrt==NULL);
     }
 
-    const InetAddr *addr = o->getAddressPtr();
+    const InetAddr *addr = addr_obj->getAddressPtr();
     if (Interface::cast(o)!=NULL && addr==NULL)
     {
         compiler->output << "me ";
     }
     if (addr)
     {
-        InetAddr mask = *(o->getNetmaskPtr());
+        InetAddr mask = *(addr_obj->getNetmaskPtr());
 
         if (Interface::cast(o)!=NULL)
             mask = InetAddr(InetAddr::getAllOnes());
 
-        if (o->dimension()==1)
+        if (addr_obj->dimension()==1)
             mask = InetAddr(InetAddr::getAllOnes());
 
         if (addr->isAny() && mask.isAny()) 
diff --git a/src/res/help/en_US/release_notes_5.0.1.html b/src/res/help/en_US/release_notes_5.0.1.html
index 10bcce9dc..1f1842c51 100644
--- a/src/res/help/en_US/release_notes_5.0.1.html
+++ b/src/res/help/en_US/release_notes_5.0.1.html
@@ -330,6 +330,21 @@
 </ul>
 
 
+<!-- ######################################################################### -->
+<a name="ipfw"></a>
+<h2>Changes in support for ipfw</h2>
+
+<ul>
+
+  <li>
+    <p>
+      fixed SF bug #3426843 "ipfw doesn't work for self-reference, in
+      5.0.0.3568 version".
+    </p>
+  </li>
+</ul>
+
+
 <!-- ######################################################################### -->
 <a name="pix"></a>
 <h2>Changes in support for Cisco ASA (PIX, FWSM)</h2>