diff --git a/VERSION b/VERSION
index 88a58f763..75b79a56d 100644
--- a/VERSION
+++ b/VERSION
@@ -7,7 +7,7 @@ FWB_MICRO_VERSION=0
 # build number is like "nano" version number. I am incrementing build
 # number during development cycle
 #
-BUILD_NUM="3544"
+BUILD_NUM="3546"
 
 VERSION="$FWB_MAJOR_VERSION.$FWB_MINOR_VERSION.$FWB_MICRO_VERSION.$BUILD_NUM"
 
diff --git a/VERSION.h b/VERSION.h
index 8965f5512..fd6fc5669 100644
--- a/VERSION.h
+++ b/VERSION.h
@@ -1,2 +1,2 @@
-#define VERSION      "4.3.0.3544"
+#define VERSION      "4.3.0.3546"
 #define GENERATION   "4.3"
diff --git a/doc/ChangeLog b/doc/ChangeLog
index eb2a9a7d8..b32a29a6c 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,15 @@
+2011-05-26  Vadim Kurland  <vadim@netcitadel.com>
+
+	* PolicyCompiler_pf.cpp (compile): see #2434 "PF compiler should
+	use 'self' keyword where appropriate". Compiler for PF now uses
+	keyword 'self' in rules where firewall object is used in Source
+	or Destination.
+
+	* fwcompiler/Compiler.cpp (processNext): added rule processor to
+	replace firewall object with special run-time object "self" in
+	Source and Destination rule elements. This rule processor can
+	be used in policy compilers for any platform.
+
 2011-05-17  vadim  <vadim@netcitadel.com>
 
 	* FWObjectDatabase_tree_ops.cpp (merge): see #2420 "Crash when
diff --git a/packaging/fwbuilder-static-qt.spec b/packaging/fwbuilder-static-qt.spec
index b7b3f2899..eb8926a14 100644
--- a/packaging/fwbuilder-static-qt.spec
+++ b/packaging/fwbuilder-static-qt.spec
@@ -3,7 +3,7 @@
 
 
 %define name    fwbuilder
-%define version 4.3.0.3544
+%define version 4.3.0.3546
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/packaging/fwbuilder.control b/packaging/fwbuilder.control
index 70231ebcb..2f198f267 100644
--- a/packaging/fwbuilder.control
+++ b/packaging/fwbuilder.control
@@ -4,6 +4,6 @@ Replaces: fwbuilder (<=4.1.1-1), fwbuilder-common, fwbuilder-bsd, fwbuilder-linu
 Priority: extra
 Section: checkinstall
 Maintainer: vadim@fwbuilder.org
-Version: 4.3.0.3544-1
+Version: 4.3.0.3546-1
 Depends: libqt4-gui (>= 4.3.0), libxml2, libxslt1.1, libsnmp | libsnmp15
 Description: Firewall Builder GUI and policy compilers
diff --git a/packaging/fwbuilder.spec b/packaging/fwbuilder.spec
index 3bc20f0d6..6ff33090d 100644
--- a/packaging/fwbuilder.spec
+++ b/packaging/fwbuilder.spec
@@ -1,6 +1,6 @@
 
 %define name    fwbuilder
-%define version 4.3.0.3544
+%define version 4.3.0.3546
 %define release 1
 
 %if "%_vendor" == "MandrakeSoft"
diff --git a/src/import/IPTImporter.h b/src/import/IPTImporter.h
index 77cce1d57..c3a2ca952 100644
--- a/src/import/IPTImporter.h
+++ b/src/import/IPTImporter.h
@@ -43,8 +43,6 @@
 #include <QMap>
 
 
-typedef std::pair<std::string,std::string> str_tuple;
-
 class IPTImporter : public Importer
 {
 
diff --git a/src/import/Importer.cpp b/src/import/Importer.cpp
index f6b8046d9..efdfcb366 100644
--- a/src/import/Importer.cpp
+++ b/src/import/Importer.cpp
@@ -34,6 +34,10 @@
 #include <ios>
 #include <iostream>
 #include <algorithm>
+#include <memory>
+
+#include "interfaceProperties.h"
+#include "interfacePropertiesObjectFactory.h"
 
 #include "fwbuilder/Address.h"
 #include "fwbuilder/AddressRange.h"
@@ -582,48 +586,38 @@ void Importer::setDstSelf()
     dst_a = "self";
 }    
 
-FWObject* Importer::makeSrcObj()
+FWObject* Importer::makeAddressObj(const std::string addr, const std::string netm)
 {
-    if (src_a == "self")
+    if (addr == "self")
     {
         return getFirewallObject();
     }
 
-    if ( (src_a=="" && src_nm=="") || 
-         (src_a==InetAddr::getAny().toString() &&
-          src_nm==InetAddr::getAny().toString()))
+    if ( (addr=="" && netm=="") || 
+         (addr==InetAddr::getAny().toString() &&
+          netm==InetAddr::getAny().toString()))
         return NULL;  // this is 'any'
 
-    if (src_nm=="") src_nm = InetAddr::getAllOnes().toString();
-
     ObjectSignature sig(error_tracker);
     sig.type_name = Address::TYPENAME;
-    sig.setAddress(src_a.c_str());
-    sig.setNetmask(src_nm.c_str(), address_maker->getInvertedNetmasks());
+    sig.setAddress(addr.c_str());
+    if (netm=="") 
+        sig.setNetmask(InetAddr::getAllOnes().toString().c_str(),
+                       address_maker->getInvertedNetmasks());
+    else
+        sig.setNetmask(netm.c_str(), address_maker->getInvertedNetmasks());
 
     return commitObject(address_maker->createObject(sig));
 }
 
+FWObject* Importer::makeSrcObj()
+{
+    return makeAddressObj(src_a, src_nm);
+}
+
 FWObject* Importer::makeDstObj()
 {
-    if (dst_a == "self")
-    {
-        return getFirewallObject();
-    }
-
-    if ( (dst_a=="" && dst_nm=="") || 
-         (dst_a==InetAddr::getAny().toString() &&
-          dst_nm==InetAddr::getAny().toString()))
-        return NULL;  // this is 'any'
-
-    if (dst_nm=="") dst_nm=InetAddr::getAllOnes().toString();
-
-    ObjectSignature sig(error_tracker);
-    sig.type_name = Address::TYPENAME;
-    sig.setAddress(dst_a.c_str());
-    sig.setNetmask(dst_nm.c_str(), address_maker->getInvertedNetmasks());
-
-    return commitObject(address_maker->createObject(sig));
+    return makeAddressObj(dst_a, dst_nm);
 }
 
 FWObject* Importer::makeSrvObj()
@@ -933,3 +927,61 @@ FWObject* Importer::commitObject(FWObject *obj)
     return obj;
 }
 
+/*
+ * Rearrange vlan interfaces. Importer creates all interfaces as
+ * children of the firewall. Vlan interfaces should become
+ * subinterfaces of the corresponding physical interfaces.
+ */
+void Importer::rearrangeVlanInterfaces()
+{
+    std::auto_ptr<interfaceProperties> int_prop(
+        interfacePropertiesObjectFactory::getInterfacePropertiesObject(
+            getFirewallObject()));
+
+    list<FWObject*> all_interface_objects =
+        getFirewallObject()->getByTypeDeep(Interface::TYPENAME);
+    list<FWObject*> vlans;
+    list<FWObject*>::iterator it;
+    for (it=all_interface_objects.begin(); it!=all_interface_objects.end(); ++it)
+    {
+        Interface *intf = Interface::cast(*it);
+        FWOptions *ifopt = intf->getOptionsObject();
+        
+        if (int_prop->looksLikeVlanInterface(intf->getName().c_str()) &&
+            ifopt->getStr("type")=="8021q")
+        {
+            qDebug() << "Found vlan interface" << intf->getName().c_str();
+            vlans.push_back(intf);
+        }
+    }
+
+    for (it=vlans.begin(); it!=vlans.end(); ++it)
+    {
+        Interface *vlan_intf = Interface::cast(*it);
+
+        qDebug() << "VLAN " << vlan_intf->getName().c_str();
+
+        QString base_name;
+        int vlan_id;
+        int_prop->parseVlan(vlan_intf->getName().c_str(), &base_name, &vlan_id);
+
+        qDebug() << "base name" << base_name;
+
+        if ( ! base_name.isEmpty())
+        {
+            getFirewallObject()->remove(vlan_intf, false); // do not delete
+
+            list<FWObject*>::iterator it2;
+            for (it2=all_interface_objects.begin(); it2!=all_interface_objects.end(); ++it2)
+            {
+                if (base_name == (*it2)->getName().c_str())
+                {
+                    (*it2)->add(vlan_intf, false);
+                    break;
+                }
+            }
+        }
+    }
+
+}
+
diff --git a/src/import/Importer.h b/src/import/Importer.h
index 344162517..7aced0e2c 100644
--- a/src/import/Importer.h
+++ b/src/import/Importer.h
@@ -43,6 +43,9 @@
 
 #include <QString>
 
+typedef std::pair<std::string,std::string> str_tuple;
+typedef std::vector<std::string> str_vector;
+
 
 class Importer;
 
@@ -179,6 +182,9 @@ protected:
     virtual libfwbuilder::FWObject* createGroupOfInterfaces(
         const std::string &ruleset_name, std::list<std::string> &interfaces);
 
+    virtual libfwbuilder::FWObject* makeAddressObj(const std::string addr,
+                                                   const std::string netm);
+    
     virtual libfwbuilder::FWObject* makeSrcObj();
     virtual libfwbuilder::FWObject* makeDstObj();
     virtual libfwbuilder::FWObject* makeSrvObj();
@@ -363,6 +369,10 @@ public:
 
     void addMessageToLog(const std::string &msg);
     void addMessageToLog(const QString &msg);
+
+    
+    void rearrangeVlanInterfaces();
+
 };
 
 #endif
diff --git a/src/import/PFImporter.cpp b/src/import/PFImporter.cpp
new file mode 100644
index 000000000..6aaff2f19
--- /dev/null
+++ b/src/import/PFImporter.cpp
@@ -0,0 +1,495 @@
+/*
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+#include "../../config.h"
+
+#include "PFImporter.h"
+
+#include <ios>
+#include <iostream>
+#include <algorithm>
+#include <memory>
+
+#include "interfaceProperties.h"
+#include "interfacePropertiesObjectFactory.h"
+
+#include "fwbuilder/FWObjectDatabase.h"
+#include "fwbuilder/AddressRange.h"
+#include "fwbuilder/AddressTable.h"
+#include "fwbuilder/Resources.h"
+#include "fwbuilder/Network.h"
+#include "fwbuilder/Address.h"
+#include "fwbuilder/InetAddr.h"
+#include "fwbuilder/IPService.h"
+#include "fwbuilder/ICMPService.h"
+#include "fwbuilder/TCPService.h"
+#include "fwbuilder/UDPService.h"
+#include "fwbuilder/Policy.h"
+#include "fwbuilder/RuleElement.h"
+#include "fwbuilder/Library.h"
+#include "fwbuilder/TCPUDPService.h"
+
+#include "../libgui/platforms.h"
+
+#include <QString>
+#include <QtDebug>
+
+extern int fwbdebug;
+
+// TODO: this should move to some common library, together with
+// getVersionsForPlatform() it uses. Currently these functions are
+// defined in libgui/platforms.cpp
+
+extern QString findBestVersionMatch(const QString &platform,
+                                    const QString &discovered_version);
+
+using namespace std;
+using namespace libfwbuilder;
+
+
+PFImporter::PFImporter(FWObject *lib,
+                         std::istringstream &input,
+                         Logger *log,
+                         const std::string &fwname) :
+    Importer(lib, "pf", input, log, fwname)
+{
+    setPlatform("pf");
+    address_maker->setInvertedNetmasks(false);
+}
+
+PFImporter::~PFImporter()
+{
+}
+
+void PFImporter::clear()
+{
+    rule_type = NATRule::Unknown;
+    quick = false;
+
+    direction = "";
+    address_family = "";
+
+    iface_group.clear();
+    proto_list.clear();
+    tmp_group.clear();
+    src_group.clear();
+    dst_group.clear();
+
+    src_neg = false;
+    dst_neg = false;
+    tmp_neg = false;
+
+    tmp_port_def = "";
+    tmp_port_op = "";
+    src_port_group.clear();
+    dst_port_group.clear();
+    tmp_port_group.clear();
+
+    icmp_type_code_group.clear();
+
+    queue = "";
+    state_op = "";
+    logopts = "";
+    flags_check = "";
+    flags_mask = "";
+    tag = "";
+    tagged = "";
+
+    route_type = UNKNOWN;
+    route_group.clear();
+
+    Importer::clear();
+}
+
+void PFImporter::clearTempVars()
+{
+    Importer::clear();
+}
+
+void PFImporter::addSrc()
+{
+    PolicyRule *rule = PolicyRule::cast(current_rule);
+    RuleElement *re = rule->getSrc();
+
+    list<AddressSpec>::iterator it;
+    for (it=src_group.begin(); it!=src_group.end(); ++it)
+    {
+        FWObject *obj = makeAddressObj(*it);
+        if (obj) re->addRef(obj);
+    }
+}
+
+void PFImporter::addDst()
+{
+    PolicyRule *rule = PolicyRule::cast(current_rule);
+    RuleElement *re = rule->getDst();
+
+    list<AddressSpec>::iterator it;
+    for (it=dst_group.begin(); it!=dst_group.end(); ++it)
+    {
+        FWObject *obj = makeAddressObj(*it);
+        if (obj) re->addRef(obj);
+    }
+}
+
+void PFImporter::addSrv()
+{
+    PolicyRule *rule = PolicyRule::cast(current_rule);
+    RuleElement *re = rule->getSrv();
+
+    // list<AddressSpec>::iterator it;
+    // for (it=dst_group.begin(); it!=dst_group.end(); ++it)
+    // {
+    //     FWObject *obj = makeAddressObj(*it);
+    //     if (obj) re->addRef(obj);
+    // }
+}
+
+FWObject* PFImporter::makeAddressObj(AddressSpec &as)
+{
+    if (as.at == AddressSpec::ANY) return NULL;
+
+    if (as.at == AddressSpec::INTERFACE_NAME)
+    {
+        Interface *intf = getInterfaceByName(as.address);
+        assert(intf!=NULL);
+        return intf;
+    }
+
+    if (as.at == AddressSpec::HOST_ADDRESS)
+    {
+        return Importer::makeAddressObj(as.address, "");
+    }
+
+    if (as.at == AddressSpec::NETWORK_ADDRESS)
+    {
+        return Importer::makeAddressObj(as.address, as.netmask);
+    }
+
+    if (as.at == AddressSpec::SPECIAL_ADDRESS)
+    {
+        if (as.address == "self") return getFirewallObject();
+        {
+            addMessageToLog(
+                QObject::tr("Warning: matching '%1' is not supported")
+                .arg(as.address.c_str()));
+            return NULL;
+        }
+    }
+
+    if (as.at == AddressSpec::TABLE)
+    {
+        return address_table_registry[as.address.c_str()];
+    }
+}
+
+void PFImporter::addLogging()
+{
+    PolicyRule *rule = PolicyRule::cast(current_rule);
+    FWOptions *ropt = rule->getOptionsObject();
+
+/*
+  alerts         Immediate action needed           (severity=1)
+  critical       Critical conditions               (severity=2)
+  debugging      Debugging messages                (severity=7)
+  disable        Disable log option on this ACL element, (no log at all)
+  emergencies    System is unusable                (severity=0)
+  errors         Error conditions                  (severity=3)
+  inactive       Keyword for disabling an ACL element
+  informational  Informational messages            (severity=6)
+  interval       Configure log interval, default value is 300 sec
+  notifications  Normal but significant conditions (severity=5)
+  warnings       Warning conditions                (severity=4)
+*/
+    QMap<QString, QString> logging_levels;
+
+    logging_levels["alerts"] = "alert";
+    logging_levels["critical"] = "crit";
+    logging_levels["debugging"] = "debug";
+    logging_levels["emergencies"] = "";
+    logging_levels["errors"] = "error";
+    logging_levels["informational"] = "info";
+    logging_levels["notifications"] = "notice";
+    logging_levels["warnings"] = "warning";
+    logging_levels["0"] = "";
+    logging_levels["1"] = "alert";
+    logging_levels["2"] = "crit";
+    logging_levels["3"] = "error";
+    logging_levels["4"] = "warning";
+    logging_levels["5"] = "notice";
+    logging_levels["6"] = "info";
+    logging_levels["7"] = "debug";
+
+    // QStringList log_levels = getLogLevels("pix");
+
+    rule->setLogging(logging);
+
+    QString log_level_qs = log_level.c_str();
+    if ( ! log_level_qs.isEmpty())
+    {
+        if (logging_levels.count(log_level_qs) != 0)
+            ropt->setStr("log_level", logging_levels[log_level_qs].toStdString());
+        else
+            ropt->setStr("log_level", log_level);
+
+        if (log_level_qs == "disable" || log_level_qs == "inactive")
+            ropt->setBool("disable_logging_for_this_rule", true);
+    }
+
+    if ( ! log_interval.empty())
+    {
+        bool ok = false;
+        int log_interval_int = QString(log_interval.c_str()).toInt(&ok);
+        if (ok)
+            ropt->setInt("log_interval", log_interval_int);
+    }
+}
+
+
+void PFImporter::pushRule()
+{
+    if (rule_type == NATRule::Unknown)
+        pushPolicyRule();
+    else
+        pushNATRule();
+
+    assert(current_rule!=NULL);
+
+    if (error_tracker->hasErrors())
+    {
+        QStringList err = error_tracker->getErrors();
+        addMessageToLog("Error: " + err.join("\n"));
+        markCurrentRuleBad();
+    }
+
+    current_rule = NULL;
+    rule_comment = "";
+
+    clear();
+
+}
+
+void PFImporter::pushPolicyRule()
+{
+    RuleSet *ruleset = RuleSet::cast(
+        getFirewallObject()->getFirstByType(Policy::TYPENAME));
+
+    assert(current_rule!=NULL);
+    // populate all elements of the rule
+
+    // Note that standard function
+    // setInterfaceAndDirectionForRuleSet() assumes there is only one
+    // interface, but here we can have a group.  Information about
+    // interfaces (even if there is only one) is stored in the list
+    // iface_group
+    // 
+    // importer->setInterfaceAndDirectionForRuleSet(
+    //    "", importer->iface, importer->direction);
+
+    QString message_str = 
+        QString("filtering rule: action %1; interfaces: %2");
+    
+    PolicyRule *rule = PolicyRule::cast(current_rule);
+
+    FWOptions  *ropt = current_rule->getOptionsObject();
+    assert(ropt!=NULL);
+
+    if (action=="pass")
+    {
+        if (quick)
+            rule->setAction(PolicyRule::Accept);
+        else
+            rule->setAction(PolicyRule::Continue);
+        ropt->setBool("stateless", false);
+    }
+
+    if (action=="drop")
+    {
+        rule->setAction(PolicyRule::Deny);
+        ropt->setBool("stateless", true);
+    }
+
+    if (direction == "in") rule->setDirection(PolicyRule::Inbound);
+    if (direction == "out") rule->setDirection(PolicyRule::Outbound);
+    if (direction == "") rule->setDirection(PolicyRule::Both);
+
+    QStringList interfaces;
+    list<InterfaceSpec>::iterator it;
+    for (it=iface_group.begin(); it!=iface_group.end(); ++it)
+    {
+        Interface *intf = getInterfaceByName(it->name);
+        assert(intf!=NULL);
+        RuleElement *re =rule->getItf();
+        re->addRef(intf);
+        interfaces << it->name.c_str();
+    }
+
+    /*
+     * Set state-related rule options using variable state_op
+     */
+
+
+    /*
+     * Set tagging rule option using variable tag
+     */
+
+    /*
+     * Set queueing rule option using variable queue
+     */
+
+
+
+    /*
+     * Protocols are in proto_list
+     * Source addresses are in src_group
+     * Destination addresses are in dst_group
+     */
+
+    addSrc();
+    addDst();
+    addSrv();
+
+    /*
+     * Set logging options using variables logging and logopts
+     */
+    addLogging();
+
+    // then add it to the current ruleset
+    ruleset->add(current_rule);
+
+    addStandardImportComment(
+        current_rule, QString::fromUtf8(rule_comment.c_str()));
+
+    addMessageToLog(message_str.arg(action.c_str()).arg(interfaces.join(",")));
+
+
+}
+ 
+void PFImporter::pushNATRule()
+{
+    RuleSet *ruleset = RuleSet::cast(
+        getFirewallObject()->getFirstByType(NAT::TYPENAME));
+
+    assert(current_rule!=NULL);
+}
+
+Firewall* PFImporter::finalize()
+{
+    // scan all UnidirectionalRuleSet objects, set interface and
+    // direction in all rules of corresponding RuleSet and merge all
+    // UnidirectionalRuleSet into one RuleSet object. Attach this
+    // object to the firewall.
+
+    if (fwbdebug) qDebug("PFImporter::finalize()");
+
+    if (haveFirewallObject())
+    {
+        Firewall *fw = Firewall::cast(getFirewallObject());
+
+        // We can not "discover" host OS just by reading pf.conf file.
+        // Assume FreeBSD
+
+        fw->setStr("platform", "pf");
+
+        string host_os = "freebsd";
+
+        fw->setStr("host_OS", host_os);
+        Resources::setDefaultTargetOptions(host_os , fw);
+
+        // We may be able to infer at least something about the version
+        // from the pf.conf file in the future.
+        string version = findBestVersionMatch(
+            "pf", discovered_version.c_str()).toStdString();
+
+        if ( ! version.empty()) fw->setStr("version", version);
+
+        rearrangeVlanInterfaces();
+
+        list<FWObject*> l1 = fw->getByType(Policy::TYPENAME);
+        for (list<FWObject*>::iterator i=l1.begin(); i!=l1.end(); ++i)
+        {
+            RuleSet *rs = RuleSet::cast(*i);
+            rs->renumberRules();
+        }
+
+        // Deal with NAT ruleset
+        list<FWObject*> l2 = fw->getByType(NAT::TYPENAME);
+        for (list<FWObject*>::iterator i=l2.begin(); i!=l2.end(); ++i)
+        {
+            RuleSet *rs = RuleSet::cast(*i);
+            rs->renumberRules();
+        }
+
+        return fw;
+    }
+    else
+    {
+        return NULL;
+    }
+}
+
+Interface* PFImporter::getInterfaceByName(const string &name)
+{
+    map<const string,Interface*>::iterator it;
+    for (it=all_interfaces.begin(); it!=all_interfaces.end(); ++it)
+    {
+        Interface *intf = it->second;
+        if (intf->getName() == name)
+        {
+            return intf;
+        }
+    }
+    return NULL;
+}
+    
+void PFImporter::newAddressTableObject(const string &name, const string &file)
+{
+    ObjectMaker maker(Library::cast(library), error_tracker);
+    AddressTable *at =  AddressTable::cast(
+        commitObject(maker.createObject(AddressTable::TYPENAME, name.c_str())));
+    assert(at!=NULL);
+    at->setRunTime(true);
+    at->setSourceName(file);
+    address_table_registry[name.c_str()] = at;
+
+    addMessageToLog(QString("Address Table: <%1> file %2")
+                    .arg(name.c_str()).arg(file.c_str()));
+}
+
+void PFImporter::newAddressTableObject(const string &name,
+                                       list<AddressSpec> &addresses)
+{
+    ObjectMaker maker(Library::cast(library), error_tracker);
+    FWObject *og =  
+        commitObject(maker.createObject(ObjectGroup::TYPENAME, name.c_str()));
+    assert(og!=NULL);
+    address_table_registry[name.c_str()] = og;
+
+    list<AddressSpec>::iterator it;
+    for (it=addresses.begin(); it!=addresses.end(); ++it)
+    {
+        FWObject *obj = makeAddressObj(*it);
+        if (obj) og->addRef(obj);
+    }
+}
+
diff --git a/src/import/PFImporter.h b/src/import/PFImporter.h
new file mode 100644
index 000000000..cc092f89a
--- /dev/null
+++ b/src/import/PFImporter.h
@@ -0,0 +1,234 @@
+/* 
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+ 
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+
+#ifndef _FWB_POLICY_IMPORTER_PF_H_
+#define _FWB_POLICY_IMPORTER_PF_H_
+
+#include <map>
+#include <list>
+#include <string>
+#include <functional>
+#include <sstream>
+
+#include "IOSImporter.h"
+
+#include "fwbuilder/libfwbuilder-config.h"
+#include "fwbuilder/Logger.h"
+#include "fwbuilder/Rule.h"
+#include "fwbuilder/NAT.h"
+
+#include <QString>
+
+
+class InterfaceSpec
+{
+public:
+
+    bool neg;
+    std::string name;
+
+    InterfaceSpec()
+    { neg = false; name = ""; }
+
+    InterfaceSpec(const InterfaceSpec &other)
+    {
+        neg = other.neg;
+        name = other.name;
+    }
+    
+    InterfaceSpec(bool _neg, const std::string _name)
+    { neg = _neg; name = _name; }
+};
+
+
+
+class AddressSpec
+{
+public:
+    
+    typedef enum {
+        UNKNOWN,
+        ANY,
+        HOST_NAME,
+        HOST_ADDRESS,
+        NETWORK_ADDRESS,
+        SPECIAL_ADDRESS,
+        INTERFACE_NAME,
+        TABLE } address_type;
+
+    address_type at;
+    bool neg;
+    std::string address;
+    std::string netmask;
+
+    AddressSpec()
+    { at = UNKNOWN; neg = false;  address = ""; netmask = ""; }
+
+    AddressSpec(const AddressSpec &other)
+    {
+        at = other.at;
+        neg = other.neg;
+        address = other.address;
+        netmask = other.netmask;
+    }
+    
+    AddressSpec(address_type _at, bool _neg, const std::string _addr, const std::string _nm)
+    { at = _at; neg= _neg; address = _addr; netmask = _nm; }
+};
+
+
+class PortSpec
+{
+public:
+    std::string port1;
+    std::string port2;
+    std::string port_op;
+
+    PortSpec()
+    { port1 = ""; port2 = ""; port_op = ""; }
+
+    PortSpec(const PortSpec &other)
+    {
+        port1 = other.port1;
+        port2 = other.port2;
+        port_op = other.port_op;
+    }
+    
+    PortSpec(const std::string s1, const std::string s2, const std::string s3)
+    { port1 = s1; port2 = s2; port_op = s3; }
+};
+
+
+class RouteSpec
+{
+public:
+    
+    std::string iface;
+    std::string address;
+    std::string netmask;
+
+    RouteSpec()
+    { iface = ""; address = ""; netmask = ""; }
+
+    RouteSpec(const RouteSpec &other)
+    {
+        iface = other.iface;
+        address = other.address;
+        netmask = other.netmask;
+    }
+    
+    RouteSpec(const std::string _iface,
+              const std::string _addr, const std::string _nm)
+    { iface = _iface; address = _addr; netmask = _nm; }
+};
+
+
+
+
+class PFImporter : public Importer
+{
+    
+public:
+
+    typedef enum {
+        UNKNOWN,
+        ROUTE_TO,
+        REPLY_TO,
+        DUP_TO} route_op_type;
+    
+    QMap<QString,libfwbuilder::FWObject*> address_table_registry;
+
+    std::string direction;
+    std::string address_family;
+    bool quick;
+    bool src_neg;
+    bool dst_neg;
+    bool tmp_neg;
+
+    std::list<InterfaceSpec> iface_group;
+    
+    std::list<std::string> proto_list;
+    std::list< AddressSpec > src_group;
+    std::list< AddressSpec > dst_group;
+    std::list< AddressSpec > tmp_group;
+
+    std::string tmp_port_op;
+    std::string tmp_port_def;
+    std::list< PortSpec > src_port_group;
+    std::list< PortSpec > dst_port_group;
+    std::list< PortSpec > tmp_port_group;
+
+    std::list<str_tuple>  icmp_type_code_group;
+
+    route_op_type route_type;
+    std::list<RouteSpec> route_group;
+    
+    std::string queue;
+    std::string state_op;
+    std::string logopts;
+    std::string flags_check;
+    std::string flags_mask;
+    std::string tag;
+    std::string tagged;
+    
+    libfwbuilder::NATRule::NATRuleTypes rule_type;
+    
+    PFImporter(libfwbuilder::FWObject *lib,
+                std::istringstream &input,
+                libfwbuilder::Logger *log,
+                const std::string &fwname);
+    ~PFImporter();
+
+    virtual void clear();
+
+    void clearTempVars();
+    
+    virtual void run();
+
+    void pushPolicyRule();
+    void pushNATRule();
+    void buildDNATRule();
+    void buildSNATRule();
+    virtual void pushRule();
+    
+    // this method actually adds interfaces to the firewall object
+    // and does final clean up.
+    virtual libfwbuilder::Firewall* finalize();
+
+    virtual libfwbuilder::FWObject* makeAddressObj(AddressSpec &as);
+    
+    virtual void addSrc();
+    virtual void addDst();
+    virtual void addSrv();
+
+    virtual void addLogging();
+
+    libfwbuilder::Interface* getInterfaceByName(const std::string &name);
+
+    void newAddressTableObject(const std::string &name, const std::string &file);
+    void newAddressTableObject(const std::string &name,
+                               std::list<AddressSpec> &addresses);
+};
+
+#endif
diff --git a/src/import/PFImporterRun.cpp b/src/import/PFImporterRun.cpp
new file mode 100644
index 000000000..98fe1e801
--- /dev/null
+++ b/src/import/PFImporterRun.cpp
@@ -0,0 +1,171 @@
+/*
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+#include "../../config.h"
+
+#include "PFImporter.h"
+
+#include <QString>
+#include <QStringList>
+#include <QRegExp>
+#include <QtDebug>
+
+#include <ios>
+#include <iostream>
+#include <algorithm>
+
+#include <antlr/ANTLRException.hpp>
+
+#include "../parsers/PFCfgLexer.hpp"
+#include "../parsers/PFCfgParser.hpp"
+
+extern int fwbdebug;
+
+using namespace std;
+
+
+/*
+ * Only this module depends on PFCfgLexer and PFCfgParser,
+ * so only this file is recompiled when we change grammar
+ */
+
+void PFImporter::run()
+{
+    QStringList err;
+    QString parser_err = QObject::tr("Parser error:");
+    QString gen_err = QObject::tr("Error:");
+    std::ostringstream parser_debug;
+
+/* Do a bit of preprocessing of the input to simplify crazy grammar. 
+ *
+ * Do the following (will add more stuff here in the future):
+ *
+ * - fold lines split with '\'
+ * - find macro definitions and perform all macro sustitutions
+ */
+
+    QMap<QString, QString> named_addresses;
+    QStringList whole_input_tmp;
+
+    input.seekg (0, ios::beg);
+    char buf[8192];
+    while (!input.eof())
+    {
+        input.getline(buf, sizeof(buf)-1);
+        whole_input_tmp.append(QString(buf));
+    }
+
+    QString whole_input = whole_input_tmp.join("\n");
+    QRegExp line_continuation("\\\\\\s*\n");
+    whole_input.replace(line_continuation, "");
+
+    QRegExp macro_definition_1("^\\s*(\\S+)\\s*=\\s*\"(.*)\"$");
+    QRegExp macro_definition_2("^\\s*(\\S+)\\s*=\\s*([^\"]*)$"); // no quotes
+    QMap<QString, QString> macros;
+
+    foreach(QString str, whole_input.split("\n"))
+    {
+        if (macro_definition_1.indexIn(str) != -1)
+        {
+            macros[macro_definition_1.cap(1)] = macro_definition_1.cap(2);
+        }
+        if (macro_definition_2.indexIn(str) != -1)
+        {
+            macros[macro_definition_2.cap(1)] = macro_definition_2.cap(2);
+        }
+    }
+
+    if (fwbdebug)
+        qDebug() << "Macros defined in this file: " << macros;
+
+    // make several passes: sometimes macros can use other macros
+    int pass = 0;
+    while (1)
+    {
+        bool has_macros = false;
+        QMapIterator<QString, QString> it(macros);
+        while (it.hasNext())
+        {
+            it.next();
+            QString macro_name = it.key();
+            QString macro_value = it.value();
+            if (whole_input.contains("$" + macro_name))
+            {
+                has_macros = true;
+                whole_input.replace( "$" + macro_name, macro_value);
+                if (fwbdebug)
+                    qDebug() << "Pass " << pass
+                             << "Macro substitution: "
+                             << macro_name << ":" << macro_value;
+            }
+        }
+        if (! has_macros) break;
+        pass++;
+    }
+
+    if (fwbdebug)
+    {
+        qDebug() << "pf.conf file after line unfolding and macro substitution:";
+        qDebug() << whole_input;
+    }
+
+    istringstream  normalized_input(whole_input.toStdString());
+
+    PFCfgLexer lexer(normalized_input);
+    PFCfgParser parser(lexer);
+    parser.importer = this;
+    if (fwbdebug)   parser.dbg = &std::cerr;
+    else            parser.dbg = &parser_debug;
+
+    try
+    {
+        parser.cfgfile();
+    } catch(ANTLR_USE_NAMESPACE(antlr)ANTLRException &e)
+    {
+        err << parser_err + " " + e.toString().c_str();
+    } catch(ObjectMakerException &e)
+    {
+        err << gen_err + " " + e.toString();
+    } catch(ImporterException &e)
+    {
+        err << gen_err + " " + e.toString();
+    } catch(std::exception& e)
+    {
+        err << parser_err + " " + e.what();
+    }
+
+    if (haveFirewallObject())
+    {
+        if (countInterfaces()==0) err << noInterfacesErrorMessage();
+        if (countRules()==0) err << noRulesErrorMessage();
+    } else
+    {
+        err << parser_err;
+        err << noFirewallErrorMessage();
+        err << commonFailureErrorMessage();
+    }
+
+    if (!err.isEmpty())
+        *logger << err.join("\n").toUtf8().constData();
+}
+
diff --git a/src/import/PreImport.cpp b/src/import/PreImport.cpp
index c8b9fa2f8..992f9c5b6 100644
--- a/src/import/PreImport.cpp
+++ b/src/import/PreImport.cpp
@@ -25,6 +25,38 @@
 
 #include <QRegExp>
 
+#include <functional>
+
+using namespace std;
+
+
+class matchPFDirectionIn : public matchPFDirection
+{
+public:
+    virtual bool operator()(const QString &str)
+    {
+        return str.contains(" in ");
+    }
+};
+
+class matchPFDirectionOut : public matchPFDirection
+{
+public:
+    virtual bool operator()(const QString &str)
+    {
+        return str.contains(" out ");
+    }
+};
+
+class matchPFDirectionBoth : public matchPFDirection
+{
+public:
+    virtual bool operator()(const QString &str)
+    {
+        return ! str.contains(" in ") && ! str.contains(" out ");
+    }
+};
+
 
 void PreImport::scan()
 {
@@ -131,6 +163,105 @@ void PreImport::scan()
             }
         }
     }
+
+    /*
+     * fwbuilder generates PF configuration that always uses "quick"
+     * keyword to make the first matching rule stop processing. A lot
+     * of existing pf.conf files use the other model where PF commands
+     * do not use this keyword, so that all rules inspect the packet
+     * and the last matching rule makes the decision. Fwbuilder can
+     * not generate PF configuration in this style and can not import
+     * it. We look for "block" command without "quick" parameter to
+     * determine if the configuration offered for import is written in
+     * this style.
+
+     * We refuse to import policies that have "block" line with no
+     * "quick" word, unless there are other command(s) with "quick"
+     * after it. We should do this comparison keeping direction in
+     * mind because it is possible to have "block in all" and then
+     * "pass out quick something". It looks like a style with "block
+     * all" at the top used to set up default policy is quite
+     * popular. Configuration written in this style has "block all
+     * log" at the top (or in the middle), followed by a bunch of
+     * specific "pass quick" rules. We can import this if "block all
+     * log" is the last rule, but not if it is followed by some pass
+     * rules with no "quick".
+     */
+
+    if (platform == PF)
+    {
+        matchPFDirectionIn   dir_in;
+        matchPFDirectionOut  dir_out;
+        matchPFDirectionBoth dir_both;
+
+        if (isReversePFConfigurationStyle(dir_in)  ||
+            isReversePFConfigurationStyle(dir_out) ||
+            isReversePFConfigurationStyle(dir_both))
+        {
+            platform = PF_REVERSE;
+        }
+    }
+}
+
+bool PreImport::isReversePFConfigurationStyle(matchPFDirection &dir_op)
+{
+    bool has_block_no_quick = false;
+    bool has_command_with_quick_after_block = false;
+    bool has_command_with_no_quick_after_block = false;
+    QRegExp cont("\\\\\\s*\n");
+    QString line;
+    QStringListIterator it(*buffer);
+    while (it.hasNext())
+    {
+        // first, unfold lines ending with "\"
+        line = it.next();
+        int cont_idx;
+        while ( (cont_idx = cont.indexIn(line)) > -1 && it.hasNext())
+        {
+            line.insert(cont_idx, it.next());
+        }
+
+        line = line.trimmed();
+
+        if (line.startsWith("#")) continue;
+        if (line.isEmpty()) continue;
+
+        if ( ! dir_op(line)) continue;
+
+        if (line.contains(" quick"))
+        {
+            // check if after the line with "block" and no "quick"
+            // comes a line with action "pass" and "quick" word.
+            // This is a mixed-style policy and we can try to
+            // import it.
+
+            if (has_block_no_quick &&
+                (line.startsWith("pass ") || line.startsWith("block ")))
+            {
+                has_command_with_quick_after_block = true;
+                continue;
+            }
+
+        } else
+        {
+            // check if this is a line with action "block" and no
+            // "quick" word
+            if (line.startsWith("block "))
+            {
+                has_block_no_quick = true;
+                continue;
+            }
+
+            if (has_block_no_quick)
+            {
+                has_command_with_no_quick_after_block = true;
+                break;
+            }
+        }
+    }
+
+    return (has_block_no_quick && has_command_with_no_quick_after_block &&
+            ! has_command_with_quick_after_block);
 }
 
 QString PreImport::getPlatformAsString()
@@ -161,6 +292,7 @@ QString PreImport::getPlatformAsString()
         break;
 
     case PreImport::PF:
+    case PreImport::PF_REVERSE:
         platform_string = "pf";
         break;
     }
diff --git a/src/import/PreImport.h b/src/import/PreImport.h
index 6517487e9..2b91c83c1 100644
--- a/src/import/PreImport.h
+++ b/src/import/PreImport.h
@@ -30,12 +30,16 @@
 #include <QStringList>
 
 
+class matchPFDirection
+{
+public:
+    virtual bool operator()(const QString&) {return false;}
+};
+
 /*
  * This class scans firewall configuration and tries to guess platform
  * and some other parameters
  */
-
-
 class PreImport
 {
     const QStringList *buffer;
@@ -43,7 +47,7 @@ class PreImport
 public:
 
     enum Platforms { UNKNOWN, IPTABLES, IPTABLES_WITH_COUNTERS,
-                     PF, IOSACL, PIX, FWSM } ;
+                     PF, PF_REVERSE, IOSACL, PIX, FWSM } ;
 
 private:    
 
@@ -55,6 +59,7 @@ public:
     void scan();
     enum Platforms getPlatform() { return platform; }
     QString getPlatformAsString();
+    bool isReversePFConfigurationStyle(matchPFDirection &dir_op);
 };
 
 #endif
diff --git a/src/import/import.pro b/src/import/import.pro
index cbe638b8a..70f6a18d9 100644
--- a/src/import/import.pro
+++ b/src/import/import.pro
@@ -20,18 +20,21 @@ SOURCES = QStringListOperators.cpp \
           PIXImporter.cpp \
           PIXImporterNat.cpp \
           PIXImporterRun.cpp \
+		  PFImporter.cpp \
+          PFImporterRun.cpp \
 
-HEADERS	 = QStringListOperators.h \
-	       PreImport.h \
-           objectMaker.h \
-           addressObjectMaker.h \
-           serviceObjectMaker.h \
-           getProtoByName.h \
-           getServByName.h \
-           Importer.h \
-           IOSImporter.h \
-           IPTImporter.h \
-           PIXImporter.h \
+HEADERS = QStringListOperators.h \
+	      PreImport.h \
+          objectMaker.h \
+          addressObjectMaker.h \
+          serviceObjectMaker.h \
+          getProtoByName.h \
+          getServByName.h \
+          Importer.h \
+          IOSImporter.h \
+          IPTImporter.h \
+          PIXImporter.h \
+		  PFImporter.h \
 
 CONFIG += staticlib
 
diff --git a/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp b/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp
index f36fbeb1a..1908e1dd5 100644
--- a/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp
+++ b/src/libfwbuilder/src/fwbuilder/ObjectMatcher.cpp
@@ -92,7 +92,7 @@ bool ObjectMatcher::complexMatch(Address *obj1, Address *obj2)
         int cluster_id = obj2->getInt("parent_cluster_id");
         if (obj1->getId() == cluster_id) return true;
     }
-    
+
     void* res = obj1->dispatch(this, obj2);
     return (res != NULL);
 }
@@ -411,8 +411,18 @@ void* ObjectMatcher::dispatch(AddressRange *obj1, void *_obj2)
     return NULL;
 }
 
-void* ObjectMatcher::dispatch(MultiAddressRunTime*, void*)
+/*
+ * Special case: run-time DNSName object with source name "self"
+ * matches firewall.
+ */
+void* ObjectMatcher::dispatch(MultiAddressRunTime *obj1, void *_obj2)
 {
+    FWObject *obj2 = (FWObject*)(_obj2);
+   
+    if (obj1->getSubstitutionTypeName() == DNSName::TYPENAME &&
+        obj1->getSourceName() == "self" && Firewall::isA(obj2))
+        return obj1;
+
     return NULL;  // never matches in this implementation
 }
 
@@ -433,13 +443,26 @@ void* ObjectMatcher::dispatch(Firewall *obj1, void *_obj2)
 {
     FWObject *obj2 = (FWObject*)(_obj2);
     if (obj1->getId() == obj2->getId()) return obj1;
+
+/*
+ * Special case: run-time DNSName object with source name "self"
+ * matches firewall.
+ */
+    MultiAddressRunTime *mart = MultiAddressRunTime::cast(obj2);
+    if (mart)
+    {
+        if (mart->getSubstitutionTypeName() == DNSName::TYPENAME &&
+            mart->getSourceName() == "self")
+            return obj1;
+    }
+
 /*
  *  match only if all interfaces of obj1 match obj2
  */
     bool res = true;
     list<FWObject*> l = obj1->getByTypeDeep(Interface::TYPENAME);
     for (list<FWObject*>::iterator it = l.begin(); it!=l.end(); ++it)
-        res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2);
+        res &= checkComplexMatchForSingleAddress(Interface::cast(*it), obj2);    
     return res ? obj1 : NULL;
 }
 
diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.cpp b/src/libfwbuilder/src/fwcompiler/Compiler.cpp
index 79eae9574..814b9bff3 100644
--- a/src/libfwbuilder/src/fwcompiler/Compiler.cpp
+++ b/src/libfwbuilder/src/fwcompiler/Compiler.cpp
@@ -519,8 +519,16 @@ void Compiler::_expand_interface(Rule *rule,
     }
 }
 
-bool compare_addresses(Address *a1, Address *a2)
+bool compare_addresses(FWObject *o1, FWObject *o2)
 {
+    Address *a1 = Address::cast(o1);
+    Address *a2 = Address::cast(o2);
+    if (a1 == NULL || a2 == NULL)
+    {
+        // one or both could be MultiAddress objects (e.g. DNSName)
+        return o1->getName() < o2->getName();
+    }
+
     const InetAddr *addr1 = a1->getAddressPtr();
     const InetAddr *addr2 = a2->getAddressPtr();
     if (addr1 == NULL) return true;
@@ -541,18 +549,18 @@ void Compiler::_expand_addr(Rule *rule, FWObject *s,
     list<FWObject*> cl;
     _expand_addr_recursive(rule, s, cl, expand_cluster_interfaces_fully);
     
-    list<Address*> expanded_addresses;
+    list<FWObject*> expanded_addresses;
     for (FWObject::iterator i=cl.begin(); i!=cl.end(); ++i) 
     {
-        expanded_addresses.push_back(Address::cast(*i));
+        expanded_addresses.push_back(*i);
     }
 
     expanded_addresses.sort(compare_addresses);
 
     s->clearChildren();
 
-    for (list<Address*>::iterator i1=expanded_addresses.begin();
-         i1!=expanded_addresses.end(); ++i1) 
+    for (list<FWObject*>::iterator i1=expanded_addresses.begin();
+         i1!=expanded_addresses.end(); ++i1)
     {
         s->addRef( *i1 );
     }
@@ -860,6 +868,48 @@ bool Compiler::splitIfRuleElementMatchesFW::processNext()
     return true;
 }
 
+/*
+ * This rule processor replaces firewall object in given rule element
+ * with run-time DNSName object with name "self" and source name (A
+ * record) set to "self". This is a trick in that when compliers see
+ * objects like that in a rule, they just put source name in the
+ * generated code verbatim. This is useful for firewall platforms that
+ * support keyword "self" (e.g. PF).
+ *
+ * Always call this RE after splitIfFirewallInSrc or splitIfFirewallInDst
+ */
+bool Compiler::ReplaceFirewallObjectWithSelfInRE::processNext()
+{
+    Rule *rule = prev_processor->getNextRule();
+    if (rule==NULL) return false;
+    RuleElement *re = RuleElement::cast(rule->getFirstByType(re_type));
+
+    for (list<FWObject*>::iterator i1=re->begin(); i1!=re->end(); ++i1)
+    {
+        FWObject *obj = FWReference::getObject(*i1);
+        if (obj == compiler->fw)
+        {
+            DNSName *self = DNSName::cast(
+                compiler->persistent_objects->findObjectByName(
+                    DNSName::TYPENAME, "self"));
+            if (self == NULL)
+            {
+                self = compiler->dbcopy->createDNSName();
+                self->setName("self");
+                self->setRunTime(true);
+                self->setSourceName("self");
+                compiler->persistent_objects->add(self, false);
+            }
+
+            re->addRef(self);
+            re->removeRef(compiler->fw);
+            break;
+        }
+    }
+
+    tmp_queue.push_back(rule);
+    return true;
+}
 
 bool Compiler::equalObj::operator()(FWObject *o)
 {
diff --git a/src/libfwbuilder/src/fwcompiler/Compiler.h b/src/libfwbuilder/src/fwcompiler/Compiler.h
index 395b8a738..08f5b0565 100644
--- a/src/libfwbuilder/src/fwcompiler/Compiler.h
+++ b/src/libfwbuilder/src/fwcompiler/Compiler.h
@@ -828,9 +828,20 @@ public:
             virtual bool processNext();
         };
 
-
-
-
+        /**
+         * This rule processor replaces firewall object with
+         * DNSName object "self" configured as run-time with source
+         * name "self".
+         */
+        class ReplaceFirewallObjectWithSelfInRE : public BasicRuleProcessor
+        {
+            std::string re_type;
+            public:
+                ReplaceFirewallObjectWithSelfInRE(const std::string &n,
+                                      std::string _type) :
+                BasicRuleProcessor(n) { re_type=_type; }
+            virtual bool processNext();
+        };
         
         /**
          * prints rule in some universal format (close to that visible
diff --git a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h
index f4ccf3807..310ba1d11 100644
--- a/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h
+++ b/src/libfwbuilder/src/fwcompiler/PolicyCompiler.h
@@ -187,6 +187,27 @@ namespace fwcompiler {
                 expandMultipleAddressesInRE(n,libfwbuilder::RuleElementDst::TYPENAME) {}
         };
 
+
+
+
+        class ReplaceFirewallObjectWithSelfInSrc : public Compiler::ReplaceFirewallObjectWithSelfInRE
+        {
+            public:
+            ReplaceFirewallObjectWithSelfInSrc(const std::string &n) :
+                ReplaceFirewallObjectWithSelfInRE(
+                    n, libfwbuilder::RuleElementSrc::TYPENAME) {}
+        };
+
+        class ReplaceFirewallObjectWithSelfInDst : public Compiler::ReplaceFirewallObjectWithSelfInRE
+        {
+            public:
+            ReplaceFirewallObjectWithSelfInDst(const std::string &n) :
+                ReplaceFirewallObjectWithSelfInRE(
+                    n, libfwbuilder::RuleElementDst::TYPENAME) {}
+        };
+
+
+        
 	/**
 	 * processes rules with negation in Itf
 	 */
diff --git a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp
index 909f0f250..4bfc17eff 100644
--- a/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp
+++ b/src/libgui/importFirewallConfigurationWizard/IC_PlatformWarningPage.cpp
@@ -180,12 +180,31 @@ void IC_PlatformWarningPage::initializePage()
         case PreImport::PF:
             m_dialog->platform->setText(tr("pf"));
             m_dialog->platformSpecificWarning->setText(
-                tr("Firewall Builder does not support import of PF "
-                   "configurations at this time. Click the button below to "
-                   "vote to have this feature added in a future release."
+                tr("Firewall Builder supports import PF "
+                   "configuration from a pf.conf file. Tables will be imported "
+                   "as object groups and their names will be preserved. "
+                   "Macros are expanded in place and not imported as "
+                   "objects. Import of anchors is not supported at this time."
+                   ));
+            platformOk = true;
+            break;
+
+        case PreImport::PF_REVERSE:
+            m_dialog->platform->setText(tr("pf"));
+            m_dialog->platformSpecificWarning->setText(
+                tr(
+                    "<html><p>This appears to be PF configuration designed "
+                    "without use of the <b>\"quick\"</b> keyword, where "
+                    "the packet is evaluated by all filtering rules in "
+                    "sequential order and the last matching rule decides "
+                    "what action is to be taken. Firewall Builder uses "
+                    "different rule model, where the first matching rule "
+                    "is always final and makes the decision on the action. "
+                    "This means Firewall Builder can only import PF "
+                    "configuration written using <b>\"quick\"</b> "
+                    "keywords.</p></html>"
                    ));
             platformOk = false;
-            m_dialog->voteForFeatureButton->show();
             break;
         }
 
diff --git a/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp b/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp
index 1bd5e3ccd..6cd38fc0a 100644
--- a/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp
+++ b/src/libgui/importFirewallConfigurationWizard/ImporterThread.cpp
@@ -30,6 +30,7 @@
 #include "IOSImporter.h"
 #include "IPTImporter.h"
 #include "PIXImporter.h"
+#include "PFImporter.h"
 #include "objectMaker.h"
 
 #include <QWidget>
@@ -92,6 +93,9 @@ void ImporterThread::run()
     if (platform == "pix" || platform == "fwsm") importer = new PIXImporter(
         lib, instream, logger, firewallName.toUtf8().constData());
 
+    if (platform == "pf") importer = new PFImporter(
+        lib, instream, logger, firewallName.toUtf8().constData());
+
     if (importer)
     {
 
diff --git a/src/parsers/PFCfgLexer.cpp b/src/parsers/PFCfgLexer.cpp
new file mode 100644
index 000000000..e8a8e8a61
--- /dev/null
+++ b/src/parsers/PFCfgLexer.cpp
@@ -0,0 +1,1755 @@
+/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.cpp"$ */
+#line 42 "pf.g"
+
+    // gets inserted before the antlr generated includes in the cpp
+    // file
+
+#line 8 "PFCfgLexer.cpp"
+#include "PFCfgLexer.hpp"
+#include <antlr/CharBuffer.hpp>
+#include <antlr/TokenStreamException.hpp>
+#include <antlr/TokenStreamIOException.hpp>
+#include <antlr/TokenStreamRecognitionException.hpp>
+#include <antlr/CharStreamException.hpp>
+#include <antlr/CharStreamIOException.hpp>
+#include <antlr/NoViableAltForCharException.hpp>
+
+#line 48 "pf.g"
+
+    // gets inserted after the antlr generated includes in the cpp
+    // file
+#include <antlr/Token.hpp>
+#include <antlr/TokenBuffer.hpp>
+
+#line 25 "PFCfgLexer.cpp"
+#line 1 "pf.g"
+#line 27 "PFCfgLexer.cpp"
+PFCfgLexer::PFCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in)
+	: ANTLR_USE_NAMESPACE(antlr)CharScanner(new ANTLR_USE_NAMESPACE(antlr)CharBuffer(in),true)
+{
+	initLiterals();
+}
+
+PFCfgLexer::PFCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib)
+	: ANTLR_USE_NAMESPACE(antlr)CharScanner(ib,true)
+{
+	initLiterals();
+}
+
+PFCfgLexer::PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state)
+	: ANTLR_USE_NAMESPACE(antlr)CharScanner(state,true)
+{
+	initLiterals();
+}
+
+void PFCfgLexer::initLiterals()
+{
+	literals["vrrp"] = 61;
+	literals["critical"] = 100;
+	literals["ospf"] = 59;
+	literals["rdp"] = 53;
+	literals["disable"] = 107;
+	literals["scrub"] = 12;
+	literals["ipsec"] = 90;
+	literals["inet"] = 45;
+	literals["pcp"] = 92;
+	literals["emergencies"] = 102;
+	literals["debugging"] = 101;
+	literals["persist"] = 16;
+	literals["snp"] = 96;
+	literals["timeout"] = 32;
+	literals["to"] = 42;
+	literals["flags"] = 71;
+	literals["isis"] = 63;
+	literals["icmp6-type"] = 74;
+	literals["const"] = 17;
+	literals["pptp"] = 94;
+	literals["pass"] = 33;
+	literals["no"] = 77;
+	literals["from"] = 64;
+	literals["igrp"] = 89;
+	literals["pim"] = 93;
+	literals["tagged"] = 75;
+	literals["rsvp"] = 54;
+	literals["route-to"] = 69;
+	literals["nos"] = 91;
+	literals["quit"] = 86;
+	literals["->"] = 109;
+	literals["icmp-type"] = 72;
+	literals["exit"] = 85;
+	literals["modulate"] = 79;
+	literals["nat"] = 29;
+	literals["range"] = 98;
+	literals["urpf-failed"] = 65;
+	literals["out"] = 36;
+	literals["queue"] = 10;
+	literals["gre"] = 55;
+	literals["set"] = 11;
+	literals["warnings"] = 106;
+	literals["ah"] = 57;
+	literals["host"] = 97;
+	literals["interface"] = 87;
+	literals["rip"] = 95;
+	literals["icmp6"] = 88;
+	literals["notifications"] = 105;
+	literals["file"] = 19;
+	literals["synproxy"] = 80;
+	literals["altq"] = 9;
+	literals["any"] = 66;
+	literals["esp"] = 56;
+	literals["alerts"] = 99;
+	literals["all"] = 40;
+	literals["inet6"] = 46;
+	literals["inactive"] = 108;
+	literals["label"] = 82;
+	literals["no-route"] = 67;
+	literals["udp"] = 52;
+	literals["reply-to"] = 70;
+	literals["tag"] = 76;
+	literals["port"] = 83;
+	literals["code"] = 73;
+	literals["ip"] = 48;
+	literals["table"] = 13;
+	literals["eigrp"] = 58;
+	literals["errors"] = 103;
+	literals["ipip"] = 60;
+	literals["antispoof"] = 8;
+	literals["binat"] = 30;
+	literals["igmp"] = 50;
+	literals["on"] = 44;
+	literals["state"] = 81;
+	literals["proto"] = 47;
+	literals["log"] = 37;
+	literals["rdr"] = 31;
+	literals["informational"] = 104;
+	literals["self"] = 25;
+	literals["in"] = 35;
+	literals["keep"] = 78;
+	literals["block"] = 34;
+	literals["l2tp"] = 62;
+	literals["quick"] = 43;
+	literals["user"] = 41;
+	literals["icmp"] = 49;
+	literals["tcp"] = 51;
+}
+
+ANTLR_USE_NAMESPACE(antlr)RefToken PFCfgLexer::nextToken()
+{
+	ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken;
+	for (;;) {
+		ANTLR_USE_NAMESPACE(antlr)RefToken theRetToken;
+		int _ttype = ANTLR_USE_NAMESPACE(antlr)Token::INVALID_TYPE;
+		resetText();
+		try {   // for lexical and char stream error handling
+			switch ( LA(1)) {
+			case 0xa /* '\n' */ :
+			case 0xd /* '\r' */ :
+			{
+				mNEWLINE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x30 /* '0' */ :
+			case 0x31 /* '1' */ :
+			case 0x32 /* '2' */ :
+			case 0x33 /* '3' */ :
+			case 0x34 /* '4' */ :
+			case 0x35 /* '5' */ :
+			case 0x36 /* '6' */ :
+			case 0x37 /* '7' */ :
+			case 0x38 /* '8' */ :
+			case 0x39 /* '9' */ :
+			case 0x3a /* ':' */ :
+			case 0x41 /* 'A' */ :
+			case 0x42 /* 'B' */ :
+			case 0x43 /* 'C' */ :
+			case 0x44 /* 'D' */ :
+			case 0x45 /* 'E' */ :
+			case 0x46 /* 'F' */ :
+			case 0x47 /* 'G' */ :
+			case 0x48 /* 'H' */ :
+			case 0x49 /* 'I' */ :
+			case 0x4a /* 'J' */ :
+			case 0x4b /* 'K' */ :
+			case 0x4c /* 'L' */ :
+			case 0x4d /* 'M' */ :
+			case 0x4e /* 'N' */ :
+			case 0x4f /* 'O' */ :
+			case 0x50 /* 'P' */ :
+			case 0x51 /* 'Q' */ :
+			case 0x52 /* 'R' */ :
+			case 0x53 /* 'S' */ :
+			case 0x54 /* 'T' */ :
+			case 0x55 /* 'U' */ :
+			case 0x56 /* 'V' */ :
+			case 0x57 /* 'W' */ :
+			case 0x58 /* 'X' */ :
+			case 0x59 /* 'Y' */ :
+			case 0x5a /* 'Z' */ :
+			case 0x61 /* 'a' */ :
+			case 0x62 /* 'b' */ :
+			case 0x63 /* 'c' */ :
+			case 0x64 /* 'd' */ :
+			case 0x65 /* 'e' */ :
+			case 0x66 /* 'f' */ :
+			case 0x67 /* 'g' */ :
+			case 0x68 /* 'h' */ :
+			case 0x69 /* 'i' */ :
+			case 0x6a /* 'j' */ :
+			case 0x6b /* 'k' */ :
+			case 0x6c /* 'l' */ :
+			case 0x6d /* 'm' */ :
+			case 0x6e /* 'n' */ :
+			case 0x6f /* 'o' */ :
+			case 0x70 /* 'p' */ :
+			case 0x71 /* 'q' */ :
+			case 0x72 /* 'r' */ :
+			case 0x73 /* 's' */ :
+			case 0x74 /* 't' */ :
+			case 0x75 /* 'u' */ :
+			case 0x76 /* 'v' */ :
+			case 0x77 /* 'w' */ :
+			case 0x78 /* 'x' */ :
+			case 0x79 /* 'y' */ :
+			case 0x7a /* 'z' */ :
+			{
+				mNUMBER_ADDRESS_OR_WORD(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x7c /* '|' */ :
+			{
+				mPIPE_CHAR(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x25 /* '%' */ :
+			{
+				mPERCENT(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x26 /* '&' */ :
+			{
+				mAMPERSAND(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x27 /* '\'' */ :
+			{
+				mAPOSTROPHE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x2a /* '*' */ :
+			{
+				mSTAR(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x2b /* '+' */ :
+			{
+				mPLUS(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x2c /* ',' */ :
+			{
+				mCOMMA(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x2d /* '-' */ :
+			{
+				mMINUS(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x2e /* '.' */ :
+			{
+				mDOT(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x2f /* '/' */ :
+			{
+				mSLASH(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x3b /* ';' */ :
+			{
+				mSEMICOLON(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x3d /* '=' */ :
+			{
+				mEQUAL(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x3f /* '?' */ :
+			{
+				mQUESTION(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x40 /* '@' */ :
+			{
+				mCOMMERCIAL_AT(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x28 /* '(' */ :
+			{
+				mOPENING_PAREN(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x29 /* ')' */ :
+			{
+				mCLOSING_PAREN(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x5b /* '[' */ :
+			{
+				mOPENING_SQUARE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x5d /* ']' */ :
+			{
+				mCLOSING_SQUARE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x7b /* '{' */ :
+			{
+				mOPENING_BRACE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x7d /* '}' */ :
+			{
+				mCLOSING_BRACE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x5e /* '^' */ :
+			{
+				mCARET(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x5f /* '_' */ :
+			{
+				mUNDERLINE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x7e /* '~' */ :
+			{
+				mTILDE(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x21 /* '!' */ :
+			{
+				mEXLAMATION(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x3c /* '<' */ :
+			{
+				mLESS_THAN(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			case 0x3e /* '>' */ :
+			{
+				mGREATER_THAN(true);
+				theRetToken=_returnToken;
+				break;
+			}
+			default:
+				if ((LA(1) == 0x23 /* '#' */ ) && ((LA(2) >= 0x3 /* '\3' */  && LA(2) <= 0xff))) {
+					mLINE_COMMENT(true);
+					theRetToken=_returnToken;
+				}
+				else if ((LA(1) == 0x22 /* '\"' */ ) && ((LA(2) >= 0x3 /* '\3' */  && LA(2) <= 0xff))) {
+					mSTRING(true);
+					theRetToken=_returnToken;
+				}
+				else if ((_tokenSet_0.member(LA(1)))) {
+					mWhitespace(true);
+					theRetToken=_returnToken;
+				}
+				else if ((LA(1) == 0x23 /* '#' */ ) && (true)) {
+					mNUMBER_SIGN(true);
+					theRetToken=_returnToken;
+				}
+				else if ((LA(1) == 0x22 /* '\"' */ ) && (true)) {
+					mDOUBLE_QUOTE(true);
+					theRetToken=_returnToken;
+				}
+			else {
+				if (LA(1)==EOF_CHAR)
+				{
+					uponEOF();
+					_returnToken = makeToken(ANTLR_USE_NAMESPACE(antlr)Token::EOF_TYPE);
+				}
+				else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+			}
+			}
+			if ( !_returnToken )
+				goto tryAgain; // found SKIP token
+
+			_ttype = _returnToken->getType();
+			_ttype = testLiteralsTable(_ttype);
+			_returnToken->setType(_ttype);
+			return _returnToken;
+		}
+		catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& e) {
+				throw ANTLR_USE_NAMESPACE(antlr)TokenStreamRecognitionException(e);
+		}
+		catch (ANTLR_USE_NAMESPACE(antlr)CharStreamIOException& csie) {
+			throw ANTLR_USE_NAMESPACE(antlr)TokenStreamIOException(csie.io);
+		}
+		catch (ANTLR_USE_NAMESPACE(antlr)CharStreamException& cse) {
+			throw ANTLR_USE_NAMESPACE(antlr)TokenStreamException(cse.getMessage());
+		}
+tryAgain:;
+	}
+}
+
+void PFCfgLexer::mLINE_COMMENT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = LINE_COMMENT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match("#");
+	{ // ( ... )*
+	for (;;) {
+		if ((_tokenSet_1.member(LA(1)))) {
+			{
+			match(_tokenSet_1);
+			}
+		}
+		else {
+			goto _loop151;
+		}
+		
+	}
+	_loop151:;
+	} // ( ... )*
+	mNEWLINE(false);
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mNEWLINE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = NEWLINE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	{
+	if ((LA(1) == 0xd /* '\r' */ ) && (LA(2) == 0xa /* '\n' */ )) {
+		match("\r\n");
+	}
+	else if ((LA(1) == 0xd /* '\r' */ ) && (true)) {
+		match('\r' /* charlit */ );
+	}
+	else if ((LA(1) == 0xa /* '\n' */ )) {
+		match('\n' /* charlit */ );
+	}
+	else {
+		throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
+	}
+	
+	}
+	if ( inputState->guessing==0 ) {
+#line 1021 "pf.g"
+		newline();
+#line 480 "PFCfgLexer.cpp"
+	}
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mWhitespace(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = Whitespace;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	{
+	switch ( LA(1)) {
+	case 0x3 /* '\3' */ :
+	case 0x4 /* '\4' */ :
+	case 0x5 /* '\5' */ :
+	case 0x6 /* '\6' */ :
+	case 0x7 /* '\7' */ :
+	case 0x8 /* '\10' */ :
+	{
+		matchRange('\3','\10');
+		break;
+	}
+	case 0x9 /* '\t' */ :
+	{
+		match('\t' /* charlit */ );
+		break;
+	}
+	case 0xb /* '\13' */ :
+	{
+		match('\13' /* charlit */ );
+		break;
+	}
+	case 0xc /* '\14' */ :
+	{
+		match('\14' /* charlit */ );
+		break;
+	}
+	case 0xe /* '\16' */ :
+	case 0xf /* '\17' */ :
+	case 0x10 /* '\20' */ :
+	case 0x11 /* '\21' */ :
+	case 0x12 /* '\22' */ :
+	case 0x13 /* '\23' */ :
+	case 0x14 /* '\24' */ :
+	case 0x15 /* '\25' */ :
+	case 0x16 /* '\26' */ :
+	case 0x17 /* '\27' */ :
+	case 0x18 /* '\30' */ :
+	case 0x19 /* '\31' */ :
+	case 0x1a /* '\32' */ :
+	case 0x1b /* '\33' */ :
+	case 0x1c /* '\34' */ :
+	case 0x1d /* '\35' */ :
+	case 0x1e /* '\36' */ :
+	case 0x1f /* '\37' */ :
+	{
+		matchRange('\16','\37');
+		break;
+	}
+	case 0x20 /* ' ' */ :
+	{
+		match(' ' /* charlit */ );
+		break;
+	}
+	default:
+		if (((LA(1) >= 0x7f && LA(1) <= 0xff))) {
+			matchRange('\177',static_cast<unsigned char>('\377'));
+		}
+	else {
+		throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
+	}
+	}
+	}
+	if ( inputState->guessing==0 ) {
+#line 1016 "pf.g"
+		_ttype = ANTLR_USE_NAMESPACE(antlr)Token::SKIP;
+#line 561 "PFCfgLexer.cpp"
+	}
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mINT_CONST(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = INT_CONST;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mHEX_CONST(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = HEX_CONST;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mNUMBER(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = NUMBER;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mNEG_INT_CONST(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = NEG_INT_CONST;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mCOLON(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = COLON;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mHEX_DIGIT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = HEX_DIGIT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	matchRange('0','9');
+	matchRange('a','f');
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mDIGIT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = DIGIT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	matchRange('0','9');
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mNUM_3DIGIT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = NUM_3DIGIT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	{
+	matchRange('0','9');
+	}
+	{
+	if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+		{
+		matchRange('0','9');
+		}
+		{
+		if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+			matchRange('0','9');
+		}
+		else {
+		}
+		
+		}
+	}
+	else {
+	}
+	
+	}
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mNUM_HEX_4DIGIT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = NUM_HEX_4DIGIT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	mHEX_DIGIT(false);
+	{
+	if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+		{
+		mHEX_DIGIT(false);
+		}
+		{
+		if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+			{
+			mHEX_DIGIT(false);
+			}
+			{
+			if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+				mHEX_DIGIT(false);
+			}
+			else {
+			}
+			
+			}
+		}
+		else {
+		}
+		
+		}
+	}
+	else {
+	}
+	
+	}
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mNUMBER_ADDRESS_OR_WORD(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = NUMBER_ADDRESS_OR_WORD;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	bool synPredMatched176 = false;
+	if ((((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
+		int _m176 = mark();
+		synPredMatched176 = true;
+		inputState->guessing++;
+		try {
+			{
+			mNUM_3DIGIT(false);
+			match('.' /* charlit */ );
+			mNUM_3DIGIT(false);
+			match('.' /* charlit */ );
+			}
+		}
+		catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
+			synPredMatched176 = false;
+		}
+		rewind(_m176);
+		inputState->guessing--;
+	}
+	if ( synPredMatched176 ) {
+		{
+		mNUM_3DIGIT(false);
+		match('.' /* charlit */ );
+		mNUM_3DIGIT(false);
+		match('.' /* charlit */ );
+		mNUM_3DIGIT(false);
+		match('.' /* charlit */ );
+		mNUM_3DIGIT(false);
+		}
+		if ( inputState->guessing==0 ) {
+#line 1058 "pf.g"
+			_ttype = IPV4;
+#line 778 "PFCfgLexer.cpp"
+		}
+	}
+	else {
+		bool synPredMatched183 = false;
+		if ((((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ )) && (_tokenSet_2.member(LA(2))) && (_tokenSet_2.member(LA(3))))) {
+			int _m183 = mark();
+			synPredMatched183 = true;
+			inputState->guessing++;
+			try {
+				{
+				{ // ( ... )+
+				int _cnt180=0;
+				for (;;) {
+					if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+						mDIGIT(false);
+					}
+					else {
+						if ( _cnt180>=1 ) { goto _loop180; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+					}
+					
+					_cnt180++;
+				}
+				_loop180:;
+				}  // ( ... )+
+				match('.' /* charlit */ );
+				{ // ( ... )+
+				int _cnt182=0;
+				for (;;) {
+					if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+						mDIGIT(false);
+					}
+					else {
+						if ( _cnt182>=1 ) { goto _loop182; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+					}
+					
+					_cnt182++;
+				}
+				_loop182:;
+				}  // ( ... )+
+				}
+			}
+			catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
+				synPredMatched183 = false;
+			}
+			rewind(_m183);
+			inputState->guessing--;
+		}
+		if ( synPredMatched183 ) {
+			{
+			{ // ( ... )+
+			int _cnt186=0;
+			for (;;) {
+				if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+					mDIGIT(false);
+				}
+				else {
+					if ( _cnt186>=1 ) { goto _loop186; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+				}
+				
+				_cnt186++;
+			}
+			_loop186:;
+			}  // ( ... )+
+			match('.' /* charlit */ );
+			{ // ( ... )+
+			int _cnt188=0;
+			for (;;) {
+				if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+					mDIGIT(false);
+				}
+				else {
+					if ( _cnt188>=1 ) { goto _loop188; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+				}
+				
+				_cnt188++;
+			}
+			_loop188:;
+			}  // ( ... )+
+			}
+			if ( inputState->guessing==0 ) {
+#line 1061 "pf.g"
+				_ttype = NUMBER;
+#line 861 "PFCfgLexer.cpp"
+			}
+		}
+		else {
+			bool synPredMatched207 = false;
+			if (((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && ((LA(3) >= 0x30 /* '0' */  && LA(3) <= 0x39 /* '9' */ )))) {
+				int _m207 = mark();
+				synPredMatched207 = true;
+				inputState->guessing++;
+				try {
+					{
+					match(':' /* charlit */ );
+					match(':' /* charlit */ );
+					mNUM_HEX_4DIGIT(false);
+					}
+				}
+				catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
+					synPredMatched207 = false;
+				}
+				rewind(_m207);
+				inputState->guessing--;
+			}
+			if ( synPredMatched207 ) {
+				match(':' /* charlit */ );
+				match(':' /* charlit */ );
+				mNUM_HEX_4DIGIT(false);
+				{ // ( ... )*
+				for (;;) {
+					if ((LA(1) == 0x3a /* ':' */ )) {
+						match(':' /* charlit */ );
+						mNUM_HEX_4DIGIT(false);
+					}
+					else {
+						goto _loop209;
+					}
+					
+				}
+				_loop209:;
+				} // ( ... )*
+				if ( inputState->guessing==0 ) {
+#line 1084 "pf.g"
+					_ttype = IPV6;
+#line 903 "PFCfgLexer.cpp"
+				}
+			}
+			else {
+				bool synPredMatched192 = false;
+				if ((((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */  && LA(2) <= 0x66 /* 'f' */ )))) {
+					int _m192 = mark();
+					synPredMatched192 = true;
+					inputState->guessing++;
+					try {
+						{
+						mNUM_HEX_4DIGIT(false);
+						match(':' /* charlit */ );
+						}
+					}
+					catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
+						synPredMatched192 = false;
+					}
+					rewind(_m192);
+					inputState->guessing--;
+				}
+				if ( synPredMatched192 ) {
+					{
+					bool synPredMatched197 = false;
+					if ((((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */  && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */  && LA(3) <= 0x3a /* ':' */ )))) {
+						int _m197 = mark();
+						synPredMatched197 = true;
+						inputState->guessing++;
+						try {
+							{
+							{ // ( ... )+
+							int _cnt196=0;
+							for (;;) {
+								if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+									mNUM_HEX_4DIGIT(false);
+									match(':' /* charlit */ );
+								}
+								else {
+									if ( _cnt196>=1 ) { goto _loop196; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+								}
+								
+								_cnt196++;
+							}
+							_loop196:;
+							}  // ( ... )+
+							match(':' /* charlit */ );
+							}
+						}
+						catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& pe) {
+							synPredMatched197 = false;
+						}
+						rewind(_m197);
+						inputState->guessing--;
+					}
+					if ( synPredMatched197 ) {
+						{
+						{ // ( ... )+
+						int _cnt200=0;
+						for (;;) {
+							if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+								mNUM_HEX_4DIGIT(false);
+								match(':' /* charlit */ );
+							}
+							else {
+								if ( _cnt200>=1 ) { goto _loop200; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+							}
+							
+							_cnt200++;
+						}
+						_loop200:;
+						}  // ( ... )+
+						match(':' /* charlit */ );
+						{
+						if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+							mNUM_HEX_4DIGIT(false);
+							{ // ( ... )*
+							for (;;) {
+								if ((LA(1) == 0x3a /* ':' */ )) {
+									match(':' /* charlit */ );
+									mNUM_HEX_4DIGIT(false);
+								}
+								else {
+									goto _loop203;
+								}
+								
+							}
+							_loop203:;
+							} // ( ... )*
+						}
+						else {
+						}
+						
+						}
+						}
+						if ( inputState->guessing==0 ) {
+#line 1075 "pf.g"
+							_ttype = IPV6;
+#line 1000 "PFCfgLexer.cpp"
+						}
+					}
+					else if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ )) && ((LA(2) >= 0x61 /* 'a' */  && LA(2) <= 0x66 /* 'f' */ )) && ((LA(3) >= 0x30 /* '0' */  && LA(3) <= 0x3a /* ':' */ ))) {
+						mNUM_HEX_4DIGIT(false);
+						{ // ( ... )+
+						int _cnt205=0;
+						for (;;) {
+							if ((LA(1) == 0x3a /* ':' */ )) {
+								match(':' /* charlit */ );
+								mNUM_HEX_4DIGIT(false);
+							}
+							else {
+								if ( _cnt205>=1 ) { goto _loop205; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+							}
+							
+							_cnt205++;
+						}
+						_loop205:;
+						}  // ( ... )+
+						if ( inputState->guessing==0 ) {
+#line 1078 "pf.g"
+							_ttype = IPV6;
+#line 1023 "PFCfgLexer.cpp"
+						}
+					}
+					else {
+						throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
+					}
+					
+					}
+					if ( inputState->guessing==0 ) {
+#line 1080 "pf.g"
+						_ttype = IPV6;
+#line 1034 "PFCfgLexer.cpp"
+					}
+				}
+				else if ((LA(1) == 0x3a /* ':' */ ) && (LA(2) == 0x3a /* ':' */ ) && (true)) {
+					match(':' /* charlit */ );
+					match(':' /* charlit */ );
+					if ( inputState->guessing==0 ) {
+#line 1087 "pf.g"
+						_ttype = IPV6;
+#line 1043 "PFCfgLexer.cpp"
+					}
+				}
+				else if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ )) && (true) && (true)) {
+					{ // ( ... )+
+					int _cnt190=0;
+					for (;;) {
+						if (((LA(1) >= 0x30 /* '0' */  && LA(1) <= 0x39 /* '9' */ ))) {
+							mDIGIT(false);
+						}
+						else {
+							if ( _cnt190>=1 ) { goto _loop190; } else {throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());}
+						}
+						
+						_cnt190++;
+					}
+					_loop190:;
+					}  // ( ... )+
+					if ( inputState->guessing==0 ) {
+#line 1066 "pf.g"
+						_ttype = INT_CONST;
+#line 1064 "PFCfgLexer.cpp"
+					}
+				}
+				else if ((LA(1) == 0x3a /* ':' */ ) && (true)) {
+					match(':' /* charlit */ );
+					if ( inputState->guessing==0 ) {
+#line 1090 "pf.g"
+						_ttype = COLON;
+#line 1072 "PFCfgLexer.cpp"
+					}
+				}
+				else if ((_tokenSet_3.member(LA(1)))) {
+					{
+					switch ( LA(1)) {
+					case 0x61 /* 'a' */ :
+					case 0x62 /* 'b' */ :
+					case 0x63 /* 'c' */ :
+					case 0x64 /* 'd' */ :
+					case 0x65 /* 'e' */ :
+					case 0x66 /* 'f' */ :
+					case 0x67 /* 'g' */ :
+					case 0x68 /* 'h' */ :
+					case 0x69 /* 'i' */ :
+					case 0x6a /* 'j' */ :
+					case 0x6b /* 'k' */ :
+					case 0x6c /* 'l' */ :
+					case 0x6d /* 'm' */ :
+					case 0x6e /* 'n' */ :
+					case 0x6f /* 'o' */ :
+					case 0x70 /* 'p' */ :
+					case 0x71 /* 'q' */ :
+					case 0x72 /* 'r' */ :
+					case 0x73 /* 's' */ :
+					case 0x74 /* 't' */ :
+					case 0x75 /* 'u' */ :
+					case 0x76 /* 'v' */ :
+					case 0x77 /* 'w' */ :
+					case 0x78 /* 'x' */ :
+					case 0x79 /* 'y' */ :
+					case 0x7a /* 'z' */ :
+					{
+						matchRange('a','z');
+						break;
+					}
+					case 0x41 /* 'A' */ :
+					case 0x42 /* 'B' */ :
+					case 0x43 /* 'C' */ :
+					case 0x44 /* 'D' */ :
+					case 0x45 /* 'E' */ :
+					case 0x46 /* 'F' */ :
+					case 0x47 /* 'G' */ :
+					case 0x48 /* 'H' */ :
+					case 0x49 /* 'I' */ :
+					case 0x4a /* 'J' */ :
+					case 0x4b /* 'K' */ :
+					case 0x4c /* 'L' */ :
+					case 0x4d /* 'M' */ :
+					case 0x4e /* 'N' */ :
+					case 0x4f /* 'O' */ :
+					case 0x50 /* 'P' */ :
+					case 0x51 /* 'Q' */ :
+					case 0x52 /* 'R' */ :
+					case 0x53 /* 'S' */ :
+					case 0x54 /* 'T' */ :
+					case 0x55 /* 'U' */ :
+					case 0x56 /* 'V' */ :
+					case 0x57 /* 'W' */ :
+					case 0x58 /* 'X' */ :
+					case 0x59 /* 'Y' */ :
+					case 0x5a /* 'Z' */ :
+					{
+						matchRange('A','Z');
+						break;
+					}
+					default:
+					{
+						throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
+					}
+					}
+					}
+					{ // ( ... )*
+					for (;;) {
+						switch ( LA(1)) {
+						case 0x22 /* '\"' */ :
+						{
+							match('\"' /* charlit */ );
+							break;
+						}
+						case 0x24 /* '$' */ :
+						{
+							match('$' /* charlit */ );
+							break;
+						}
+						case 0x25 /* '%' */ :
+						{
+							match('%' /* charlit */ );
+							break;
+						}
+						case 0x26 /* '&' */ :
+						{
+							match('&' /* charlit */ );
+							break;
+						}
+						case 0x2d /* '-' */ :
+						{
+							match('-' /* charlit */ );
+							break;
+						}
+						case 0x30 /* '0' */ :
+						case 0x31 /* '1' */ :
+						case 0x32 /* '2' */ :
+						case 0x33 /* '3' */ :
+						case 0x34 /* '4' */ :
+						case 0x35 /* '5' */ :
+						case 0x36 /* '6' */ :
+						case 0x37 /* '7' */ :
+						case 0x38 /* '8' */ :
+						case 0x39 /* '9' */ :
+						{
+							matchRange('0','9');
+							break;
+						}
+						case 0x3b /* ';' */ :
+						{
+							match(';' /* charlit */ );
+							break;
+						}
+						case 0x3f /* '?' */ :
+						{
+							match('?' /* charlit */ );
+							break;
+						}
+						case 0x40 /* '@' */ :
+						{
+							match('@' /* charlit */ );
+							break;
+						}
+						case 0x41 /* 'A' */ :
+						case 0x42 /* 'B' */ :
+						case 0x43 /* 'C' */ :
+						case 0x44 /* 'D' */ :
+						case 0x45 /* 'E' */ :
+						case 0x46 /* 'F' */ :
+						case 0x47 /* 'G' */ :
+						case 0x48 /* 'H' */ :
+						case 0x49 /* 'I' */ :
+						case 0x4a /* 'J' */ :
+						case 0x4b /* 'K' */ :
+						case 0x4c /* 'L' */ :
+						case 0x4d /* 'M' */ :
+						case 0x4e /* 'N' */ :
+						case 0x4f /* 'O' */ :
+						case 0x50 /* 'P' */ :
+						case 0x51 /* 'Q' */ :
+						case 0x52 /* 'R' */ :
+						case 0x53 /* 'S' */ :
+						case 0x54 /* 'T' */ :
+						case 0x55 /* 'U' */ :
+						case 0x56 /* 'V' */ :
+						case 0x57 /* 'W' */ :
+						case 0x58 /* 'X' */ :
+						case 0x59 /* 'Y' */ :
+						case 0x5a /* 'Z' */ :
+						{
+							matchRange('A','Z');
+							break;
+						}
+						case 0x5c /* '\\' */ :
+						{
+							match('\\' /* charlit */ );
+							break;
+						}
+						case 0x5e /* '^' */ :
+						{
+							match('^' /* charlit */ );
+							break;
+						}
+						case 0x5f /* '_' */ :
+						{
+							match('_' /* charlit */ );
+							break;
+						}
+						case 0x60 /* '`' */ :
+						{
+							match('`' /* charlit */ );
+							break;
+						}
+						case 0x61 /* 'a' */ :
+						case 0x62 /* 'b' */ :
+						case 0x63 /* 'c' */ :
+						case 0x64 /* 'd' */ :
+						case 0x65 /* 'e' */ :
+						case 0x66 /* 'f' */ :
+						case 0x67 /* 'g' */ :
+						case 0x68 /* 'h' */ :
+						case 0x69 /* 'i' */ :
+						case 0x6a /* 'j' */ :
+						case 0x6b /* 'k' */ :
+						case 0x6c /* 'l' */ :
+						case 0x6d /* 'm' */ :
+						case 0x6e /* 'n' */ :
+						case 0x6f /* 'o' */ :
+						case 0x70 /* 'p' */ :
+						case 0x71 /* 'q' */ :
+						case 0x72 /* 'r' */ :
+						case 0x73 /* 's' */ :
+						case 0x74 /* 't' */ :
+						case 0x75 /* 'u' */ :
+						case 0x76 /* 'v' */ :
+						case 0x77 /* 'w' */ :
+						case 0x78 /* 'x' */ :
+						case 0x79 /* 'y' */ :
+						case 0x7a /* 'z' */ :
+						{
+							matchRange('a','z');
+							break;
+						}
+						default:
+						{
+							goto _loop212;
+						}
+						}
+					}
+					_loop212:;
+					} // ( ... )*
+					if ( inputState->guessing==0 ) {
+#line 1102 "pf.g"
+						_ttype = WORD;
+#line 1292 "PFCfgLexer.cpp"
+					}
+				}
+	else {
+		throw ANTLR_USE_NAMESPACE(antlr)NoViableAltForCharException(LA(1), getFilename(), getLine(), getColumn());
+	}
+	}}}
+	_ttype = testLiteralsTable(_ttype);
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mSTRING(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = STRING;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('\"' /* charlit */ );
+	{ // ( ... )*
+	for (;;) {
+		if ((_tokenSet_4.member(LA(1)))) {
+			matchNot('\"' /* charlit */ );
+		}
+		else {
+			goto _loop215;
+		}
+		
+	}
+	_loop215:;
+	} // ( ... )*
+	match('\"' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mPIPE_CHAR(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = PIPE_CHAR;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('|' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mNUMBER_SIGN(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = NUMBER_SIGN;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('#' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mPERCENT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = PERCENT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('%' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mAMPERSAND(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = AMPERSAND;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('&' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mAPOSTROPHE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = APOSTROPHE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('\'' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mSTAR(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = STAR;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('*' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mPLUS(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = PLUS;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('+' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mCOMMA(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = COMMA;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match(',' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mMINUS(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = MINUS;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('-' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mDOT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = DOT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('.' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mSLASH(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = SLASH;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('/' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mSEMICOLON(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = SEMICOLON;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match(';' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mEQUAL(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = EQUAL;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('=' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mQUESTION(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = QUESTION;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('?' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mCOMMERCIAL_AT(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = COMMERCIAL_AT;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('@' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mOPENING_PAREN(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = OPENING_PAREN;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('(' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mCLOSING_PAREN(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = CLOSING_PAREN;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match(')' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mOPENING_SQUARE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = OPENING_SQUARE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('[' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mCLOSING_SQUARE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = CLOSING_SQUARE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match(']' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mOPENING_BRACE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = OPENING_BRACE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('{' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mCLOSING_BRACE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = CLOSING_BRACE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('}' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mCARET(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = CARET;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('^' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mUNDERLINE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = UNDERLINE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('_' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mTILDE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = TILDE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('~' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mEXLAMATION(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = EXLAMATION;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('!' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mLESS_THAN(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = LESS_THAN;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('<' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mGREATER_THAN(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = GREATER_THAN;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('>' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+void PFCfgLexer::mDOUBLE_QUOTE(bool _createToken) {
+	int _ttype; ANTLR_USE_NAMESPACE(antlr)RefToken _token; ANTLR_USE_NAMESPACE(std)string::size_type _begin = text.length();
+	_ttype = DOUBLE_QUOTE;
+	ANTLR_USE_NAMESPACE(std)string::size_type _saveIndex;
+	
+	match('\"' /* charlit */ );
+	if ( _createToken && _token==ANTLR_USE_NAMESPACE(antlr)nullToken && _ttype!=ANTLR_USE_NAMESPACE(antlr)Token::SKIP ) {
+	   _token = makeToken(_ttype);
+	   _token->setText(text.substr(_begin, text.length()-_begin));
+	}
+	_returnToken = _token;
+	_saveIndex=0;
+}
+
+
+const unsigned long PFCfgLexer::_tokenSet_0_data_[] = { 4294958072UL, 1UL, 0UL, 2147483648UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 
+// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f   0x7f 0x80 0x81 
+// 0x82 0x83 0x84 0x85 0x86 0x87 0x88 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_0(_tokenSet_0_data_,16);
+const unsigned long PFCfgLexer::_tokenSet_1_data_[] = { 4294958072UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xb 0xc 0xe 0xf 0x10 0x11 0x12 0x13 0x14 
+// 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f   ! \" # $ % 
+// & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F G 
+// H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g h 
+// i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 
+// 0x84 0x85 0x86 0x87 0x88 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_1(_tokenSet_1_data_,16);
+const unsigned long PFCfgLexer::_tokenSet_2_data_[] = { 0UL, 67059712UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// . 0 1 2 3 4 5 6 7 8 9 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_2(_tokenSet_2_data_,10);
+const unsigned long PFCfgLexer::_tokenSet_3_data_[] = { 0UL, 0UL, 134217726UL, 134217726UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// A B C D E F G H I J K L M N O P Q R S T U V W X Y Z a b c d e f g h 
+// i j k l m n o p q r s t u v w x y z 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_3(_tokenSet_3_data_,10);
+const unsigned long PFCfgLexer::_tokenSet_4_data_[] = { 4294967288UL, 4294967291UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 4294967295UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// 0x3 0x4 0x5 0x6 0x7 0x8 0x9 0xa 0xb 0xc 0xd 0xe 0xf 0x10 0x11 0x12 0x13 
+// 0x14 0x15 0x16 0x17 0x18 0x19 0x1a 0x1b 0x1c 0x1d 0x1e 0x1f   ! # $ 
+// % & \' ( ) * + , - . / 0 1 2 3 4 5 6 7 8 9 : ; < = > ? @ A B C D E F 
+// G H I J K L M N O P Q R S T U V W X Y Z [ 0x5c ] ^ _ ` a b c d e f g 
+// h i j k l m n o p q r s t u v w x y z { | } ~ 0x7f 0x80 0x81 0x82 0x83 
+// 0x84 0x85 0x86 0x87 0x88 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgLexer::_tokenSet_4(_tokenSet_4_data_,16);
+
diff --git a/src/parsers/PFCfgLexer.hpp b/src/parsers/PFCfgLexer.hpp
new file mode 100644
index 000000000..884935613
--- /dev/null
+++ b/src/parsers/PFCfgLexer.hpp
@@ -0,0 +1,106 @@
+#ifndef INC_PFCfgLexer_hpp_
+#define INC_PFCfgLexer_hpp_
+
+#line 25 "pf.g"
+
+    // gets inserted before antlr generated includes in the header
+    // file
+#include "PFImporter.h"
+
+#line 11 "PFCfgLexer.hpp"
+#include <antlr/config.hpp>
+/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgLexer.hpp"$ */
+#include <antlr/CommonToken.hpp>
+#include <antlr/InputBuffer.hpp>
+#include <antlr/BitSet.hpp>
+#include "PFCfgParserTokenTypes.hpp"
+#include <antlr/CharScanner.hpp>
+#line 32 "pf.g"
+
+    // gets inserted after antlr generated includes in the header file
+    // outside any generated namespace specifications
+
+#include <sstream>
+
+class PFImporter;
+
+#line 28 "PFCfgLexer.hpp"
+#line 56 "pf.g"
+
+    // gets inserted after generated namespace specifications in the
+    // header file. But outside the generated class.
+
+#line 34 "PFCfgLexer.hpp"
+class CUSTOM_API PFCfgLexer : public ANTLR_USE_NAMESPACE(antlr)CharScanner, public PFCfgParserTokenTypes
+{
+#line 1 "pf.g"
+#line 38 "PFCfgLexer.hpp"
+private:
+	void initLiterals();
+public:
+	bool getCaseSensitiveLiterals() const
+	{
+		return true;
+	}
+public:
+	PFCfgLexer(ANTLR_USE_NAMESPACE(std)istream& in);
+	PFCfgLexer(ANTLR_USE_NAMESPACE(antlr)InputBuffer& ib);
+	PFCfgLexer(const ANTLR_USE_NAMESPACE(antlr)LexerSharedInputState& state);
+	ANTLR_USE_NAMESPACE(antlr)RefToken nextToken();
+	public: void mLINE_COMMENT(bool _createToken);
+	public: void mNEWLINE(bool _createToken);
+	public: void mWhitespace(bool _createToken);
+	protected: void mINT_CONST(bool _createToken);
+	protected: void mHEX_CONST(bool _createToken);
+	protected: void mNUMBER(bool _createToken);
+	protected: void mNEG_INT_CONST(bool _createToken);
+	protected: void mCOLON(bool _createToken);
+	protected: void mHEX_DIGIT(bool _createToken);
+	protected: void mDIGIT(bool _createToken);
+	protected: void mNUM_3DIGIT(bool _createToken);
+	protected: void mNUM_HEX_4DIGIT(bool _createToken);
+	public: void mNUMBER_ADDRESS_OR_WORD(bool _createToken);
+	public: void mSTRING(bool _createToken);
+	public: void mPIPE_CHAR(bool _createToken);
+	public: void mNUMBER_SIGN(bool _createToken);
+	public: void mPERCENT(bool _createToken);
+	public: void mAMPERSAND(bool _createToken);
+	public: void mAPOSTROPHE(bool _createToken);
+	public: void mSTAR(bool _createToken);
+	public: void mPLUS(bool _createToken);
+	public: void mCOMMA(bool _createToken);
+	public: void mMINUS(bool _createToken);
+	public: void mDOT(bool _createToken);
+	public: void mSLASH(bool _createToken);
+	public: void mSEMICOLON(bool _createToken);
+	public: void mEQUAL(bool _createToken);
+	public: void mQUESTION(bool _createToken);
+	public: void mCOMMERCIAL_AT(bool _createToken);
+	public: void mOPENING_PAREN(bool _createToken);
+	public: void mCLOSING_PAREN(bool _createToken);
+	public: void mOPENING_SQUARE(bool _createToken);
+	public: void mCLOSING_SQUARE(bool _createToken);
+	public: void mOPENING_BRACE(bool _createToken);
+	public: void mCLOSING_BRACE(bool _createToken);
+	public: void mCARET(bool _createToken);
+	public: void mUNDERLINE(bool _createToken);
+	public: void mTILDE(bool _createToken);
+	public: void mEXLAMATION(bool _createToken);
+	public: void mLESS_THAN(bool _createToken);
+	public: void mGREATER_THAN(bool _createToken);
+	public: void mDOUBLE_QUOTE(bool _createToken);
+private:
+	
+	static const unsigned long _tokenSet_0_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0;
+	static const unsigned long _tokenSet_1_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1;
+	static const unsigned long _tokenSet_2_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2;
+	static const unsigned long _tokenSet_3_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3;
+	static const unsigned long _tokenSet_4_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4;
+};
+
+#endif /*INC_PFCfgLexer_hpp_*/
diff --git a/src/parsers/PFCfgParser.cpp b/src/parsers/PFCfgParser.cpp
new file mode 100644
index 000000000..bebadf05a
--- /dev/null
+++ b/src/parsers/PFCfgParser.cpp
@@ -0,0 +1,3587 @@
+/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.cpp"$ */
+#line 42 "pf.g"
+
+    // gets inserted before the antlr generated includes in the cpp
+    // file
+
+#line 8 "PFCfgParser.cpp"
+#include "PFCfgParser.hpp"
+#include <antlr/NoViableAltException.hpp>
+#include <antlr/SemanticException.hpp>
+#include <antlr/ASTFactory.hpp>
+#line 48 "pf.g"
+
+    // gets inserted after the antlr generated includes in the cpp
+    // file
+#include <antlr/Token.hpp>
+#include <antlr/TokenBuffer.hpp>
+
+#line 20 "PFCfgParser.cpp"
+#line 1 "pf.g"
+#line 22 "PFCfgParser.cpp"
+PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k)
+: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,k)
+{
+}
+
+PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf)
+: ANTLR_USE_NAMESPACE(antlr)LLkParser(tokenBuf,2)
+{
+}
+
+PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k)
+: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,k)
+{
+}
+
+PFCfgParser::PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer)
+: ANTLR_USE_NAMESPACE(antlr)LLkParser(lexer,2)
+{
+}
+
+PFCfgParser::PFCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state)
+: ANTLR_USE_NAMESPACE(antlr)LLkParser(state,2)
+{
+}
+
+void PFCfgParser::cfgfile() {
+	Tracer traceInOut(this, "cfgfile");
+	
+	try {      // for error handling
+		{ // ( ... )*
+		for (;;) {
+			switch ( LA(1)) {
+			case LINE_COMMENT:
+			{
+				comment();
+				break;
+			}
+			case ALTQ:
+			{
+				altq_command();
+				break;
+			}
+			case ANTISPOOF:
+			{
+				antispoof_command();
+				break;
+			}
+			case QUEUE:
+			{
+				queue_command();
+				break;
+			}
+			case SET:
+			{
+				set_command();
+				break;
+			}
+			case SCRUB:
+			{
+				scrub_command();
+				break;
+			}
+			case TABLE:
+			{
+				table_command();
+				break;
+			}
+			case NAT:
+			{
+				nat_command();
+				break;
+			}
+			case RDR:
+			{
+				rdr_command();
+				break;
+			}
+			case BINAT:
+			{
+				binat_command();
+				break;
+			}
+			case PASS:
+			{
+				pass_command();
+				break;
+			}
+			case BLOCK:
+			{
+				block_command();
+				break;
+			}
+			case TIMEOUT:
+			{
+				timeout_command();
+				break;
+			}
+			case NEWLINE:
+			{
+				match(NEWLINE);
+				break;
+			}
+			default:
+				if ((LA(1) == WORD) && (LA(2) == EQUAL)) {
+					macro_definition();
+				}
+				else if ((LA(1) == WORD) && (_tokenSet_0.member(LA(2)))) {
+					unknown_command();
+				}
+			else {
+				goto _loop3;
+			}
+			}
+		}
+		_loop3:;
+		} // ( ... )*
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_1);
+	}
+}
+
+void PFCfgParser::comment() {
+	Tracer traceInOut(this, "comment");
+	
+	try {      // for error handling
+		match(LINE_COMMENT);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::macro_definition() {
+	Tracer traceInOut(this, "macro_definition");
+	
+	try {      // for error handling
+		match(WORD);
+		match(EQUAL);
+#line 153 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		consumeUntil(NEWLINE);
+		
+#line 170 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::altq_command() {
+	Tracer traceInOut(this, "altq_command");
+	
+	try {      // for error handling
+		match(ALTQ);
+#line 173 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Error: import of 'altq' commands is not supported."));
+		consumeUntil(NEWLINE);
+		
+#line 191 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::antispoof_command() {
+	Tracer traceInOut(this, "antispoof_command");
+	
+	try {      // for error handling
+		match(ANTISPOOF);
+#line 162 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Warning: import of 'antispoof' commands has not been implemented yet."));
+		consumeUntil(NEWLINE);
+		
+#line 212 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::queue_command() {
+	Tracer traceInOut(this, "queue_command");
+	
+	try {      // for error handling
+		match(QUEUE);
+#line 184 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Error: import of 'queue' commands is not supported."));
+		consumeUntil(NEWLINE);
+		
+#line 233 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::set_command() {
+	Tracer traceInOut(this, "set_command");
+	
+	try {      // for error handling
+		match(SET);
+#line 195 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Warning: import of 'set' commands has not been implemented yet."));
+		consumeUntil(NEWLINE);
+		
+#line 254 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::scrub_command() {
+	Tracer traceInOut(this, "scrub_command");
+	
+	try {      // for error handling
+		match(SCRUB);
+#line 206 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Warning: import of 'scrub' commands has not been implemented yet."));
+		consumeUntil(NEWLINE);
+		
+#line 275 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::table_command() {
+	Tracer traceInOut(this, "table_command");
+	ANTLR_USE_NAMESPACE(antlr)RefToken  name = ANTLR_USE_NAMESPACE(antlr)nullToken;
+	ANTLR_USE_NAMESPACE(antlr)RefToken  file = ANTLR_USE_NAMESPACE(antlr)nullToken;
+	
+	try {      // for error handling
+		match(TABLE);
+#line 218 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		
+#line 295 "PFCfgParser.cpp"
+		match(LESS_THAN);
+		name = LT(1);
+		match(WORD);
+		match(GREATER_THAN);
+		{
+		switch ( LA(1)) {
+		case PERSIST:
+		{
+			match(PERSIST);
+			break;
+		}
+		case CONST:
+		case COUNTERS:
+		case FILE:
+		case OPENING_BRACE:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case CONST:
+		{
+			match(CONST);
+			break;
+		}
+		case COUNTERS:
+		case FILE:
+		case OPENING_BRACE:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case COUNTERS:
+		{
+			match(COUNTERS);
+			break;
+		}
+		case FILE:
+		case OPENING_BRACE:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case FILE:
+		{
+			match(FILE);
+			file = LT(1);
+			match(STRING);
+#line 230 "pf.g"
+			
+			importer->newAddressTableObject(
+			name->getText(), file->getText());
+			
+#line 369 "PFCfgParser.cpp"
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			match(OPENING_BRACE);
+			tableaddr_spec();
+			{ // ( ... )*
+			for (;;) {
+				if ((_tokenSet_2.member(LA(1)))) {
+					{
+					switch ( LA(1)) {
+					case COMMA:
+					{
+						match(COMMA);
+						break;
+					}
+					case WORD:
+					case EXLAMATION:
+					case SELF:
+					case IPV4:
+					{
+						break;
+					}
+					default:
+					{
+						throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+					}
+					}
+					}
+					tableaddr_spec();
+				}
+				else {
+					goto _loop18;
+				}
+				
+			}
+			_loop18:;
+			} // ( ... )*
+			match(CLOSING_BRACE);
+#line 242 "pf.g"
+			
+			importer->newAddressTableObject(
+			name->getText(), importer->tmp_group);
+			
+#line 414 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::nat_command() {
+	Tracer traceInOut(this, "nat_command");
+	
+	try {      // for error handling
+		match(NAT);
+#line 287 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Warning: import of 'nat' commands has not been implemented yet."));
+		consumeUntil(NEWLINE);
+		
+#line 443 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::rdr_command() {
+	Tracer traceInOut(this, "rdr_command");
+	
+	try {      // for error handling
+		match(RDR);
+#line 309 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Warning: import of 'rdr' commands has not been implemented yet."));
+		consumeUntil(NEWLINE);
+		
+#line 464 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::binat_command() {
+	Tracer traceInOut(this, "binat_command");
+	
+	try {      // for error handling
+		match(BINAT);
+#line 298 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Error: import of 'binat' commands is not supported."));
+		consumeUntil(NEWLINE);
+		
+#line 485 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::pass_command() {
+	Tracer traceInOut(this, "pass_command");
+	
+	try {      // for error handling
+		match(PASS);
+#line 343 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->newPolicyRule();
+		importer->action = "pass";
+		*dbg << LT(1)->getLine() << ":" << " pass ";
+		
+#line 506 "PFCfgParser.cpp"
+		rule_extended();
+		match(NEWLINE);
+#line 351 "pf.g"
+		
+		importer->pushRule();
+		
+#line 513 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::block_command() {
+	Tracer traceInOut(this, "block_command");
+	
+	try {      // for error handling
+		match(BLOCK);
+#line 357 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->newPolicyRule();
+		importer->action = "block";
+		*dbg << LT(1)->getLine() << ":" << " block   ";
+		
+#line 534 "PFCfgParser.cpp"
+		rule_extended();
+		match(NEWLINE);
+#line 365 "pf.g"
+		
+		importer->pushRule();
+		
+#line 541 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::timeout_command() {
+	Tracer traceInOut(this, "timeout_command");
+	
+	try {      // for error handling
+		match(TIMEOUT);
+#line 320 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		importer->addMessageToLog(
+		QString("Warning: import of 'timeout' commands has not been implemented yet."));
+		consumeUntil(NEWLINE);
+		
+#line 562 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::unknown_command() {
+	Tracer traceInOut(this, "unknown_command");
+	
+	try {      // for error handling
+		match(WORD);
+#line 332 "pf.g"
+		
+		importer->clear();
+		importer->setCurrentLineNumber(LT(0)->getLine());
+		consumeUntil(NEWLINE);
+		
+#line 581 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_0);
+	}
+}
+
+void PFCfgParser::tableaddr_spec() {
+	Tracer traceInOut(this, "tableaddr_spec");
+#line 249 "pf.g"
+	AddressSpec as;
+#line 593 "PFCfgParser.cpp"
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case EXLAMATION:
+		{
+			match(EXLAMATION);
+#line 250 "pf.g"
+			as.neg = true;
+#line 603 "PFCfgParser.cpp"
+			break;
+		}
+		case WORD:
+		case SELF:
+		case IPV4:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case WORD:
+		{
+			match(WORD);
+#line 253 "pf.g"
+			
+			as.at = AddressSpec::INTERFACE_NAME;
+			as.address = LT(0)->getText();
+			
+#line 628 "PFCfgParser.cpp"
+			break;
+		}
+		case SELF:
+		{
+			match(SELF);
+#line 259 "pf.g"
+			
+			as.at = AddressSpec::SPECIAL_ADDRESS;
+			as.address = "self";
+			
+#line 639 "PFCfgParser.cpp"
+			break;
+		}
+		case IPV4:
+		{
+			match(IPV4);
+#line 265 "pf.g"
+			
+			as.at = AddressSpec::HOST_ADDRESS;
+			as.address = LT(0)->getText();
+			
+#line 650 "PFCfgParser.cpp"
+			{
+			switch ( LA(1)) {
+			case SLASH:
+			{
+				match(SLASH);
+#line 271 "pf.g"
+				
+				as.at = AddressSpec::NETWORK_ADDRESS;
+				
+#line 660 "PFCfgParser.cpp"
+				{
+				switch ( LA(1)) {
+				case IPV4:
+				{
+					match(IPV4);
+					break;
+				}
+				case INT_CONST:
+				{
+					match(INT_CONST);
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+#line 275 "pf.g"
+				
+				as.netmask = LT(0)->getText(); 
+				
+#line 683 "PFCfgParser.cpp"
+				break;
+			}
+			case WORD:
+			case COMMA:
+			case CLOSING_BRACE:
+			case EXLAMATION:
+			case SELF:
+			case IPV4:
+			{
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 280 "pf.g"
+		
+		importer->tmp_group.push_back(as);
+		
+#line 713 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_3);
+	}
+}
+
+void PFCfgParser::rule_extended() {
+	Tracer traceInOut(this, "rule_extended");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case IN:
+		case OUT:
+		{
+			direction();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case LOG:
+		case ALL:
+		case TO:
+		case QUICK:
+		case ON:
+		case INET:
+		case INET6:
+		case PROTO:
+		case FROM:
+		case ROUTE_TO:
+		case REPLY_TO:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case LOG:
+		{
+			logging();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case ALL:
+		case TO:
+		case QUICK:
+		case ON:
+		case INET:
+		case INET6:
+		case PROTO:
+		case FROM:
+		case ROUTE_TO:
+		case REPLY_TO:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case QUICK:
+		{
+			quick();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case ALL:
+		case TO:
+		case ON:
+		case INET:
+		case INET6:
+		case PROTO:
+		case FROM:
+		case ROUTE_TO:
+		case REPLY_TO:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case ON:
+		{
+			intrface();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case ALL:
+		case TO:
+		case INET:
+		case INET6:
+		case PROTO:
+		case FROM:
+		case ROUTE_TO:
+		case REPLY_TO:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case ROUTE_TO:
+		case REPLY_TO:
+		{
+			route();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case ALL:
+		case TO:
+		case INET:
+		case INET6:
+		case PROTO:
+		case FROM:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case INET:
+		case INET6:
+		{
+			address_family();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case ALL:
+		case TO:
+		case PROTO:
+		case FROM:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case PROTO:
+		{
+			protospec();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case ALL:
+		case TO:
+		case FROM:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		if ((_tokenSet_4.member(LA(1))) && (_tokenSet_5.member(LA(2)))) {
+			hosts();
+		}
+		else if ((_tokenSet_6.member(LA(1))) && (_tokenSet_7.member(LA(2)))) {
+		}
+		else {
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		
+		}
+		{
+		switch ( LA(1)) {
+		case QUEUE:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			filteropts();
+			break;
+		}
+		case NEWLINE:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_8);
+	}
+}
+
+void PFCfgParser::direction() {
+	Tracer traceInOut(this, "direction");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case IN:
+		{
+			match(IN);
+			break;
+		}
+		case OUT:
+		{
+			match(OUT);
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 383 "pf.g"
+		
+		importer->direction = LT(0)->getText();
+		
+#line 1046 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_9);
+	}
+}
+
+void PFCfgParser::logging() {
+	Tracer traceInOut(this, "logging");
+	
+	try {      // for error handling
+		match(LOG);
+		{
+		switch ( LA(1)) {
+		case OPENING_PAREN:
+		{
+			logopts();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case ALL:
+		case TO:
+		case QUICK:
+		case ON:
+		case INET:
+		case INET6:
+		case PROTO:
+		case FROM:
+		case ROUTE_TO:
+		case REPLY_TO:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 390 "pf.g"
+		
+		importer->logging = true;
+		
+#line 1101 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_10);
+	}
+}
+
+void PFCfgParser::quick() {
+	Tracer traceInOut(this, "quick");
+	
+	try {      // for error handling
+		match(QUICK);
+#line 412 "pf.g"
+		
+		importer->quick = true;
+		
+#line 1118 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_11);
+	}
+}
+
+void PFCfgParser::intrface() {
+	Tracer traceInOut(this, "intrface");
+	
+	try {      // for error handling
+		match(ON);
+		{
+		switch ( LA(1)) {
+		case WORD:
+		case EXLAMATION:
+		{
+			ifspec();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			interface_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_12);
+	}
+}
+
+void PFCfgParser::route() {
+	Tracer traceInOut(this, "route");
+	
+	try {      // for error handling
+		switch ( LA(1)) {
+		case ROUTE_TO:
+		{
+			route_to();
+			break;
+		}
+		case REPLY_TO:
+		{
+			reply_to();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_13);
+	}
+}
+
+void PFCfgParser::address_family() {
+	Tracer traceInOut(this, "address_family");
+	
+	try {      // for error handling
+		switch ( LA(1)) {
+		case INET:
+		{
+			match(INET);
+			break;
+		}
+		case INET6:
+		{
+			match(INET6);
+#line 442 "pf.g"
+			
+			importer->address_family = LT(0)->getText();
+			
+#line 1201 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_14);
+	}
+}
+
+void PFCfgParser::protospec() {
+	Tracer traceInOut(this, "protospec");
+	
+	try {      // for error handling
+		match(PROTO);
+		proto_def();
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_4);
+	}
+}
+
+void PFCfgParser::hosts() {
+	Tracer traceInOut(this, "hosts");
+	
+	try {      // for error handling
+		switch ( LA(1)) {
+		case ALL:
+		{
+			match(ALL);
+#line 485 "pf.g"
+			
+			importer->src_group.push_back(
+			AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
+			importer->dst_group.push_back(
+			AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
+			
+#line 1244 "PFCfgParser.cpp"
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case TO:
+		case FROM:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			{
+			switch ( LA(1)) {
+			case FROM:
+			{
+				hosts_from();
+				break;
+			}
+			case NEWLINE:
+			case QUEUE:
+			case TO:
+			case FLAGS:
+			case ICMP_TYPE:
+			case ICMP6_TYPE:
+			case TAGGED:
+			case TAG:
+			case NO:
+			case KEEP:
+			case MODULATE:
+			case SYNPROXY:
+			case LABEL:
+			{
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+			{
+			switch ( LA(1)) {
+			case TO:
+			{
+				hosts_to();
+				break;
+			}
+			case NEWLINE:
+			case QUEUE:
+			case FLAGS:
+			case ICMP_TYPE:
+			case ICMP6_TYPE:
+			case TAGGED:
+			case TAG:
+			case NO:
+			case KEEP:
+			case MODULATE:
+			case SYNPROXY:
+			case LABEL:
+			{
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_6);
+	}
+}
+
+void PFCfgParser::filteropts() {
+	Tracer traceInOut(this, "filteropts");
+	
+	try {      // for error handling
+		filteropt();
+		{ // ( ... )*
+		for (;;) {
+			if ((_tokenSet_15.member(LA(1)))) {
+				{
+				switch ( LA(1)) {
+				case COMMA:
+				{
+					match(COMMA);
+					break;
+				}
+				case QUEUE:
+				case FLAGS:
+				case ICMP_TYPE:
+				case ICMP6_TYPE:
+				case TAGGED:
+				case TAG:
+				case NO:
+				case KEEP:
+				case MODULATE:
+				case SYNPROXY:
+				case LABEL:
+				{
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+				filteropt();
+			}
+			else {
+				goto _loop106;
+			}
+			
+		}
+		_loop106:;
+		} // ( ... )*
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_8);
+	}
+}
+
+void PFCfgParser::logopts() {
+	Tracer traceInOut(this, "logopts");
+	
+	try {      // for error handling
+		match(OPENING_PAREN);
+		logopt();
+		{ // ( ... )*
+		for (;;) {
+			if ((LA(1) == COMMA)) {
+				match(COMMA);
+#line 399 "pf.g"
+				importer->logopts += ",";
+#line 1396 "PFCfgParser.cpp"
+				logopt();
+			}
+			else {
+				goto _loop47;
+			}
+			
+		}
+		_loop47:;
+		} // ( ... )*
+		match(CLOSING_PAREN);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_10);
+	}
+}
+
+void PFCfgParser::logopt() {
+	Tracer traceInOut(this, "logopt");
+	
+	try {      // for error handling
+		switch ( LA(1)) {
+		case ALL:
+		{
+			match(ALL);
+			break;
+		}
+		case USER:
+		{
+			match(USER);
+			break;
+		}
+		case TO:
+		{
+			match(TO);
+			match(WORD);
+#line 406 "pf.g"
+			
+			importer->logopts += LT(0)->getText();
+			
+#line 1437 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_16);
+	}
+}
+
+void PFCfgParser::ifspec() {
+	Tracer traceInOut(this, "ifspec");
+#line 420 "pf.g"
+	InterfaceSpec is;
+#line 1456 "PFCfgParser.cpp"
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case EXLAMATION:
+		{
+			match(EXLAMATION);
+#line 421 "pf.g"
+			is.neg = true;
+#line 1466 "PFCfgParser.cpp"
+			break;
+		}
+		case WORD:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		match(WORD);
+#line 423 "pf.g"
+		
+		is.name = LT(0)->getText();
+		importer->iface_group.push_back(is);
+		importer->newInterface(is.name);
+		
+#line 1486 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_17);
+	}
+}
+
+void PFCfgParser::interface_list() {
+	Tracer traceInOut(this, "interface_list");
+	
+	try {      // for error handling
+		match(OPENING_BRACE);
+		ifspec();
+		{ // ( ... )*
+		for (;;) {
+			if ((LA(1) == WORD || LA(1) == COMMA || LA(1) == EXLAMATION)) {
+				{
+				switch ( LA(1)) {
+				case COMMA:
+				{
+					match(COMMA);
+					break;
+				}
+				case WORD:
+				case EXLAMATION:
+				{
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+				ifspec();
+			}
+			else {
+				goto _loop57;
+			}
+			
+		}
+		_loop57:;
+		} // ( ... )*
+		match(CLOSING_BRACE);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_12);
+	}
+}
+
+void PFCfgParser::proto_def() {
+	Tracer traceInOut(this, "proto_def");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case IP:
+		case ICMP:
+		case IGMP:
+		case TCP:
+		case UDP:
+		case RDP:
+		case RSVP:
+		case GRE:
+		case ESP:
+		case AH:
+		case EIGRP:
+		case OSPF:
+		case IPIP:
+		case VRRP:
+		case L2TP:
+		case ISIS:
+		{
+			proto_name();
+			break;
+		}
+		case INT_CONST:
+		{
+			proto_number();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			proto_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_18);
+	}
+}
+
+void PFCfgParser::proto_name() {
+	Tracer traceInOut(this, "proto_name");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case IP:
+		{
+			match(IP);
+			break;
+		}
+		case ICMP:
+		{
+			match(ICMP);
+			break;
+		}
+		case IGMP:
+		{
+			match(IGMP);
+			break;
+		}
+		case TCP:
+		{
+			match(TCP);
+			break;
+		}
+		case UDP:
+		{
+			match(UDP);
+			break;
+		}
+		case RDP:
+		{
+			match(RDP);
+			break;
+		}
+		case RSVP:
+		{
+			match(RSVP);
+			break;
+		}
+		case GRE:
+		{
+			match(GRE);
+			break;
+		}
+		case ESP:
+		{
+			match(ESP);
+			break;
+		}
+		case AH:
+		{
+			match(AH);
+			break;
+		}
+		case EIGRP:
+		{
+			match(EIGRP);
+			break;
+		}
+		case OSPF:
+		{
+			match(OSPF);
+			break;
+		}
+		case IPIP:
+		{
+			match(IPIP);
+			break;
+		}
+		case VRRP:
+		{
+			match(VRRP);
+			break;
+		}
+		case L2TP:
+		{
+			match(L2TP);
+			break;
+		}
+		case ISIS:
+		{
+			match(ISIS);
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 462 "pf.g"
+		
+		importer->proto_list.push_back(LT(0)->getText());
+		
+#line 1683 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_18);
+	}
+}
+
+void PFCfgParser::proto_number() {
+	Tracer traceInOut(this, "proto_number");
+	
+	try {      // for error handling
+		match(INT_CONST);
+#line 468 "pf.g"
+		
+		importer->proto_list.push_back(LT(0)->getText());
+		
+#line 1700 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_18);
+	}
+}
+
+void PFCfgParser::proto_list() {
+	Tracer traceInOut(this, "proto_list");
+	
+	try {      // for error handling
+		match(OPENING_BRACE);
+		proto_def();
+		{ // ( ... )*
+		for (;;) {
+			if ((_tokenSet_19.member(LA(1)))) {
+				{
+				switch ( LA(1)) {
+				case COMMA:
+				{
+					match(COMMA);
+					break;
+				}
+				case OPENING_BRACE:
+				case INT_CONST:
+				case IP:
+				case ICMP:
+				case IGMP:
+				case TCP:
+				case UDP:
+				case RDP:
+				case RSVP:
+				case GRE:
+				case ESP:
+				case AH:
+				case EIGRP:
+				case OSPF:
+				case IPIP:
+				case VRRP:
+				case L2TP:
+				case ISIS:
+				{
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+				proto_def();
+			}
+			else {
+				goto _loop68;
+			}
+			
+		}
+		_loop68:;
+		} // ( ... )*
+		match(CLOSING_BRACE);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_18);
+	}
+}
+
+void PFCfgParser::hosts_from() {
+	Tracer traceInOut(this, "hosts_from");
+	
+	try {      // for error handling
+		match(FROM);
+		{
+		switch ( LA(1)) {
+		case WORD:
+		case LESS_THAN:
+		case OPENING_BRACE:
+		case EXLAMATION:
+		case SELF:
+		case IPV4:
+		case URPF_FAILED:
+		case ANY:
+		case NO_ROUTE:
+		case IPV6:
+		{
+			src_hosts_part();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case TO:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		case PORT:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case PORT:
+		{
+			src_port_part();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case TO:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_20);
+	}
+}
+
+void PFCfgParser::hosts_to() {
+	Tracer traceInOut(this, "hosts_to");
+	
+	try {      // for error handling
+		match(TO);
+		{
+		switch ( LA(1)) {
+		case WORD:
+		case LESS_THAN:
+		case OPENING_BRACE:
+		case EXLAMATION:
+		case SELF:
+		case IPV4:
+		case ANY:
+		case NO_ROUTE:
+		case IPV6:
+		{
+			dst_hosts_part();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		case PORT:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case PORT:
+		{
+			dst_port_part();
+			break;
+		}
+		case NEWLINE:
+		case QUEUE:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_6);
+	}
+}
+
+void PFCfgParser::src_hosts_part() {
+	Tracer traceInOut(this, "src_hosts_part");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case WORD:
+		case LESS_THAN:
+		case OPENING_BRACE:
+		case EXLAMATION:
+		case SELF:
+		case IPV4:
+		case ANY:
+		case NO_ROUTE:
+		case IPV6:
+		{
+			common_hosts_part();
+			break;
+		}
+		case URPF_FAILED:
+		{
+			match(URPF_FAILED);
+#line 508 "pf.g"
+			
+			importer->tmp_group.push_back(
+			AddressSpec(AddressSpec::SPECIAL_ADDRESS, false,
+			"urpf-failed", ""));
+			
+#line 1953 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 514 "pf.g"
+		
+		importer->src_neg = importer->tmp_neg;
+		importer->src_group.splice(importer->src_group.begin(),
+		importer->tmp_group);
+		
+#line 1968 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_21);
+	}
+}
+
+void PFCfgParser::src_port_part() {
+	Tracer traceInOut(this, "src_port_part");
+	
+	try {      // for error handling
+		match(PORT);
+		{
+		switch ( LA(1)) {
+		case WORD:
+		case EQUAL:
+		case LESS_THAN:
+		case GREATER_THAN:
+		case EXLAMATION:
+		case INT_CONST:
+		{
+			port_op();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			port_op_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 800 "pf.g"
+		
+		importer->src_port_group.splice(importer->src_port_group.begin(),
+		importer->tmp_port_group);
+		
+#line 2009 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_20);
+	}
+}
+
+void PFCfgParser::dst_hosts_part() {
+	Tracer traceInOut(this, "dst_hosts_part");
+	
+	try {      // for error handling
+		common_hosts_part();
+#line 523 "pf.g"
+		
+		importer->dst_neg = importer->tmp_neg;
+		importer->dst_group.splice(importer->dst_group.begin(),
+		importer->tmp_group);
+		
+#line 2028 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_22);
+	}
+}
+
+void PFCfgParser::dst_port_part() {
+	Tracer traceInOut(this, "dst_port_part");
+	
+	try {      // for error handling
+		match(PORT);
+		{
+		switch ( LA(1)) {
+		case WORD:
+		case EQUAL:
+		case LESS_THAN:
+		case GREATER_THAN:
+		case EXLAMATION:
+		case INT_CONST:
+		{
+			port_op();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			port_op_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 808 "pf.g"
+		
+		importer->dst_port_group.splice(importer->dst_port_group.begin(),
+		importer->tmp_port_group);
+		
+#line 2069 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_6);
+	}
+}
+
+void PFCfgParser::common_hosts_part() {
+	Tracer traceInOut(this, "common_hosts_part");
+	
+	try {      // for error handling
+		switch ( LA(1)) {
+		case ANY:
+		{
+			match(ANY);
+#line 532 "pf.g"
+			
+			importer->tmp_group.push_back(
+			AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
+			
+#line 2090 "PFCfgParser.cpp"
+			break;
+		}
+		case NO_ROUTE:
+		{
+			match(NO_ROUTE);
+#line 538 "pf.g"
+			
+			importer->tmp_group.push_back(
+			AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", ""));
+			
+#line 2101 "PFCfgParser.cpp"
+			break;
+		}
+		case WORD:
+		case LESS_THAN:
+		case EXLAMATION:
+		case SELF:
+		case IPV4:
+		case IPV6:
+		{
+			host();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			host_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_21);
+	}
+}
+
+void PFCfgParser::host() {
+	Tracer traceInOut(this, "host");
+	ANTLR_USE_NAMESPACE(antlr)RefToken  tn = ANTLR_USE_NAMESPACE(antlr)nullToken;
+#line 548 "pf.g"
+	AddressSpec as;
+#line 2136 "PFCfgParser.cpp"
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case EXLAMATION:
+		{
+			match(EXLAMATION);
+#line 549 "pf.g"
+			as.neg = true;
+#line 2146 "PFCfgParser.cpp"
+			break;
+		}
+		case WORD:
+		case LESS_THAN:
+		case SELF:
+		case IPV4:
+		case IPV6:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case WORD:
+		{
+			match(WORD);
+#line 552 "pf.g"
+			
+			// interface name or domain/host name
+			as.at = AddressSpec::INTERFACE_NAME;
+			as.address = LT(0)->getText();
+			
+#line 2174 "PFCfgParser.cpp"
+			break;
+		}
+		case SELF:
+		{
+			match(SELF);
+#line 559 "pf.g"
+			
+			as.at = AddressSpec::SPECIAL_ADDRESS;
+			as.address = "self";
+			
+#line 2185 "PFCfgParser.cpp"
+			break;
+		}
+		case IPV6:
+		{
+			match(IPV6);
+#line 565 "pf.g"
+			
+			importer->addMessageToLog(
+			QString("Error: IPv6 import is not supported. "));
+			consumeUntil(NEWLINE);
+			
+#line 2197 "PFCfgParser.cpp"
+			break;
+		}
+		case IPV4:
+		{
+			match(IPV4);
+#line 572 "pf.g"
+			
+			as.at = AddressSpec::HOST_ADDRESS;
+			as.address = LT(0)->getText();
+			
+#line 2208 "PFCfgParser.cpp"
+			{
+			switch ( LA(1)) {
+			case SLASH:
+			{
+				match(SLASH);
+#line 578 "pf.g"
+				
+				as.at = AddressSpec::NETWORK_ADDRESS;
+				
+#line 2218 "PFCfgParser.cpp"
+				{
+				switch ( LA(1)) {
+				case IPV4:
+				{
+					match(IPV4);
+					break;
+				}
+				case INT_CONST:
+				{
+					match(INT_CONST);
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+#line 582 "pf.g"
+				
+				as.netmask = LT(0)->getText(); 
+				
+#line 2241 "PFCfgParser.cpp"
+				break;
+			}
+			case NEWLINE:
+			case QUEUE:
+			case COMMA:
+			case CLOSING_BRACE:
+			case TO:
+			case FLAGS:
+			case ICMP_TYPE:
+			case ICMP6_TYPE:
+			case TAGGED:
+			case TAG:
+			case NO:
+			case KEEP:
+			case MODULATE:
+			case SYNPROXY:
+			case LABEL:
+			case PORT:
+			{
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+			break;
+		}
+		case LESS_THAN:
+		{
+			match(LESS_THAN);
+			tn = LT(1);
+			match(WORD);
+			match(GREATER_THAN);
+#line 588 "pf.g"
+			
+			as.at = AddressSpec::TABLE;
+			as.address = tn->getText();
+			
+#line 2282 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 593 "pf.g"
+		
+		importer->tmp_group.push_back(as);
+		
+#line 2295 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_23);
+	}
+}
+
+void PFCfgParser::host_list() {
+	Tracer traceInOut(this, "host_list");
+	
+	try {      // for error handling
+		match(OPENING_BRACE);
+		host();
+		{ // ( ... )*
+		for (;;) {
+			if ((LA(1) == COMMA)) {
+				match(COMMA);
+				host();
+			}
+			else {
+				goto _loop89;
+			}
+			
+		}
+		_loop89:;
+		} // ( ... )*
+		match(CLOSING_BRACE);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_21);
+	}
+}
+
+void PFCfgParser::route_to() {
+	Tracer traceInOut(this, "route_to");
+	
+	try {      // for error handling
+		match(ROUTE_TO);
+		{
+		switch ( LA(1)) {
+		case OPENING_PAREN:
+		{
+			routehost();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			routehost_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 615 "pf.g"
+		
+		importer->route_type = PFImporter::ROUTE_TO;
+		
+#line 2357 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_13);
+	}
+}
+
+void PFCfgParser::reply_to() {
+	Tracer traceInOut(this, "reply_to");
+	
+	try {      // for error handling
+		match(REPLY_TO);
+		{
+		switch ( LA(1)) {
+		case OPENING_PAREN:
+		{
+			routehost();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			routehost_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 622 "pf.g"
+		
+		importer->route_type = PFImporter::REPLY_TO;
+		
+#line 2392 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_13);
+	}
+}
+
+void PFCfgParser::routehost() {
+	Tracer traceInOut(this, "routehost");
+	ANTLR_USE_NAMESPACE(antlr)RefToken  h = ANTLR_USE_NAMESPACE(antlr)nullToken;
+	ANTLR_USE_NAMESPACE(antlr)RefToken  v6 = ANTLR_USE_NAMESPACE(antlr)nullToken;
+	ANTLR_USE_NAMESPACE(antlr)RefToken  nm = ANTLR_USE_NAMESPACE(antlr)nullToken;
+	ANTLR_USE_NAMESPACE(antlr)RefToken  nm6 = ANTLR_USE_NAMESPACE(antlr)nullToken;
+#line 627 "pf.g"
+	RouteSpec rs;
+#line 2408 "PFCfgParser.cpp"
+	
+	try {      // for error handling
+		match(OPENING_PAREN);
+		match(WORD);
+#line 629 "pf.g"
+		rs.iface = LT(0)->getText();
+#line 2415 "PFCfgParser.cpp"
+		{
+		switch ( LA(1)) {
+		case IPV4:
+		{
+			h = LT(1);
+			match(IPV4);
+			break;
+		}
+		case IPV6:
+		{
+			v6 = LT(1);
+			match(IPV6);
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+		{
+		switch ( LA(1)) {
+		case SLASH:
+		{
+			match(SLASH);
+			{
+			switch ( LA(1)) {
+			case IPV4:
+			{
+				nm = LT(1);
+				match(IPV4);
+				break;
+			}
+			case INT_CONST:
+			{
+				nm6 = LT(1);
+				match(INT_CONST);
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+			break;
+		}
+		case CLOSING_PAREN:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 631 "pf.g"
+		
+		if (v6)
+		{
+		importer->addMessageToLog(
+		QString("Error: IPv6 import is not supported. "));
+		consumeUntil(NEWLINE);
+		} else
+		{
+		if (h) rs.address = h->getText();
+		if (nm) rs.netmask = nm->getText();
+		importer->route_group.push_back(rs);
+		}
+		
+#line 2487 "PFCfgParser.cpp"
+		match(CLOSING_PAREN);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_24);
+	}
+}
+
+void PFCfgParser::routehost_list() {
+	Tracer traceInOut(this, "routehost_list");
+	
+	try {      // for error handling
+		match(OPENING_BRACE);
+		routehost();
+		{ // ( ... )*
+		for (;;) {
+			if ((LA(1) == COMMA || LA(1) == OPENING_PAREN)) {
+				{
+				switch ( LA(1)) {
+				case COMMA:
+				{
+					match(COMMA);
+					break;
+				}
+				case OPENING_PAREN:
+				{
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+				routehost();
+			}
+			else {
+				goto _loop102;
+			}
+			
+		}
+		_loop102:;
+		} // ( ... )*
+		match(CLOSING_BRACE);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_13);
+	}
+}
+
+void PFCfgParser::filteropt() {
+	Tracer traceInOut(this, "filteropt");
+	
+	try {      // for error handling
+		switch ( LA(1)) {
+		case FLAGS:
+		{
+			tcp_flags();
+			break;
+		}
+		case ICMP_TYPE:
+		{
+			icmp_type();
+			break;
+		}
+		case ICMP6_TYPE:
+		{
+			icmp6_type();
+			break;
+		}
+		case TAGGED:
+		{
+			tagged();
+			break;
+		}
+		case TAG:
+		{
+			tag_clause();
+			break;
+		}
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		{
+			state();
+			break;
+		}
+		case QUEUE:
+		{
+			queue();
+			break;
+		}
+		case LABEL:
+		{
+			label();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::tcp_flags() {
+	Tracer traceInOut(this, "tcp_flags");
+	ANTLR_USE_NAMESPACE(antlr)RefToken  check = ANTLR_USE_NAMESPACE(antlr)nullToken;
+	ANTLR_USE_NAMESPACE(antlr)RefToken  mask = ANTLR_USE_NAMESPACE(antlr)nullToken;
+	
+	try {      // for error handling
+		match(FLAGS);
+		{
+		switch ( LA(1)) {
+		case ANY:
+		{
+			match(ANY);
+#line 688 "pf.g"
+			
+			importer->flags_check = "any";
+			importer->flags_mask = "all";
+			
+#line 2616 "PFCfgParser.cpp"
+			break;
+		}
+		case WORD:
+		case SLASH:
+		{
+			{
+			switch ( LA(1)) {
+			case WORD:
+			{
+				check = LT(1);
+				match(WORD);
+				break;
+			}
+			case SLASH:
+			{
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+			match(SLASH);
+			{
+			switch ( LA(1)) {
+			case WORD:
+			{
+				mask = LT(1);
+				match(WORD);
+				break;
+			}
+			case NEWLINE:
+			case QUEUE:
+			case COMMA:
+			case FLAGS:
+			case ICMP_TYPE:
+			case ICMP6_TYPE:
+			case TAGGED:
+			case TAG:
+			case NO:
+			case KEEP:
+			case MODULATE:
+			case SYNPROXY:
+			case LABEL:
+			{
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+#line 694 "pf.g"
+			
+			if (check)
+			importer->flags_check = check->getText();
+			else
+			importer->flags_check = "any";
+			if (mask)
+			importer->flags_mask = mask->getText();
+			else
+			importer->flags_mask = "all";
+			
+#line 2682 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::icmp_type() {
+	Tracer traceInOut(this, "icmp_type");
+	
+	try {      // for error handling
+		match(ICMP_TYPE);
+		{
+		switch ( LA(1)) {
+		case WORD:
+		case INT_CONST:
+		{
+			icmp_type_code();
+			break;
+		}
+		case OPENING_BRACE:
+		{
+			icmp_list();
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::icmp6_type() {
+	Tracer traceInOut(this, "icmp6_type");
+	
+	try {      // for error handling
+		match(ICMP6_TYPE);
+#line 740 "pf.g"
+		
+		importer->addMessageToLog(
+		QString("Error: ICMP6 import is not supported. "));
+		consumeUntil(NEWLINE);
+		
+#line 2740 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::tagged() {
+	Tracer traceInOut(this, "tagged");
+	
+	try {      // for error handling
+		match(TAGGED);
+		match(WORD);
+#line 749 "pf.g"
+		
+		importer->tagged = LT(0)->getText();
+		
+#line 2758 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::tag_clause() {
+	Tracer traceInOut(this, "tag_clause");
+	
+	try {      // for error handling
+		match(TAG);
+		match(WORD);
+#line 756 "pf.g"
+		
+		importer->tag = LT(0)->getText();
+		
+#line 2776 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::state() {
+	Tracer traceInOut(this, "state");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case NO:
+		{
+			match(NO);
+			break;
+		}
+		case KEEP:
+		{
+			match(KEEP);
+			break;
+		}
+		case MODULATE:
+		{
+			match(MODULATE);
+			break;
+		}
+		case SYNPROXY:
+		{
+			match(SYNPROXY);
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 771 "pf.g"
+		
+		importer->state_op = LT(0)->getText();
+		
+#line 2820 "PFCfgParser.cpp"
+		match(STATE);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::queue() {
+	Tracer traceInOut(this, "queue");
+	
+	try {      // for error handling
+		match(QUEUE);
+		{
+		switch ( LA(1)) {
+		case WORD:
+		{
+			match(WORD);
+#line 780 "pf.g"
+			importer->queue += LT(0)->getText();
+#line 2841 "PFCfgParser.cpp"
+			break;
+		}
+		case OPENING_PAREN:
+		{
+			match(OPENING_PAREN);
+			match(WORD);
+#line 783 "pf.g"
+			importer->queue += LT(0)->getText();
+#line 2850 "PFCfgParser.cpp"
+			{ // ( ... )*
+			for (;;) {
+				if ((LA(1) == COMMA)) {
+					match(COMMA);
+#line 785 "pf.g"
+					importer->queue += ",";
+#line 2857 "PFCfgParser.cpp"
+					match(WORD);
+#line 786 "pf.g"
+					importer->queue += LT(0)->getText();
+#line 2861 "PFCfgParser.cpp"
+				}
+				else {
+					goto _loop130;
+				}
+				
+			}
+			_loop130:;
+			} // ( ... )*
+			match(CLOSING_PAREN);
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::label() {
+	Tracer traceInOut(this, "label");
+	
+	try {      // for error handling
+		match(LABEL);
+		match(STRING);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::icmp_type_code() {
+	Tracer traceInOut(this, "icmp_type_code");
+#line 716 "pf.g"
+	std::string icmp_type, icmp_code;
+#line 2903 "PFCfgParser.cpp"
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case WORD:
+		{
+			match(WORD);
+			break;
+		}
+		case INT_CONST:
+		{
+			match(INT_CONST);
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 717 "pf.g"
+		icmp_type = LT(0)->getText();
+#line 2926 "PFCfgParser.cpp"
+		{
+		switch ( LA(1)) {
+		case ICMP_CODE:
+		{
+			match(ICMP_CODE);
+			{
+			switch ( LA(1)) {
+			case WORD:
+			{
+				match(WORD);
+				break;
+			}
+			case INT_CONST:
+			{
+				match(INT_CONST);
+				break;
+			}
+			default:
+			{
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			}
+			}
+#line 719 "pf.g"
+			icmp_code = LT(0)->getText();
+#line 2952 "PFCfgParser.cpp"
+			break;
+		}
+		case NEWLINE:
+		case WORD:
+		case QUEUE:
+		case COMMA:
+		case CLOSING_BRACE:
+		case INT_CONST:
+		case FLAGS:
+		case ICMP_TYPE:
+		case ICMP6_TYPE:
+		case TAGGED:
+		case TAG:
+		case NO:
+		case KEEP:
+		case MODULATE:
+		case SYNPROXY:
+		case LABEL:
+		{
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 721 "pf.g"
+		
+		importer->icmp_type_code_group.push_back(
+		str_tuple(icmp_type, icmp_code));
+		
+#line 2985 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_26);
+	}
+}
+
+void PFCfgParser::icmp_list() {
+	Tracer traceInOut(this, "icmp_list");
+	
+	try {      // for error handling
+		match(OPENING_BRACE);
+		icmp_type_code();
+		{ // ( ... )*
+		for (;;) {
+			if ((LA(1) == WORD || LA(1) == COMMA || LA(1) == INT_CONST)) {
+				{
+				switch ( LA(1)) {
+				case COMMA:
+				{
+					match(COMMA);
+					break;
+				}
+				case WORD:
+				case INT_CONST:
+				{
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+				icmp_type_code();
+			}
+			else {
+				goto _loop121;
+			}
+			
+		}
+		_loop121:;
+		} // ( ... )*
+		match(CLOSING_BRACE);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_25);
+	}
+}
+
+void PFCfgParser::port_op() {
+	Tracer traceInOut(this, "port_op");
+#line 840 "pf.g"
+	PortSpec ps;
+#line 3041 "PFCfgParser.cpp"
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case EQUAL:
+		case LESS_THAN:
+		case GREATER_THAN:
+		case EXLAMATION:
+		{
+			unary_port_op();
+#line 842 "pf.g"
+			ps.port_op = importer->tmp_port_op;
+#line 3054 "PFCfgParser.cpp"
+			port_def();
+#line 844 "pf.g"
+			
+			ps.port1 = importer->tmp_port_def;
+			ps.port2 = importer->tmp_port_def;
+			
+#line 3061 "PFCfgParser.cpp"
+			break;
+		}
+		case WORD:
+		case INT_CONST:
+		{
+			port_def();
+#line 850 "pf.g"
+			
+			ps.port1 = importer->tmp_port_def;
+			ps.port2 = ps.port1;
+			ps.port_op = "=";
+			
+#line 3074 "PFCfgParser.cpp"
+			{
+			if ((LA(1) == LESS_THAN || LA(1) == GREATER_THAN || LA(1) == COLON) && (_tokenSet_27.member(LA(2)))) {
+				binary_port_op();
+#line 856 "pf.g"
+				ps.port_op = importer->tmp_port_op;
+#line 3080 "PFCfgParser.cpp"
+				port_def();
+#line 857 "pf.g"
+				ps.port2 = LT(0)->getText();
+#line 3084 "PFCfgParser.cpp"
+			}
+			else if ((_tokenSet_28.member(LA(1))) && (_tokenSet_29.member(LA(2)))) {
+			}
+			else {
+				throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+			}
+			
+			}
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+#line 860 "pf.g"
+		
+		importer->tmp_port_group.push_back(ps);
+		
+#line 3105 "PFCfgParser.cpp"
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_28);
+	}
+}
+
+void PFCfgParser::port_op_list() {
+	Tracer traceInOut(this, "port_op_list");
+	
+	try {      // for error handling
+		match(OPENING_BRACE);
+		port_op();
+		{ // ( ... )*
+		for (;;) {
+			if ((_tokenSet_30.member(LA(1)))) {
+				{
+				switch ( LA(1)) {
+				case COMMA:
+				{
+					match(COMMA);
+					break;
+				}
+				case WORD:
+				case EQUAL:
+				case LESS_THAN:
+				case GREATER_THAN:
+				case EXLAMATION:
+				case INT_CONST:
+				{
+					break;
+				}
+				default:
+				{
+					throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+				}
+				}
+				}
+				port_op();
+			}
+			else {
+				goto _loop147;
+			}
+			
+		}
+		_loop147:;
+		} // ( ... )*
+		match(CLOSING_BRACE);
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_20);
+	}
+}
+
+void PFCfgParser::unary_port_op() {
+	Tracer traceInOut(this, "unary_port_op");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case EQUAL:
+		{
+			match(EQUAL);
+#line 816 "pf.g"
+			importer->tmp_port_op = "=";
+#line 3172 "PFCfgParser.cpp"
+			break;
+		}
+		case EXLAMATION:
+		{
+			match(EXLAMATION);
+			match(EQUAL);
+#line 818 "pf.g"
+			importer->tmp_port_op = "!=";
+#line 3181 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+			if ((LA(1) == LESS_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) {
+				match(LESS_THAN);
+#line 820 "pf.g"
+				importer->tmp_port_op = "<";
+#line 3189 "PFCfgParser.cpp"
+			}
+			else if ((LA(1) == LESS_THAN) && (LA(2) == EQUAL)) {
+				match(LESS_THAN);
+				match(EQUAL);
+#line 822 "pf.g"
+				importer->tmp_port_op = "<=";
+#line 3196 "PFCfgParser.cpp"
+			}
+			else if ((LA(1) == GREATER_THAN) && (LA(2) == WORD || LA(2) == INT_CONST)) {
+				match(GREATER_THAN);
+#line 824 "pf.g"
+				importer->tmp_port_op = ">";
+#line 3202 "PFCfgParser.cpp"
+			}
+			else if ((LA(1) == GREATER_THAN) && (LA(2) == EQUAL)) {
+				match(GREATER_THAN);
+				match(EQUAL);
+#line 826 "pf.g"
+				importer->tmp_port_op = ">=";
+#line 3209 "PFCfgParser.cpp"
+			}
+		else {
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_31);
+	}
+}
+
+void PFCfgParser::binary_port_op() {
+	Tracer traceInOut(this, "binary_port_op");
+	
+	try {      // for error handling
+		{
+		switch ( LA(1)) {
+		case LESS_THAN:
+		{
+			match(LESS_THAN);
+			match(GREATER_THAN);
+#line 832 "pf.g"
+			importer->tmp_port_op = "<>";
+#line 3235 "PFCfgParser.cpp"
+			break;
+		}
+		case GREATER_THAN:
+		{
+			match(GREATER_THAN);
+			match(LESS_THAN);
+#line 834 "pf.g"
+			importer->tmp_port_op = "><";
+#line 3244 "PFCfgParser.cpp"
+			break;
+		}
+		case COLON:
+		{
+			match(COLON);
+#line 836 "pf.g"
+			importer->tmp_port_op = ":";
+#line 3252 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_31);
+	}
+}
+
+void PFCfgParser::port_def() {
+	Tracer traceInOut(this, "port_def");
+	
+	try {      // for error handling
+		switch ( LA(1)) {
+		case WORD:
+		{
+			match(WORD);
+			break;
+		}
+		case INT_CONST:
+		{
+			match(INT_CONST);
+#line 867 "pf.g"
+			
+			importer->tmp_port_def = LT(0)->getText();
+			
+#line 3285 "PFCfgParser.cpp"
+			break;
+		}
+		default:
+		{
+			throw ANTLR_USE_NAMESPACE(antlr)NoViableAltException(LT(1), getFilename());
+		}
+		}
+	}
+	catch (ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex) {
+		reportError(ex);
+		recover(ex,_tokenSet_32);
+	}
+}
+
+void PFCfgParser::initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& )
+{
+}
+const char* PFCfgParser::tokenNames[] = {
+	"<0>",
+	"EOF",
+	"<2>",
+	"NULL_TREE_LOOKAHEAD",
+	"NEWLINE",
+	"LINE_COMMENT",
+	"WORD",
+	"EQUAL",
+	"\"antispoof\"",
+	"\"altq\"",
+	"\"queue\"",
+	"\"set\"",
+	"\"scrub\"",
+	"\"table\"",
+	"LESS_THAN",
+	"GREATER_THAN",
+	"\"persist\"",
+	"\"const\"",
+	"COUNTERS",
+	"\"file\"",
+	"STRING",
+	"OPENING_BRACE",
+	"COMMA",
+	"CLOSING_BRACE",
+	"EXLAMATION",
+	"\"self\"",
+	"IPV4",
+	"SLASH",
+	"INT_CONST",
+	"\"nat\"",
+	"\"binat\"",
+	"\"rdr\"",
+	"\"timeout\"",
+	"\"pass\"",
+	"\"block\"",
+	"\"in\"",
+	"\"out\"",
+	"\"log\"",
+	"OPENING_PAREN",
+	"CLOSING_PAREN",
+	"\"all\"",
+	"\"user\"",
+	"\"to\"",
+	"\"quick\"",
+	"\"on\"",
+	"\"inet\"",
+	"\"inet6\"",
+	"\"proto\"",
+	"\"ip\"",
+	"\"icmp\"",
+	"\"igmp\"",
+	"\"tcp\"",
+	"\"udp\"",
+	"\"rdp\"",
+	"\"rsvp\"",
+	"\"gre\"",
+	"\"esp\"",
+	"\"ah\"",
+	"\"eigrp\"",
+	"\"ospf\"",
+	"\"ipip\"",
+	"\"vrrp\"",
+	"\"l2tp\"",
+	"\"isis\"",
+	"\"from\"",
+	"\"urpf-failed\"",
+	"\"any\"",
+	"\"no-route\"",
+	"IPV6",
+	"\"route-to\"",
+	"\"reply-to\"",
+	"\"flags\"",
+	"\"icmp-type\"",
+	"\"code\"",
+	"\"icmp6-type\"",
+	"\"tagged\"",
+	"\"tag\"",
+	"\"no\"",
+	"\"keep\"",
+	"\"modulate\"",
+	"\"synproxy\"",
+	"\"state\"",
+	"\"label\"",
+	"\"port\"",
+	"COLON",
+	"\"exit\"",
+	"\"quit\"",
+	"\"interface\"",
+	"\"icmp6\"",
+	"\"igrp\"",
+	"\"ipsec\"",
+	"\"nos\"",
+	"\"pcp\"",
+	"\"pim\"",
+	"\"pptp\"",
+	"\"rip\"",
+	"\"snp\"",
+	"\"host\"",
+	"\"range\"",
+	"\"alerts\"",
+	"\"critical\"",
+	"\"debugging\"",
+	"\"emergencies\"",
+	"\"errors\"",
+	"\"informational\"",
+	"\"notifications\"",
+	"\"warnings\"",
+	"\"disable\"",
+	"\"inactive\"",
+	"\"->\"",
+	"Whitespace",
+	"HEX_CONST",
+	"NUMBER",
+	"NEG_INT_CONST",
+	"HEX_DIGIT",
+	"DIGIT",
+	"NUM_3DIGIT",
+	"NUM_HEX_4DIGIT",
+	"NUMBER_ADDRESS_OR_WORD",
+	"PIPE_CHAR",
+	"NUMBER_SIGN",
+	"PERCENT",
+	"AMPERSAND",
+	"APOSTROPHE",
+	"STAR",
+	"PLUS",
+	"MINUS",
+	"DOT",
+	"SEMICOLON",
+	"QUESTION",
+	"COMMERCIAL_AT",
+	"OPENING_SQUARE",
+	"CLOSING_SQUARE",
+	"CARET",
+	"UNDERLINE",
+	"TILDE",
+	"DOUBLE_QUOTE",
+	0
+};
+
+const unsigned long PFCfgParser::_tokenSet_0_data_[] = { 3758112626UL, 7UL, 0UL, 0UL, 0UL, 0UL };
+// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" 
+// "table" "nat" "binat" "rdr" "timeout" "pass" "block" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_0(_tokenSet_0_data_,6);
+const unsigned long PFCfgParser::_tokenSet_1_data_[] = { 2UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// EOF 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_1(_tokenSet_1_data_,6);
+const unsigned long PFCfgParser::_tokenSet_2_data_[] = { 121634880UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// WORD COMMA EXLAMATION "self" IPV4 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_2(_tokenSet_2_data_,6);
+const unsigned long PFCfgParser::_tokenSet_3_data_[] = { 130023488UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// WORD COMMA CLOSING_BRACE EXLAMATION "self" IPV4 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_3(_tokenSet_3_data_,6);
+const unsigned long PFCfgParser::_tokenSet_4_data_[] = { 1040UL, 1280UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "all" "to" "from" "flags" "icmp-type" "icmp6-type" "tagged" 
+// "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_4(_tokenSet_4_data_,8);
+const unsigned long PFCfgParser::_tokenSet_5_data_[] = { 4285562738UL, 1095UL, 1047966UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" 
+// "table" LESS_THAN STRING OPENING_BRACE COMMA EXLAMATION "self" IPV4 
+// SLASH INT_CONST "nat" "binat" "rdr" "timeout" "pass" "block" OPENING_PAREN 
+// "to" "urpf-failed" "any" "no-route" IPV6 "flags" "icmp-type" "icmp6-type" 
+// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" "port" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_5(_tokenSet_5_data_,8);
+const unsigned long PFCfgParser::_tokenSet_6_data_[] = { 1040UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" 
+// "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_6(_tokenSet_6_data_,8);
+const unsigned long PFCfgParser::_tokenSet_7_data_[] = { 4168105842UL, 71UL, 523652UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// EOF NEWLINE LINE_COMMENT WORD "antispoof" "altq" "queue" "set" "scrub" 
+// "table" STRING OPENING_BRACE COMMA SLASH INT_CONST "nat" "binat" "rdr" 
+// "timeout" "pass" "block" OPENING_PAREN "any" "flags" "icmp-type" "icmp6-type" 
+// "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_7(_tokenSet_7_data_,8);
+const unsigned long PFCfgParser::_tokenSet_8_data_[] = { 16UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_8(_tokenSet_8_data_,6);
+const unsigned long PFCfgParser::_tokenSet_9_data_[] = { 1040UL, 64800UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "log" "all" "to" "quick" "on" "inet" "inet6" "proto" 
+// "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" 
+// "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_9(_tokenSet_9_data_,8);
+const unsigned long PFCfgParser::_tokenSet_10_data_[] = { 1040UL, 64768UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "all" "to" "quick" "on" "inet" "inet6" "proto" "from" 
+// "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" 
+// "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_10(_tokenSet_10_data_,8);
+const unsigned long PFCfgParser::_tokenSet_11_data_[] = { 1040UL, 62720UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "all" "to" "on" "inet" "inet6" "proto" "from" "route-to" 
+// "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" 
+// "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_11(_tokenSet_11_data_,8);
+const unsigned long PFCfgParser::_tokenSet_12_data_[] = { 1040UL, 58624UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "route-to" 
+// "reply-to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" 
+// "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_12(_tokenSet_12_data_,8);
+const unsigned long PFCfgParser::_tokenSet_13_data_[] = { 1040UL, 58624UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "all" "to" "inet" "inet6" "proto" "from" "flags" "icmp-type" 
+// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_13(_tokenSet_13_data_,8);
+const unsigned long PFCfgParser::_tokenSet_14_data_[] = { 1040UL, 34048UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "all" "to" "proto" "from" "flags" "icmp-type" "icmp6-type" 
+// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_14(_tokenSet_14_data_,8);
+const unsigned long PFCfgParser::_tokenSet_15_data_[] = { 4195328UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" "keep" 
+// "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_15(_tokenSet_15_data_,8);
+const unsigned long PFCfgParser::_tokenSet_16_data_[] = { 4194304UL, 128UL, 0UL, 0UL, 0UL, 0UL };
+// COMMA CLOSING_PAREN 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_16(_tokenSet_16_data_,6);
+const unsigned long PFCfgParser::_tokenSet_17_data_[] = { 29361232UL, 58624UL, 392673UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE WORD "queue" COMMA CLOSING_BRACE EXLAMATION "all" "to" "inet" 
+// "inet6" "proto" "from" "route-to" "reply-to" "flags" "icmp-type" "icmp6-type" 
+// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_17(_tokenSet_17_data_,8);
+const unsigned long PFCfgParser::_tokenSet_18_data_[] = { 283116560UL, 4294903040UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" OPENING_BRACE COMMA CLOSING_BRACE INT_CONST "all" "to" 
+// "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" "gre" "esp" "ah" "eigrp" 
+// "ospf" "ipip" "vrrp" "l2tp" "isis" "from" "flags" "icmp-type" "icmp6-type" 
+// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_18(_tokenSet_18_data_,8);
+const unsigned long PFCfgParser::_tokenSet_19_data_[] = { 274726912UL, 4294901760UL, 0UL, 0UL, 0UL, 0UL };
+// OPENING_BRACE COMMA INT_CONST "ip" "icmp" "igmp" "tcp" "udp" "rdp" "rsvp" 
+// "gre" "esp" "ah" "eigrp" "ospf" "ipip" "vrrp" "l2tp" "isis" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_19(_tokenSet_19_data_,6);
+const unsigned long PFCfgParser::_tokenSet_20_data_[] = { 1040UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" 
+// "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_20(_tokenSet_20_data_,8);
+const unsigned long PFCfgParser::_tokenSet_21_data_[] = { 1040UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "to" "flags" "icmp-type" "icmp6-type" "tagged" "tag" 
+// "no" "keep" "modulate" "synproxy" "label" "port" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_21(_tokenSet_21_data_,8);
+const unsigned long PFCfgParser::_tokenSet_22_data_[] = { 1040UL, 0UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" "flags" "icmp-type" "icmp6-type" "tagged" "tag" "no" 
+// "keep" "modulate" "synproxy" "label" "port" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_22(_tokenSet_22_data_,8);
+const unsigned long PFCfgParser::_tokenSet_23_data_[] = { 12583952UL, 1024UL, 916864UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" COMMA CLOSING_BRACE "to" "flags" "icmp-type" "icmp6-type" 
+// "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" "port" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_23(_tokenSet_23_data_,8);
+const unsigned long PFCfgParser::_tokenSet_24_data_[] = { 12583952UL, 58688UL, 392577UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" COMMA CLOSING_BRACE OPENING_PAREN "all" "to" "inet" 
+// "inet6" "proto" "from" "flags" "icmp-type" "icmp6-type" "tagged" "tag" 
+// "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_24(_tokenSet_24_data_,8);
+const unsigned long PFCfgParser::_tokenSet_25_data_[] = { 4195344UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE "queue" COMMA "flags" "icmp-type" "icmp6-type" "tagged" "tag" 
+// "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_25(_tokenSet_25_data_,8);
+const unsigned long PFCfgParser::_tokenSet_26_data_[] = { 281019472UL, 0UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE WORD "queue" COMMA CLOSING_BRACE INT_CONST "flags" "icmp-type" 
+// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_26(_tokenSet_26_data_,8);
+const unsigned long PFCfgParser::_tokenSet_27_data_[] = { 268484672UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// WORD LESS_THAN GREATER_THAN INT_CONST 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_27(_tokenSet_27_data_,6);
+const unsigned long PFCfgParser::_tokenSet_28_data_[] = { 297845968UL, 1024UL, 392576UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE 
+// EXLAMATION INT_CONST "to" "flags" "icmp-type" "icmp6-type" "tagged" 
+// "tag" "no" "keep" "modulate" "synproxy" "label" 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_28(_tokenSet_28_data_,8);
+const unsigned long PFCfgParser::_tokenSet_29_data_[] = { 4293984242UL, 1095UL, 2096540UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// EOF NEWLINE LINE_COMMENT WORD EQUAL "antispoof" "altq" "queue" "set" 
+// "scrub" "table" LESS_THAN GREATER_THAN STRING OPENING_BRACE COMMA CLOSING_BRACE 
+// EXLAMATION "self" IPV4 SLASH INT_CONST "nat" "binat" "rdr" "timeout" 
+// "pass" "block" OPENING_PAREN "to" "any" "no-route" IPV6 "flags" "icmp-type" 
+// "icmp6-type" "tagged" "tag" "no" "keep" "modulate" "synproxy" "state" 
+// "label" "port" COLON 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_29(_tokenSet_29_data_,8);
+const unsigned long PFCfgParser::_tokenSet_30_data_[] = { 289456320UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// WORD EQUAL LESS_THAN GREATER_THAN COMMA EXLAMATION INT_CONST 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_30(_tokenSet_30_data_,6);
+const unsigned long PFCfgParser::_tokenSet_31_data_[] = { 268435520UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// WORD INT_CONST 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_31(_tokenSet_31_data_,6);
+const unsigned long PFCfgParser::_tokenSet_32_data_[] = { 297845968UL, 1024UL, 1441152UL, 0UL, 0UL, 0UL, 0UL, 0UL };
+// NEWLINE WORD EQUAL "queue" LESS_THAN GREATER_THAN COMMA CLOSING_BRACE 
+// EXLAMATION INT_CONST "to" "flags" "icmp-type" "icmp6-type" "tagged" 
+// "tag" "no" "keep" "modulate" "synproxy" "label" COLON 
+const ANTLR_USE_NAMESPACE(antlr)BitSet PFCfgParser::_tokenSet_32(_tokenSet_32_data_,8);
+
+
diff --git a/src/parsers/PFCfgParser.hpp b/src/parsers/PFCfgParser.hpp
new file mode 100644
index 000000000..a3ac5a9f6
--- /dev/null
+++ b/src/parsers/PFCfgParser.hpp
@@ -0,0 +1,241 @@
+#ifndef INC_PFCfgParser_hpp_
+#define INC_PFCfgParser_hpp_
+
+#line 25 "pf.g"
+
+    // gets inserted before antlr generated includes in the header
+    // file
+#include "PFImporter.h"
+
+#line 11 "PFCfgParser.hpp"
+#include <antlr/config.hpp>
+/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParser.hpp"$ */
+#include <antlr/TokenStream.hpp>
+#include <antlr/TokenBuffer.hpp>
+#include "PFCfgParserTokenTypes.hpp"
+#include <antlr/LLkParser.hpp>
+
+#line 32 "pf.g"
+
+    // gets inserted after antlr generated includes in the header file
+    // outside any generated namespace specifications
+
+#include <sstream>
+
+class PFImporter;
+
+#line 28 "PFCfgParser.hpp"
+#line 56 "pf.g"
+
+    // gets inserted after generated namespace specifications in the
+    // header file. But outside the generated class.
+
+#line 34 "PFCfgParser.hpp"
+class CUSTOM_API PFCfgParser : public ANTLR_USE_NAMESPACE(antlr)LLkParser, public PFCfgParserTokenTypes
+{
+#line 81 "pf.g"
+
+// additional methods and members
+
+    public:
+
+    std::ostream *dbg;
+    PFImporter *importer;
+
+    /// Parser error-reporting function can be overridden in subclass
+    virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex)
+    {
+        importer->addMessageToLog("Parser error: " + ex.toString());
+        std::cerr << ex.toString() << std::endl;
+    }
+
+    /// Parser error-reporting function can be overridden in subclass
+    virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s)
+    {
+        importer->addMessageToLog("Parser error: " + s);
+        std::cerr << s << std::endl;
+    }
+
+    /// Parser warning-reporting function can be overridden in subclass
+    virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
+    {
+        importer->addMessageToLog("Parser warning: " + s);
+        std::cerr << s << std::endl;
+    }
+
+#line 38 "PFCfgParser.hpp"
+public:
+	void initializeASTFactory( ANTLR_USE_NAMESPACE(antlr)ASTFactory& factory );
+protected:
+	PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf, int k);
+public:
+	PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenBuffer& tokenBuf);
+protected:
+	PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer, int k);
+public:
+	PFCfgParser(ANTLR_USE_NAMESPACE(antlr)TokenStream& lexer);
+	PFCfgParser(const ANTLR_USE_NAMESPACE(antlr)ParserSharedInputState& state);
+	int getNumTokens() const
+	{
+		return PFCfgParser::NUM_TOKENS;
+	}
+	const char* getTokenName( int type ) const
+	{
+		if( type > getNumTokens() ) return 0;
+		return PFCfgParser::tokenNames[type];
+	}
+	const char* const* getTokenNames() const
+	{
+		return PFCfgParser::tokenNames;
+	}
+	public: void cfgfile();
+	public: void comment();
+	public: void macro_definition();
+	public: void altq_command();
+	public: void antispoof_command();
+	public: void queue_command();
+	public: void set_command();
+	public: void scrub_command();
+	public: void table_command();
+	public: void nat_command();
+	public: void rdr_command();
+	public: void binat_command();
+	public: void pass_command();
+	public: void block_command();
+	public: void timeout_command();
+	public: void unknown_command();
+	public: void tableaddr_spec();
+	public: void rule_extended();
+	public: void direction();
+	public: void logging();
+	public: void quick();
+	public: void intrface();
+	public: void route();
+	public: void address_family();
+	public: void protospec();
+	public: void hosts();
+	public: void filteropts();
+	public: void logopts();
+	public: void logopt();
+	public: void ifspec();
+	public: void interface_list();
+	public: void proto_def();
+	public: void proto_name();
+	public: void proto_number();
+	public: void proto_list();
+	public: void hosts_from();
+	public: void hosts_to();
+	public: void src_hosts_part();
+	public: void src_port_part();
+	public: void dst_hosts_part();
+	public: void dst_port_part();
+	public: void common_hosts_part();
+	public: void host();
+	public: void host_list();
+	public: void route_to();
+	public: void reply_to();
+	public: void routehost();
+	public: void routehost_list();
+	public: void filteropt();
+	public: void tcp_flags();
+	public: void icmp_type();
+	public: void icmp6_type();
+	public: void tagged();
+	public: void tag_clause();
+	public: void state();
+	public: void queue();
+	public: void label();
+	public: void icmp_type_code();
+	public: void icmp_list();
+	public: void port_op();
+	public: void port_op_list();
+	public: void unary_port_op();
+	public: void binary_port_op();
+	public: void port_def();
+public:
+	ANTLR_USE_NAMESPACE(antlr)RefAST getAST()
+	{
+		return returnAST;
+	}
+	
+protected:
+	ANTLR_USE_NAMESPACE(antlr)RefAST returnAST;
+private:
+	static const char* tokenNames[];
+#ifndef NO_STATIC_CONSTS
+	static const int NUM_TOKENS = 137;
+#else
+	enum {
+		NUM_TOKENS = 137
+	};
+#endif
+	
+	static const unsigned long _tokenSet_0_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_0;
+	static const unsigned long _tokenSet_1_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_1;
+	static const unsigned long _tokenSet_2_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_2;
+	static const unsigned long _tokenSet_3_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_3;
+	static const unsigned long _tokenSet_4_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_4;
+	static const unsigned long _tokenSet_5_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_5;
+	static const unsigned long _tokenSet_6_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_6;
+	static const unsigned long _tokenSet_7_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_7;
+	static const unsigned long _tokenSet_8_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_8;
+	static const unsigned long _tokenSet_9_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_9;
+	static const unsigned long _tokenSet_10_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_10;
+	static const unsigned long _tokenSet_11_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_11;
+	static const unsigned long _tokenSet_12_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_12;
+	static const unsigned long _tokenSet_13_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_13;
+	static const unsigned long _tokenSet_14_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_14;
+	static const unsigned long _tokenSet_15_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_15;
+	static const unsigned long _tokenSet_16_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_16;
+	static const unsigned long _tokenSet_17_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_17;
+	static const unsigned long _tokenSet_18_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_18;
+	static const unsigned long _tokenSet_19_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_19;
+	static const unsigned long _tokenSet_20_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_20;
+	static const unsigned long _tokenSet_21_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_21;
+	static const unsigned long _tokenSet_22_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_22;
+	static const unsigned long _tokenSet_23_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_23;
+	static const unsigned long _tokenSet_24_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_24;
+	static const unsigned long _tokenSet_25_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_25;
+	static const unsigned long _tokenSet_26_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_26;
+	static const unsigned long _tokenSet_27_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_27;
+	static const unsigned long _tokenSet_28_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_28;
+	static const unsigned long _tokenSet_29_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_29;
+	static const unsigned long _tokenSet_30_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_30;
+	static const unsigned long _tokenSet_31_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_31;
+	static const unsigned long _tokenSet_32_data_[];
+	static const ANTLR_USE_NAMESPACE(antlr)BitSet _tokenSet_32;
+};
+
+#endif /*INC_PFCfgParser_hpp_*/
diff --git a/src/parsers/PFCfgParserTokenTypes.hpp b/src/parsers/PFCfgParserTokenTypes.hpp
new file mode 100644
index 000000000..16d857454
--- /dev/null
+++ b/src/parsers/PFCfgParserTokenTypes.hpp
@@ -0,0 +1,153 @@
+#ifndef INC_PFCfgParserTokenTypes_hpp_
+#define INC_PFCfgParserTokenTypes_hpp_
+
+/* $ANTLR 2.7.7 (20100319): "pf.g" -> "PFCfgParserTokenTypes.hpp"$ */
+
+#ifndef CUSTOM_API
+# define CUSTOM_API
+#endif
+
+#ifdef __cplusplus
+struct CUSTOM_API PFCfgParserTokenTypes {
+#endif
+	enum {
+		EOF_ = 1,
+		NEWLINE = 4,
+		LINE_COMMENT = 5,
+		WORD = 6,
+		EQUAL = 7,
+		ANTISPOOF = 8,
+		ALTQ = 9,
+		QUEUE = 10,
+		SET = 11,
+		SCRUB = 12,
+		TABLE = 13,
+		LESS_THAN = 14,
+		GREATER_THAN = 15,
+		PERSIST = 16,
+		CONST = 17,
+		COUNTERS = 18,
+		FILE = 19,
+		STRING = 20,
+		OPENING_BRACE = 21,
+		COMMA = 22,
+		CLOSING_BRACE = 23,
+		EXLAMATION = 24,
+		SELF = 25,
+		IPV4 = 26,
+		SLASH = 27,
+		INT_CONST = 28,
+		NAT = 29,
+		BINAT = 30,
+		RDR = 31,
+		TIMEOUT = 32,
+		PASS = 33,
+		BLOCK = 34,
+		IN = 35,
+		OUT = 36,
+		LOG = 37,
+		OPENING_PAREN = 38,
+		CLOSING_PAREN = 39,
+		ALL = 40,
+		USER = 41,
+		TO = 42,
+		QUICK = 43,
+		ON = 44,
+		INET = 45,
+		INET6 = 46,
+		PROTO = 47,
+		IP = 48,
+		ICMP = 49,
+		IGMP = 50,
+		TCP = 51,
+		UDP = 52,
+		RDP = 53,
+		RSVP = 54,
+		GRE = 55,
+		ESP = 56,
+		AH = 57,
+		EIGRP = 58,
+		OSPF = 59,
+		IPIP = 60,
+		VRRP = 61,
+		L2TP = 62,
+		ISIS = 63,
+		FROM = 64,
+		URPF_FAILED = 65,
+		ANY = 66,
+		NO_ROUTE = 67,
+		IPV6 = 68,
+		ROUTE_TO = 69,
+		REPLY_TO = 70,
+		FLAGS = 71,
+		ICMP_TYPE = 72,
+		ICMP_CODE = 73,
+		ICMP6_TYPE = 74,
+		TAGGED = 75,
+		TAG = 76,
+		NO = 77,
+		KEEP = 78,
+		MODULATE = 79,
+		SYNPROXY = 80,
+		STATE = 81,
+		LABEL = 82,
+		PORT = 83,
+		COLON = 84,
+		EXIT = 85,
+		QUIT = 86,
+		INTRFACE = 87,
+		ICMP6 = 88,
+		IGRP = 89,
+		IPSEC = 90,
+		NOS = 91,
+		PCP = 92,
+		PIM = 93,
+		PPTP = 94,
+		RIP = 95,
+		SNP = 96,
+		HOST = 97,
+		RANGE = 98,
+		LOG_LEVEL_ALERTS = 99,
+		LOG_LEVEL_CRITICAL = 100,
+		LOG_LEVEL_DEBUGGING = 101,
+		LOG_LEVEL_EMERGENCIES = 102,
+		LOG_LEVEL_ERRORS = 103,
+		LOG_LEVEL_INFORMATIONAL = 104,
+		LOG_LEVEL_NOTIFICATIONS = 105,
+		LOG_LEVEL_WARNINGS = 106,
+		LOG_LEVEL_DISABLE = 107,
+		LOG_LEVEL_INACTIVE = 108,
+		TRANSLATE_TO = 109,
+		Whitespace = 110,
+		HEX_CONST = 111,
+		NUMBER = 112,
+		NEG_INT_CONST = 113,
+		HEX_DIGIT = 114,
+		DIGIT = 115,
+		NUM_3DIGIT = 116,
+		NUM_HEX_4DIGIT = 117,
+		NUMBER_ADDRESS_OR_WORD = 118,
+		PIPE_CHAR = 119,
+		NUMBER_SIGN = 120,
+		PERCENT = 121,
+		AMPERSAND = 122,
+		APOSTROPHE = 123,
+		STAR = 124,
+		PLUS = 125,
+		MINUS = 126,
+		DOT = 127,
+		SEMICOLON = 128,
+		QUESTION = 129,
+		COMMERCIAL_AT = 130,
+		OPENING_SQUARE = 131,
+		CLOSING_SQUARE = 132,
+		CARET = 133,
+		UNDERLINE = 134,
+		TILDE = 135,
+		DOUBLE_QUOTE = 136,
+		NULL_TREE_LOOKAHEAD = 3
+	};
+#ifdef __cplusplus
+};
+#endif
+#endif /*INC_PFCfgParserTokenTypes_hpp_*/
diff --git a/src/parsers/PFCfgParserTokenTypes.txt b/src/parsers/PFCfgParserTokenTypes.txt
new file mode 100644
index 000000000..df88656b6
--- /dev/null
+++ b/src/parsers/PFCfgParserTokenTypes.txt
@@ -0,0 +1,135 @@
+// $ANTLR 2.7.7 (20100319): pf.g -> PFCfgParserTokenTypes.txt$
+PFCfgParser    // output token vocab name
+NEWLINE=4
+LINE_COMMENT=5
+WORD=6
+EQUAL=7
+ANTISPOOF="antispoof"=8
+ALTQ="altq"=9
+QUEUE="queue"=10
+SET="set"=11
+SCRUB="scrub"=12
+TABLE="table"=13
+LESS_THAN=14
+GREATER_THAN=15
+PERSIST="persist"=16
+CONST="const"=17
+COUNTERS=18
+FILE="file"=19
+STRING=20
+OPENING_BRACE=21
+COMMA=22
+CLOSING_BRACE=23
+EXLAMATION=24
+SELF="self"=25
+IPV4=26
+SLASH=27
+INT_CONST=28
+NAT="nat"=29
+BINAT="binat"=30
+RDR="rdr"=31
+TIMEOUT="timeout"=32
+PASS="pass"=33
+BLOCK="block"=34
+IN="in"=35
+OUT="out"=36
+LOG="log"=37
+OPENING_PAREN=38
+CLOSING_PAREN=39
+ALL="all"=40
+USER="user"=41
+TO="to"=42
+QUICK="quick"=43
+ON="on"=44
+INET="inet"=45
+INET6="inet6"=46
+PROTO="proto"=47
+IP="ip"=48
+ICMP="icmp"=49
+IGMP="igmp"=50
+TCP="tcp"=51
+UDP="udp"=52
+RDP="rdp"=53
+RSVP="rsvp"=54
+GRE="gre"=55
+ESP="esp"=56
+AH="ah"=57
+EIGRP="eigrp"=58
+OSPF="ospf"=59
+IPIP="ipip"=60
+VRRP="vrrp"=61
+L2TP="l2tp"=62
+ISIS="isis"=63
+FROM="from"=64
+URPF_FAILED="urpf-failed"=65
+ANY="any"=66
+NO_ROUTE="no-route"=67
+IPV6=68
+ROUTE_TO="route-to"=69
+REPLY_TO="reply-to"=70
+FLAGS="flags"=71
+ICMP_TYPE="icmp-type"=72
+ICMP_CODE="code"=73
+ICMP6_TYPE="icmp6-type"=74
+TAGGED="tagged"=75
+TAG="tag"=76
+NO="no"=77
+KEEP="keep"=78
+MODULATE="modulate"=79
+SYNPROXY="synproxy"=80
+STATE="state"=81
+LABEL="label"=82
+PORT="port"=83
+COLON=84
+EXIT="exit"=85
+QUIT="quit"=86
+INTRFACE="interface"=87
+ICMP6="icmp6"=88
+IGRP="igrp"=89
+IPSEC="ipsec"=90
+NOS="nos"=91
+PCP="pcp"=92
+PIM="pim"=93
+PPTP="pptp"=94
+RIP="rip"=95
+SNP="snp"=96
+HOST="host"=97
+RANGE="range"=98
+LOG_LEVEL_ALERTS="alerts"=99
+LOG_LEVEL_CRITICAL="critical"=100
+LOG_LEVEL_DEBUGGING="debugging"=101
+LOG_LEVEL_EMERGENCIES="emergencies"=102
+LOG_LEVEL_ERRORS="errors"=103
+LOG_LEVEL_INFORMATIONAL="informational"=104
+LOG_LEVEL_NOTIFICATIONS="notifications"=105
+LOG_LEVEL_WARNINGS="warnings"=106
+LOG_LEVEL_DISABLE="disable"=107
+LOG_LEVEL_INACTIVE="inactive"=108
+TRANSLATE_TO="->"=109
+Whitespace=110
+HEX_CONST=111
+NUMBER=112
+NEG_INT_CONST=113
+HEX_DIGIT=114
+DIGIT=115
+NUM_3DIGIT=116
+NUM_HEX_4DIGIT=117
+NUMBER_ADDRESS_OR_WORD=118
+PIPE_CHAR=119
+NUMBER_SIGN=120
+PERCENT=121
+AMPERSAND=122
+APOSTROPHE=123
+STAR=124
+PLUS=125
+MINUS=126
+DOT=127
+SEMICOLON=128
+QUESTION=129
+COMMERCIAL_AT=130
+OPENING_SQUARE=131
+CLOSING_SQUARE=132
+CARET=133
+UNDERLINE=134
+TILDE=135
+DOUBLE_QUOTE=136
diff --git a/src/parsers/parsers.pro b/src/parsers/parsers.pro
index 42d2c16fc..c0642c44f 100644
--- a/src/parsers/parsers.pro
+++ b/src/parsers/parsers.pro
@@ -10,7 +10,9 @@ SOURCES	 =  IOSCfgLexer.cpp  \
 			IPTCfgLexer.cpp  \
 			IPTCfgParser.cpp \
 			PIXCfgLexer.cpp  \
-			PIXCfgParser.cpp
+			PIXCfgParser.cpp \
+			PFCfgLexer.cpp  \
+			PFCfgParser.cpp
 
 HEADERS	 = ../../config.h    \
 			IOSCfgLexer.hpp  \
@@ -22,6 +24,9 @@ HEADERS	 = ../../config.h    \
 			PIXCfgLexer.hpp  \
 			PIXCfgParser.hpp \
 			PIXCfgParserTokenTypes.hpp \
+			PFCfgLexer.hpp  \
+			PFCfgParser.hpp \
+			PFCfgParserTokenTypes.hpp \
 
 CONFIG += staticlib
 
diff --git a/src/parsers/pf.g b/src/parsers/pf.g
new file mode 100644
index 000000000..eee2d6de8
--- /dev/null
+++ b/src/parsers/pf.g
@@ -0,0 +1,1147 @@
+/*
+
+                          Firewall Builder
+
+                 Copyright (C) 2011 NetCitadel, LLC
+
+  Author:  Vadim Kurland     vadim@fwbuilder.org
+
+  This program is free software which we release under the GNU General Public
+  License. You may redistribute and/or modify this program under the terms
+  of that license as published by the Free Software Foundation; either
+  version 2 of the License, or (at your option) any later version.
+
+  This program is distributed in the hope that it will be useful,
+  but WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+  GNU General Public License for more details.
+
+  To get a copy of the GNU General Public License, write to the Free Software
+  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+
+*/
+
+header "pre_include_hpp"
+{
+    // gets inserted before antlr generated includes in the header
+    // file
+#include "PFImporter.h"
+}
+
+header "post_include_hpp"
+{
+    // gets inserted after antlr generated includes in the header file
+    // outside any generated namespace specifications
+
+#include <sstream>
+
+class PFImporter;
+}
+
+header "pre_include_cpp"
+{
+    // gets inserted before the antlr generated includes in the cpp
+    // file
+}
+
+header "post_include_cpp"
+{
+    // gets inserted after the antlr generated includes in the cpp
+    // file
+#include <antlr/Token.hpp>
+#include <antlr/TokenBuffer.hpp>
+}
+
+header
+{
+    // gets inserted after generated namespace specifications in the
+    // header file. But outside the generated class.
+}
+
+options
+{
+	language="Cpp";
+}
+
+
+class PFCfgParser extends Parser;
+options
+{
+    k = 2;
+
+// when default error handler is disabled, parser errors cause
+// exception and terminate parsing process. We can catch the exception
+// and make the error appear in importer log, but import process
+// terminates which is not always optimal
+//
+//    defaultErrorHandler = false;
+
+// see http://www.antlr2.org/doc/options.html
+}
+{
+// additional methods and members
+
+    public:
+
+    std::ostream *dbg;
+    PFImporter *importer;
+
+    /// Parser error-reporting function can be overridden in subclass
+    virtual void reportError(const ANTLR_USE_NAMESPACE(antlr)RecognitionException& ex)
+    {
+        importer->addMessageToLog("Parser error: " + ex.toString());
+        std::cerr << ex.toString() << std::endl;
+    }
+
+    /// Parser error-reporting function can be overridden in subclass
+    virtual void reportError(const ANTLR_USE_NAMESPACE(std)string& s)
+    {
+        importer->addMessageToLog("Parser error: " + s);
+        std::cerr << s << std::endl;
+    }
+
+    /// Parser warning-reporting function can be overridden in subclass
+    virtual void reportWarning(const ANTLR_USE_NAMESPACE(std)string& s)
+    {
+        importer->addMessageToLog("Parser warning: " + s);
+        std::cerr << s << std::endl;
+    }
+
+}
+
+cfgfile :
+        (
+            comment
+        |
+            macro_definition
+        |
+            altq_command
+        |
+            antispoof_command
+        |
+            queue_command
+        |
+            set_command
+        |
+            scrub_command
+        |
+            table_command
+        |
+            nat_command
+        |
+            rdr_command
+        |
+            binat_command
+        |
+            pass_command
+        |
+            block_command
+        |
+            timeout_command
+        |
+            unknown_command
+        |
+            NEWLINE
+        )*
+    ;
+
+//****************************************************************
+comment : LINE_COMMENT ;
+
+//****************************************************************
+macro_definition : WORD EQUAL
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+antispoof_command : ANTISPOOF
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Warning: import of 'antispoof' commands has not been implemented yet."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+altq_command : ALTQ
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Error: import of 'altq' commands is not supported."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+queue_command : QUEUE
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Error: import of 'queue' commands is not supported."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+set_command : SET
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Warning: import of 'set' commands has not been implemented yet."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+scrub_command : SCRUB
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Warning: import of 'scrub' commands has not been implemented yet."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+table_command :
+        TABLE
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+        }
+        LESS_THAN
+        name:WORD
+        GREATER_THAN 
+        ( PERSIST ) ?
+        ( CONST ) ?
+        ( COUNTERS )?
+        (
+            FILE file:STRING
+            {
+                importer->newAddressTableObject(
+                    name->getText(), file->getText());
+            }
+        |
+            OPENING_BRACE
+            tableaddr_spec
+            (
+                ( COMMA )?
+                tableaddr_spec
+            )*
+            CLOSING_BRACE
+            {
+                importer->newAddressTableObject(
+                    name->getText(), importer->tmp_group);
+            }
+        )
+    ;
+
+tableaddr_spec { AddressSpec as; } :
+        ( EXLAMATION { as.neg = true; } )?
+        (
+            WORD
+            {
+                as.at = AddressSpec::INTERFACE_NAME;
+                as.address = LT(0)->getText();
+            }
+        |
+            SELF
+            {
+                as.at = AddressSpec::SPECIAL_ADDRESS;
+                as.address = "self";
+            }
+        |
+            IPV4
+            {
+                as.at = AddressSpec::HOST_ADDRESS;
+                as.address = LT(0)->getText();
+            }
+            (
+                SLASH 
+                {
+                    as.at = AddressSpec::NETWORK_ADDRESS;
+                }
+                ( IPV4 | INT_CONST )
+                {
+                    as.netmask = LT(0)->getText(); 
+                }
+            )?
+        )
+        {
+            importer->tmp_group.push_back(as);
+        }
+    ;
+
+//****************************************************************
+nat_command : NAT
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Warning: import of 'nat' commands has not been implemented yet."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+binat_command : BINAT
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Error: import of 'binat' commands is not supported."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+rdr_command : RDR
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Warning: import of 'rdr' commands has not been implemented yet."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+//****************************************************************
+timeout_command : TIMEOUT
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->addMessageToLog(
+                QString("Warning: import of 'timeout' commands has not been implemented yet."));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+
+//****************************************************************
+unknown_command : WORD
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+
+//****************************************************************
+
+pass_command : PASS
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->newPolicyRule();
+            importer->action = "pass";
+            *dbg << LT(1)->getLine() << ":" << " pass ";
+        }
+        rule_extended NEWLINE
+        {
+            importer->pushRule();
+        }
+    ;
+
+block_command : BLOCK
+        {
+            importer->clear();
+            importer->setCurrentLineNumber(LT(0)->getLine());
+            importer->newPolicyRule();
+            importer->action = "block";
+            *dbg << LT(1)->getLine() << ":" << " block   ";
+        }
+        rule_extended NEWLINE
+        {
+            importer->pushRule();
+        }
+    ;
+
+rule_extended :
+        ( direction )?
+        ( logging )?
+        ( quick )?
+        ( intrface )?
+        ( route )?
+        ( address_family )?
+        ( protospec )?
+        ( hosts )?
+        ( filteropts )?
+    ;
+
+direction : ( IN | OUT )
+        {
+            importer->direction = LT(0)->getText();
+        }
+    ;
+
+logging : 
+        LOG (logopts)?
+        {
+            importer->logging = true;
+        }
+    ;
+
+logopts :
+        OPENING_PAREN
+        logopt
+        (
+            COMMA    { importer->logopts += ","; }
+            logopt
+        )*
+        CLOSING_PAREN
+    ;
+
+logopt : ALL | USER | TO WORD
+        {
+            importer->logopts += LT(0)->getText();
+        }
+    ;
+
+quick : QUICK
+        {
+            importer->quick = true;
+        }
+    ;
+
+intrface : ON ( ifspec | interface_list )
+    ;
+
+ifspec { InterfaceSpec is; } :
+        ( EXLAMATION { is.neg = true; } )?
+        WORD
+        {
+            is.name = LT(0)->getText();
+            importer->iface_group.push_back(is);
+            importer->newInterface(is.name);
+        }
+    ;
+
+interface_list :
+        OPENING_BRACE
+        ifspec
+        (
+            ( COMMA )?
+            ifspec
+        )*
+        CLOSING_BRACE
+    ;
+
+
+address_family : INET | INET6
+        {
+            importer->address_family = LT(0)->getText();
+        }
+    ;
+
+protospec : PROTO proto_def
+    ;
+
+proto_def :
+        (
+            proto_name
+        |
+            proto_number
+        |
+            proto_list
+        )
+    ;
+
+proto_name : (IP | ICMP | IGMP | TCP | UDP | RDP | RSVP | GRE | ESP | AH |
+             EIGRP | OSPF | IPIP | VRRP | L2TP | ISIS )
+        {
+            importer->proto_list.push_back(LT(0)->getText());
+        }
+    ;
+
+proto_number : INT_CONST
+        {
+            importer->proto_list.push_back(LT(0)->getText());
+        }
+    ;
+
+proto_list : 
+        OPENING_BRACE
+        proto_def
+        (
+            ( COMMA )?
+            proto_def
+        )*
+        CLOSING_BRACE
+    ;
+
+hosts :
+        ALL
+        {
+            importer->src_group.push_back(
+                AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
+            importer->dst_group.push_back(
+                AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
+        }
+    |
+        ( hosts_from )?  ( hosts_to )?
+    ;
+
+hosts_from :
+        FROM ( src_hosts_part )? ( src_port_part )?
+    ;
+
+hosts_to :
+        TO ( dst_hosts_part )? ( dst_port_part )?
+    ;
+
+src_hosts_part :
+        (
+            common_hosts_part
+        |
+            URPF_FAILED
+            {
+                importer->tmp_group.push_back(
+                    AddressSpec(AddressSpec::SPECIAL_ADDRESS, false,
+                                "urpf-failed", ""));
+            }
+        )
+        {
+            importer->src_neg = importer->tmp_neg;
+            importer->src_group.splice(importer->src_group.begin(),
+                                       importer->tmp_group);
+        }
+    ;
+
+dst_hosts_part :
+        common_hosts_part
+        {
+            importer->dst_neg = importer->tmp_neg;
+            importer->dst_group.splice(importer->dst_group.begin(),
+                                       importer->tmp_group);
+        }
+    ;
+
+common_hosts_part :
+        ANY
+        {
+            importer->tmp_group.push_back(
+                AddressSpec(AddressSpec::ANY, false, "0.0.0.0", "0.0.0.0"));
+        }
+    |
+        NO_ROUTE
+        {
+            importer->tmp_group.push_back(
+                AddressSpec(AddressSpec::SPECIAL_ADDRESS, false, "no-route", ""));
+        }
+    |
+        host
+    |
+        host_list
+    ;
+
+host { AddressSpec as; } :
+        ( EXLAMATION { as.neg = true; } )?
+        (
+            WORD
+            {
+                // interface name or domain/host name
+                as.at = AddressSpec::INTERFACE_NAME;
+                as.address = LT(0)->getText();
+            }
+        |
+            SELF
+            {   
+                as.at = AddressSpec::SPECIAL_ADDRESS;
+                as.address = "self";
+            }
+        |
+            IPV6
+            {
+                importer->addMessageToLog(
+                    QString("Error: IPv6 import is not supported. "));
+                consumeUntil(NEWLINE);
+            }
+        |
+            IPV4
+            {
+                as.at = AddressSpec::HOST_ADDRESS;
+                as.address = LT(0)->getText();
+            }
+            (
+                SLASH 
+                {
+                    as.at = AddressSpec::NETWORK_ADDRESS;
+                }
+                ( IPV4 | INT_CONST )
+                {
+                    as.netmask = LT(0)->getText(); 
+                }
+            )?
+        |
+            LESS_THAN tn:WORD GREATER_THAN
+            {
+                as.at = AddressSpec::TABLE;
+                as.address = tn->getText();
+            }
+        )
+        {
+            importer->tmp_group.push_back(as);
+        }
+    ;
+
+host_list :
+        OPENING_BRACE
+        host
+        (
+            COMMA
+            host
+        )*
+        CLOSING_BRACE
+    ;
+
+// ************************************************************************
+route :
+        route_to | reply_to
+    ;
+
+route_to :
+        ROUTE_TO ( routehost | routehost_list )
+        {
+            importer->route_type = PFImporter::ROUTE_TO;
+        }
+    ;
+
+reply_to :
+        REPLY_TO ( routehost | routehost_list )
+        {
+            importer->route_type = PFImporter::REPLY_TO;
+        }
+    ;
+
+routehost { RouteSpec rs; } :
+        OPENING_PAREN
+        WORD { rs.iface = LT(0)->getText(); }
+        (h:IPV4 | v6:IPV6) (SLASH (nm:IPV4 | nm6:INT_CONST))?
+        {
+            if (v6)
+            {
+                importer->addMessageToLog(
+                    QString("Error: IPv6 import is not supported. "));
+                consumeUntil(NEWLINE);
+            } else
+            {
+                if (h) rs.address = h->getText();
+                if (nm) rs.netmask = nm->getText();
+                importer->route_group.push_back(rs);
+            }
+        }
+        CLOSING_PAREN
+    ;
+
+routehost_list :
+        OPENING_BRACE
+        routehost
+        (
+            ( COMMA )?
+            routehost
+        )*
+        CLOSING_BRACE
+    ;
+
+// ************************************************************************
+filteropts :
+        filteropt
+        (
+            ( COMMA )?
+            filteropt
+        )*
+    ;
+
+filteropt :
+        tcp_flags
+    |
+        icmp_type
+    |
+        icmp6_type
+    |
+        tagged
+    |
+        tag_clause
+    |
+        state
+    |
+        queue
+    |
+        label
+    ;
+
+tcp_flags :
+    FLAGS
+    (
+        ANY
+        {
+            importer->flags_check = "any";
+            importer->flags_mask = "all";
+        }
+    |
+        ( check:WORD )? SLASH ( mask:WORD )?
+        {
+            if (check)
+                importer->flags_check = check->getText();
+            else
+                importer->flags_check = "any";
+            if (mask)
+                importer->flags_mask = mask->getText();
+            else
+                importer->flags_mask = "all";
+        }
+    )
+    ;
+
+icmp_type :
+        ICMP_TYPE
+        (
+            icmp_type_code
+        |
+            icmp_list
+        )
+    ;
+
+icmp_type_code { std::string icmp_type, icmp_code; } :
+        ( WORD | INT_CONST ) { icmp_type = LT(0)->getText(); }
+        (
+            ICMP_CODE ( WORD | INT_CONST ) { icmp_code = LT(0)->getText(); }
+        )?
+        {
+            importer->icmp_type_code_group.push_back(
+                str_tuple(icmp_type, icmp_code));
+        }
+    ;
+
+icmp_list :
+    OPENING_BRACE
+    icmp_type_code
+    (
+        ( COMMA )?
+        icmp_type_code
+    )*
+    CLOSING_BRACE
+    ;
+
+
+icmp6_type :
+        ICMP6_TYPE
+        {
+            importer->addMessageToLog(
+                QString("Error: ICMP6 import is not supported. "));
+            consumeUntil(NEWLINE);
+        }
+    ;
+
+tagged :
+        TAGGED WORD
+        {
+            importer->tagged = LT(0)->getText();
+        }
+    ;
+
+tag_clause :
+        TAG WORD
+        {
+            importer->tag = LT(0)->getText();
+        }
+    ;
+
+state :
+        (
+            NO
+        |
+            KEEP
+        |
+            MODULATE
+        |
+            SYNPROXY
+        )
+        {
+            importer->state_op = LT(0)->getText();
+        }
+        STATE
+    ;
+
+queue :
+        QUEUE
+        (
+            WORD { importer->queue += LT(0)->getText(); }
+        |
+            OPENING_PAREN
+            WORD          { importer->queue += LT(0)->getText(); }
+            (
+                COMMA     { importer->queue += ","; }
+                WORD      { importer->queue += LT(0)->getText(); }
+            )*
+            CLOSING_PAREN
+        )
+    ;
+
+label :
+        LABEL STRING
+    ;
+
+//****************************************************************
+
+src_port_part :
+        PORT ( port_op | port_op_list )
+        {
+            importer->src_port_group.splice(importer->src_port_group.begin(),
+                                            importer->tmp_port_group);
+        }
+    ;
+
+dst_port_part :
+        PORT ( port_op | port_op_list )
+        {
+            importer->dst_port_group.splice(importer->dst_port_group.begin(),
+                                            importer->tmp_port_group);
+        }
+    ;
+
+unary_port_op :
+        (
+            EQUAL              { importer->tmp_port_op = "="; }
+        |
+            EXLAMATION EQUAL   { importer->tmp_port_op = "!="; }
+        |
+            LESS_THAN          { importer->tmp_port_op = "<"; }
+        |
+            LESS_THAN EQUAL    { importer->tmp_port_op = "<="; }
+        |
+            GREATER_THAN       { importer->tmp_port_op = ">"; }
+        |
+            GREATER_THAN EQUAL { importer->tmp_port_op = ">="; }
+        )
+    ;
+
+binary_port_op :
+        (
+            LESS_THAN GREATER_THAN { importer->tmp_port_op = "<>"; }
+        |
+            GREATER_THAN LESS_THAN { importer->tmp_port_op = "><"; }
+        |
+            COLON                  { importer->tmp_port_op = ":"; }
+        )
+    ;
+
+port_op { PortSpec ps; } :
+        (
+            unary_port_op { ps.port_op = importer->tmp_port_op; }
+            port_def
+            {
+                ps.port1 = importer->tmp_port_def;
+                ps.port2 = importer->tmp_port_def;
+            }
+        |
+            port_def
+            {
+                ps.port1 = importer->tmp_port_def;
+                ps.port2 = ps.port1;
+                ps.port_op = "=";
+            }
+            (
+                binary_port_op { ps.port_op = importer->tmp_port_op; }
+                port_def       { ps.port2 = LT(0)->getText(); }
+            )?
+        )
+        {
+            importer->tmp_port_group.push_back(ps);
+        }
+    ;
+
+port_def :
+        WORD | INT_CONST
+        {
+            importer->tmp_port_def = LT(0)->getText();
+        }
+    ;
+
+port_op_list :
+        OPENING_BRACE
+        port_op
+        (
+            ( COMMA )?
+            port_op
+        )*
+        CLOSING_BRACE
+    ;
+
+
+
+//****************************************************************
+
+class PFCfgLexer extends Lexer;
+options
+{
+    k = 3;
+    // ASCII only
+    charVocabulary = '\3'..'\377';
+}
+
+tokens
+{
+    EXIT = "exit";
+    QUIT = "quit";
+
+    NO = "no";
+
+    INTRFACE = "interface";
+
+    PASS = "pass";
+    BLOCK = "block";
+
+    QUICK = "quick";
+
+    IN = "in";
+    OUT = "out";
+
+    ON = "on";
+    PROTO = "proto";
+
+    FROM = "from";
+    TO = "to";
+
+    INET = "inet";
+    INET6 = "inet6";
+
+// protocols 
+
+    IP = "ip";
+    ICMP = "icmp";
+    ICMP6 = "icmp6";
+    TCP  = "tcp";
+    UDP  = "udp";
+
+    AH = "ah";
+    EIGRP = "eigrp";
+    ESP = "esp";
+    GRE = "gre";
+    IGMP = "igmp";
+    IGRP = "igrp";
+    IPIP = "ipip";
+    IPSEC = "ipsec";
+    NOS = "nos";
+    OSPF = "ospf";
+    PCP = "pcp";
+    PIM = "pim";
+    PPTP = "pptp";
+    RIP = "rip";
+    SNP = "snp";
+    RDP = "rdp";
+    RSVP = "rsvp";
+    VRRP = "vrrp";
+    L2TP = "l2tp";
+    ISIS = "isis";
+
+    HOST = "host";
+    ANY = "any";
+    ALL = "all";
+    USER = "user";
+
+    PORT = "port";
+
+    RANGE = "range";
+
+    LOG = "log";
+
+    NO_ROUTE = "no-route";
+    SELF = "self";
+    URPF_FAILED = "urpf-failed";
+
+    LOG_LEVEL_ALERTS = "alerts";
+    LOG_LEVEL_CRITICAL = "critical";
+    LOG_LEVEL_DEBUGGING = "debugging";
+    LOG_LEVEL_EMERGENCIES = "emergencies";
+    LOG_LEVEL_ERRORS = "errors";
+    LOG_LEVEL_INFORMATIONAL = "informational";
+    LOG_LEVEL_NOTIFICATIONS = "notifications";
+    LOG_LEVEL_WARNINGS = "warnings";
+    LOG_LEVEL_DISABLE = "disable";
+    LOG_LEVEL_INACTIVE = "inactive";
+
+    TIMEOUT = "timeout";
+
+    ALTQ = "altq";
+    ANTISPOOF = "antispoof";
+
+    SET = "set";
+    SCRUB = "scrub";
+    NAT = "nat";
+    RDR = "rdr";
+    BINAT = "binat";
+    TABLE = "table";
+    CONST = "const";
+    PERSIST = "persist";
+    FILE = "file";
+
+    QUEUE = "queue";
+
+    LABEL = "label";
+
+    ROUTE_TO = "route-to";
+    REPLY_TO = "reply-to";
+
+    TAG = "tag";
+    TAGGED = "tagged";
+
+    TRANSLATE_TO = "->";
+
+    STATE = "state";
+    KEEP = "keep";
+    MODULATE = "modulate";
+    SYNPROXY = "synproxy";
+
+    FLAGS = "flags";
+    ICMP_TYPE = "icmp-type";
+    ICMP6_TYPE = "icmp6-type";
+    ICMP_CODE = "code";
+}
+
+LINE_COMMENT : "#" (~('\r' | '\n'))* NEWLINE ;
+
+Whitespace :  ( '\003'..'\010' | '\t' | '\013' | '\f' | '\016'.. '\037' | '\177'..'\377' | ' ' )
+        { $setType(ANTLR_USE_NAMESPACE(antlr)Token::SKIP);  } ;
+
+
+//COMMENT_START : '!' ;
+
+NEWLINE : ( "\r\n" | '\r' | '\n' ) { newline();  } ;
+
+protected
+INT_CONST:;
+
+protected
+HEX_CONST:;
+
+protected
+NUMBER:;
+
+protected
+NEG_INT_CONST:;
+
+protected
+COLON : ;
+
+protected
+HEX_DIGIT : '0'..'9' 'a'..'f' ;
+
+protected
+DIGIT : '0'..'9'  ;
+
+protected
+NUM_3DIGIT: ('0'..'9') (('0'..'9') ('0'..'9')?)? ;
+
+protected
+NUM_HEX_4DIGIT: HEX_DIGIT ((HEX_DIGIT) ((HEX_DIGIT) (HEX_DIGIT)?)?)? ;
+
+
+NUMBER_ADDRESS_OR_WORD 
+options {
+    testLiterals = true;
+}
+    :
+        ( NUM_3DIGIT '.' NUM_3DIGIT '.' ) =>
+            (NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT '.' NUM_3DIGIT)
+            { $setType(IPV4); }
+    |
+        ( (DIGIT)+ '.' (DIGIT)+ )=> ( (DIGIT)+ '.' (DIGIT)+ )
+        { $setType(NUMBER); }
+//    |
+//        ( (DIGIT)+ ':' (DIGIT)+ )=> ( (DIGIT)+ ':' (DIGIT)+ )
+//        { $setType(PORT_RANGE); }
+    |
+        ( DIGIT )+ { $setType(INT_CONST); }
+
+    // IPv6 RULE
+    |   (NUM_HEX_4DIGIT ':')=>
+        (
+            ((NUM_HEX_4DIGIT ':')+ ':')=>
+            (
+                (NUM_HEX_4DIGIT ':')+ ':'
+                (NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*)?
+            )   { $setType(IPV6); }
+
+            |   NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)+
+                { $setType(IPV6); }
+
+        )   { $setType(IPV6); }
+
+    |   (':' ':' NUM_HEX_4DIGIT)=>
+        ':' ':' NUM_HEX_4DIGIT (':' NUM_HEX_4DIGIT)*
+        { $setType(IPV6); }
+
+    |   ':' ':'
+        { $setType(IPV6); }
+
+    |   ':'
+        { $setType(COLON); }
+
+    |
+
+// making sure ',' '(' ')' '=' '<' '>' '+' are not part of WORD do
+// not start WORD with '$' since we expand macros in PFImporterRun
+// using regex.
+// double quote " should be included, without it STRING does not match
+
+        ( 'a'..'z' | 'A'..'Z' )
+        ( '"' | '$' | '%' | '&' | '-' | '0'..'9' | ';' |
+          '?' | '@' | 'A'..'Z' | '\\' | '^' | '_' | '`' | 'a'..'z' )*
+        { $setType(WORD); }
+    ;
+
+STRING : '"' (~'"')* '"';
+
+PIPE_CHAR : '|';
+NUMBER_SIGN : '#' ;
+// DOLLAR : '$' ;
+PERCENT : '%' ;
+AMPERSAND : '&' ;
+APOSTROPHE : '\'' ;
+STAR : '*' ;
+PLUS : '+' ;
+COMMA : ',' ;
+MINUS : '-' ;
+DOT : '.' ;
+SLASH : '/' ;
+
+//COLON : ':' ;
+SEMICOLON : ';' ;
+
+EQUAL : '=';
+
+QUESTION : '?' ;
+COMMERCIAL_AT : '@' ;
+
+OPENING_PAREN : '(' ;
+CLOSING_PAREN : ')' ;
+
+OPENING_SQUARE : '[' ;
+CLOSING_SQUARE : ']' ;
+
+OPENING_BRACE : '{' ;
+CLOSING_BRACE : '}' ;
+
+CARET : '^' ;
+UNDERLINE : '_' ;
+
+TILDE : '~' ;
+
+EXLAMATION : '!';
+
+LESS_THAN : '<' ;
+GREATER_THAN : '>' ;
+
+DOUBLE_QUOTE : '"';
diff --git a/src/pflib/PolicyCompiler_pf.cpp b/src/pflib/PolicyCompiler_pf.cpp
index 82c29c667..198ee062f 100644
--- a/src/pflib/PolicyCompiler_pf.cpp
+++ b/src/pflib/PolicyCompiler_pf.cpp
@@ -29,6 +29,7 @@
 #include "NATCompiler_pf.h"
 
 #include "fwbuilder/AddressTable.h"
+#include "fwbuilder/DNSName.h"
 #include "fwbuilder/FWObjectDatabase.h"
 #include "fwbuilder/FailoverClusterGroup.h"
 #include "fwbuilder/Firewall.h"
@@ -655,6 +656,8 @@ bool PolicyCompiler_pf::addLoopbackForRedirect::processNext()
         for (FWObject::iterator j=dst->begin(); j!=dst->end(); j++) 
         {
             FWObject *o2 = FWReference::getObject(*j);
+            if (o2->getName() == "self" && DNSName::isA(o2)) continue;
+
             Address *a = Address::cast( o2 );
             assert(a);
 
@@ -937,7 +940,20 @@ void PolicyCompiler_pf::compile()
     //    "process interface policy rules and store interface ids"));
 
     add(new splitIfFirewallInSrc("split rule if firewall is in Src"));
+    add(new ReplaceFirewallObjectWithSelfInSrc(
+            "Replace firewall object with 'self' in Src"));
+
     add(new splitIfFirewallInDst("split rule if firewall is in Dst"));
+    add(new ReplaceFirewallObjectWithSelfInDst(
+            "Replace firewall object with 'self' in Dst"));
+
+    // call these again since "self" is a MultiAddress object
+    add( new swapMultiAddressObjectsInSrc(
+             " swap MultiAddress -> MultiAddressRunTime in Src"));
+    add( new swapMultiAddressObjectsInDst(
+             " swap MultiAddress -> MultiAddressRunTime in Dst"));
+
+
     add(new fillDirection("determine directions"));
 
 // commented out for bug #2828602
@@ -949,6 +965,7 @@ void PolicyCompiler_pf::compile()
             "add loopback to rules that permit redirected services"));
     add(new ExpandMultipleAddresses(
             "expand objects with multiple addresses"));
+
     add(new dropRuleWithEmptyRE("drop rules with empty rule elements"));
     add(new checkForDynamicInterfacesOfOtherObjects(
             "check for dynamic interfaces of other hosts and firewalls"));
diff --git a/src/pflib/PolicyCompiler_pf_writers.cpp b/src/pflib/PolicyCompiler_pf_writers.cpp
index 2c0ef5c6a..cfd344f1a 100644
--- a/src/pflib/PolicyCompiler_pf_writers.cpp
+++ b/src/pflib/PolicyCompiler_pf_writers.cpp
@@ -758,7 +758,7 @@ string PolicyCompiler_pf::PrintRule::_printTCPFlags(libfwbuilder::TCPService *sr
     return str;
 }
 
-void PolicyCompiler_pf::PrintRule::_printAddr(Address  *o,bool )
+void PolicyCompiler_pf::PrintRule::_printAddr(Address *o, bool )
 {
     MultiAddressRunTime *atrt = MultiAddressRunTime::cast(o);
     if (atrt!=NULL)
@@ -880,7 +880,7 @@ void PolicyCompiler_pf::PrintRule::_printDstAddr(RuleElement  *rel)
     FWReference *oref = FWReference::cast(o);
     if (o && oref!=NULL) o=oref->getPointer();
 
-    Address *dst= Address::cast(o);
+    Address *dst = Address::cast(o);
 
     _printNegation(rel);
 
diff --git a/test/ipt/cluster1_secuwall-1.fw.orig b/test/ipt/cluster1_secuwall-1.fw.orig
index ed1ea5a32..1ceb38c04 100755
--- a/test/ipt/cluster1_secuwall-1.fw.orig
+++ b/test/ipt/cluster1_secuwall-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:18 2011 PDT by vadim
+#  Generated Thu May 26 14:18:20 2011 PDT by vadim
 #
 # files: * cluster1_secuwall-1.fw /etc/cluster1_secuwall-1.fw
 #
@@ -609,7 +609,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim"
         log "Database was cluster-tests.fwb"
         check_tools
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-base-rulesets.fw.orig b/test/ipt/firewall-base-rulesets.fw.orig
index 7be47d994..d96d2d797 100755
--- a/test/ipt/firewall-base-rulesets.fw.orig
+++ b/test/ipt/firewall-base-rulesets.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:25 2011 PDT by vadim
+#  Generated Thu May 26 14:17:25 2011 PDT by vadim
 #
 # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
 #
@@ -466,7 +466,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:25 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-1.fw.orig b/test/ipt/firewall-ipv6-1.fw.orig
index f0f04020f..eca0fe218 100755
--- a/test/ipt/firewall-ipv6-1.fw.orig
+++ b/test/ipt/firewall-ipv6-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:38 2011 PDT by vadim
+#  Generated Thu May 26 14:17:30 2011 PDT by vadim
 #
 # files: * firewall-ipv6-1.fw /etc/firewall-ipv6-1.fw
 #
@@ -723,7 +723,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:38 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:30 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-2.fw.orig b/test/ipt/firewall-ipv6-2.fw.orig
index c3bdbbaca..06f3d0003 100755
--- a/test/ipt/firewall-ipv6-2.fw.orig
+++ b/test/ipt/firewall-ipv6-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:38 2011 PDT by vadim
+#  Generated Thu May 26 14:17:31 2011 PDT by vadim
 #
 # files: * firewall-ipv6-2.fw /etc/firewall-ipv6-2.fw
 #
@@ -987,7 +987,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:38 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:31 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-3.fw.orig b/test/ipt/firewall-ipv6-3.fw.orig
index 14d664040..f27a7476d 100755
--- a/test/ipt/firewall-ipv6-3.fw.orig
+++ b/test/ipt/firewall-ipv6-3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:49 2011 PDT by vadim
+#  Generated Thu May 26 14:17:36 2011 PDT by vadim
 #
 # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
 #
@@ -617,7 +617,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:49 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-4-1.fw.orig b/test/ipt/firewall-ipv6-4-1.fw.orig
index 315746245..e8e4c6bbc 100755
--- a/test/ipt/firewall-ipv6-4-1.fw.orig
+++ b/test/ipt/firewall-ipv6-4-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:00 2011 PDT by vadim
+#  Generated Thu May 26 14:17:41 2011 PDT by vadim
 #
 # files: * firewall-ipv6-4-1.fw /etc/firewall-ipv6-4-1.fw
 #
@@ -568,7 +568,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:00 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:41 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-4.fw.orig b/test/ipt/firewall-ipv6-4.fw.orig
index fafe6c02d..2e82bb2a8 100755
--- a/test/ipt/firewall-ipv6-4.fw.orig
+++ b/test/ipt/firewall-ipv6-4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:49 2011 PDT by vadim
+#  Generated Thu May 26 14:17:36 2011 PDT by vadim
 #
 # files: * firewall-ipv6-4.fw /etc/firewall-ipv6-4.fw
 #
@@ -604,7 +604,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:49 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:36 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-5.fw.orig b/test/ipt/firewall-ipv6-5.fw.orig
index bc1ce6575..5be080249 100755
--- a/test/ipt/firewall-ipv6-5.fw.orig
+++ b/test/ipt/firewall-ipv6-5.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:51 2011 PDT by vadim
+#  Generated Thu May 26 14:17:40 2011 PDT by vadim
 #
 # files: * firewall-ipv6-5.fw /etc/firewall-ipv6-5.fw
 #
@@ -433,7 +433,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:51 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:40 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-6.fw.orig b/test/ipt/firewall-ipv6-6.fw.orig
index afc1ae538..b14aba8a5 100755
--- a/test/ipt/firewall-ipv6-6.fw.orig
+++ b/test/ipt/firewall-ipv6-6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:53 2011 PDT by vadim
+#  Generated Thu May 26 14:17:44 2011 PDT by vadim
 #
 # files: * firewall-ipv6-6.fw /etc/firewall-ipv6-6.fw
 #
@@ -422,7 +422,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:53 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:44 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-7.fw.orig b/test/ipt/firewall-ipv6-7.fw.orig
index d896cc68a..a366b49ea 100755
--- a/test/ipt/firewall-ipv6-7.fw.orig
+++ b/test/ipt/firewall-ipv6-7.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:55 2011 PDT by vadim
+#  Generated Thu May 26 14:17:45 2011 PDT by vadim
 #
 # files: * firewall-ipv6-7.fw /etc/firewall-ipv6-7.fw
 #
@@ -466,7 +466,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:55 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:45 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-8.fw.orig b/test/ipt/firewall-ipv6-8.fw.orig
index bd6b38981..ed94cd6c4 100755
--- a/test/ipt/firewall-ipv6-8.fw.orig
+++ b/test/ipt/firewall-ipv6-8.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sun May 15 12:01:42 2011 PDT by vadim
+#  Generated Thu May 26 14:17:47 2011 PDT by vadim
 #
 # files: * firewall-ipv6-8.fw /etc/firewall-ipv6-8.fw
 #
@@ -539,7 +539,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sun May 15 12:01:42 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:47 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
index 4ae662354..a37791c74 100755
--- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
+++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-flush.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:58 2011 PDT by vadim
+#  Generated Thu May 26 14:17:49 2011 PDT by vadim
 #
 # files: * firewall-ipv6-ipt-reset-prolog-after-flush.fw /etc/firewall-ipv6-ipt-reset-prolog-after-flush.fw
 #
@@ -463,7 +463,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:58 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:49 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
index f89b93518..a1eb41ab7 100755
--- a/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
+++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:00 2011 PDT by vadim
+#  Generated Thu May 26 14:17:52 2011 PDT by vadim
 #
 # files: * firewall-ipv6-ipt-reset-prolog-after-interfaces.fw /etc/firewall-ipv6-ipt-reset-prolog-after-interfaces.fw
 #
@@ -463,7 +463,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:00 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:52 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
index b43e5e970..7b3ea7652 100755
--- a/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
+++ b/test/ipt/firewall-ipv6-ipt-reset-prolog-top.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:02 2011 PDT by vadim
+#  Generated Thu May 26 14:17:53 2011 PDT by vadim
 #
 # files: * firewall-ipv6-ipt-reset-prolog-top.fw /etc/firewall-ipv6-ipt-reset-prolog-top.fw
 #
@@ -463,7 +463,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:02 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:53 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig
index 8d5e785b7..cc2563f6b 100755
--- a/test/ipt/firewall-ipv6-nd-ns-1.fw.orig
+++ b/test/ipt/firewall-ipv6-nd-ns-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:02 2011 PDT by vadim
+#  Generated Thu May 26 14:17:56 2011 PDT by vadim
 #
 # files: * firewall-ipv6-nd-ns-1.fw /etc/firewall-ipv6-nd-ns-1.fw
 #
@@ -463,7 +463,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:02 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:56 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig
index 0ece67a49..525943567 100755
--- a/test/ipt/firewall-ipv6-nd-ns-2.fw.orig
+++ b/test/ipt/firewall-ipv6-nd-ns-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:04 2011 PDT by vadim
+#  Generated Thu May 26 14:17:57 2011 PDT by vadim
 #
 # files: * firewall-ipv6-nd-ns-2.fw /etc/firewall-ipv6-nd-ns-2.fw
 #
@@ -467,7 +467,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:04 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:57 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
index d0d540a71..b96b11a4c 100755
--- a/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
+++ b/test/ipt/firewall-ipv6-prolog-after-flush.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:05 2011 PDT by vadim
+#  Generated Thu May 26 14:17:59 2011 PDT by vadim
 #
 # files: * firewall-ipv6-prolog-after-flush.fw /etc/firewall-ipv6-prolog-after-flush.fw
 #
@@ -441,7 +441,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:05 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:59 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
index 9fe79e7aa..9b077ee0a 100755
--- a/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
+++ b/test/ipt/firewall-ipv6-prolog-after-interfaces.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:06 2011 PDT by vadim
+#  Generated Thu May 26 14:18:00 2011 PDT by vadim
 #
 # files: * firewall-ipv6-prolog-after-interfaces.fw /etc/firewall-ipv6-prolog-after-interfaces.fw
 #
@@ -441,7 +441,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:06 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:00 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-ipv6-prolog-top.fw.orig b/test/ipt/firewall-ipv6-prolog-top.fw.orig
index 7b6d5b25d..89df16c58 100755
--- a/test/ipt/firewall-ipv6-prolog-top.fw.orig
+++ b/test/ipt/firewall-ipv6-prolog-top.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:07 2011 PDT by vadim
+#  Generated Thu May 26 14:18:03 2011 PDT by vadim
 #
 # files: * firewall-ipv6-prolog-top.fw /etc/firewall-ipv6-prolog-top.fw
 #
@@ -441,7 +441,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:07 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:03 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall-server-1-s.fw.orig b/test/ipt/firewall-server-1-s.fw.orig
index 93ddf4450..50032af01 100755
--- a/test/ipt/firewall-server-1-s.fw.orig
+++ b/test/ipt/firewall-server-1-s.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:08 2011 PDT by vadim
+#  Generated Thu May 26 14:18:04 2011 PDT by vadim
 #
 # files: * firewall-server-1-s.fw /etc/fw/firewall-server-1-s.fw
 #
@@ -414,7 +414,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:08 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:04 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall.fw.orig b/test/ipt/firewall.fw.orig
index 096c93e8b..2b636b8f9 100755
--- a/test/ipt/firewall.fw.orig
+++ b/test/ipt/firewall.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:37 2011 PDT by vadim
+#  Generated Thu May 26 14:14:24 2011 PDT by vadim
 #
 # files: * firewall.fw /etc/fw/firewall.fw
 #
@@ -1397,7 +1397,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:37 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:24 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall1.fw.orig b/test/ipt/firewall1.fw.orig
index 31d9d35de..e81081066 100755
--- a/test/ipt/firewall1.fw.orig
+++ b/test/ipt/firewall1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:39 2011 PDT by vadim
+#  Generated Thu May 26 14:14:27 2011 PDT by vadim
 #
 # files: * firewall1.fw /etc/fw/firewall1.fw
 #
@@ -1269,7 +1269,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:39 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall10.fw.orig b/test/ipt/firewall10.fw.orig
index d735537af..631b71454 100755
--- a/test/ipt/firewall10.fw.orig
+++ b/test/ipt/firewall10.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:39 2011 PDT by vadim
+#  Generated Thu May 26 14:14:27 2011 PDT by vadim
 #
 # files: * firewall10.fw /etc/fw/firewall10.fw
 #
@@ -494,7 +494,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:39 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:27 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall11.fw.orig b/test/ipt/firewall11.fw.orig
index d12944ba2..20b837751 100755
--- a/test/ipt/firewall11.fw.orig
+++ b/test/ipt/firewall11.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:42 2011 PDT by vadim
+#  Generated Thu May 26 14:14:32 2011 PDT by vadim
 #
 # files: * firewall11.fw /etc/fw/firewall11.fw
 #
@@ -614,7 +614,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:42 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall12.fw.orig b/test/ipt/firewall12.fw.orig
index c8a7eddcc..fbaeb7d07 100755
--- a/test/ipt/firewall12.fw.orig
+++ b/test/ipt/firewall12.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:42 2011 PDT by vadim
+#  Generated Thu May 26 14:14:32 2011 PDT by vadim
 #
 # files: * firewall12.fw /etc/fw/firewall12.fw
 #
@@ -532,7 +532,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:42 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:32 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall13.fw.orig b/test/ipt/firewall13.fw.orig
index f994c89bf..f7e669ed0 100755
--- a/test/ipt/firewall13.fw.orig
+++ b/test/ipt/firewall13.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:44 2011 PDT by vadim
+#  Generated Thu May 26 14:14:37 2011 PDT by vadim
 #
 # files: * firewall13.fw /etc/fw/firewall13.fw
 #
@@ -406,7 +406,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:44 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall14.fw.orig b/test/ipt/firewall14.fw.orig
index 044247770..000200da3 100755
--- a/test/ipt/firewall14.fw.orig
+++ b/test/ipt/firewall14.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:44 2011 PDT by vadim
+#  Generated Thu May 26 14:14:37 2011 PDT by vadim
 #
 # files: * firewall14.fw /etc/fw/firewall14.fw
 #
@@ -425,7 +425,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:44 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:37 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall15.fw.orig b/test/ipt/firewall15.fw.orig
index b1e772605..ab64c61e6 100755
--- a/test/ipt/firewall15.fw.orig
+++ b/test/ipt/firewall15.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:47 2011 PDT by vadim
+#  Generated Thu May 26 14:14:42 2011 PDT by vadim
 #
 # files: * firewall15.fw /etc/fw/firewall15.fw
 #
@@ -409,7 +409,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:47 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall16.fw.orig b/test/ipt/firewall16.fw.orig
index 7fad1cf37..e6240b984 100755
--- a/test/ipt/firewall16.fw.orig
+++ b/test/ipt/firewall16.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:47 2011 PDT by vadim
+#  Generated Thu May 26 14:14:42 2011 PDT by vadim
 #
 # files: * firewall16.fw /etc/fw/firewall16.fw
 #
@@ -513,7 +513,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:47 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:42 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall17.fw.orig b/test/ipt/firewall17.fw.orig
index a6911c4a1..9c636b052 100755
--- a/test/ipt/firewall17.fw.orig
+++ b/test/ipt/firewall17.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:49 2011 PDT by vadim
+#  Generated Thu May 26 14:14:46 2011 PDT by vadim
 #
 # files: * firewall17.fw /etc/fw/firewall17.fw
 #
@@ -492,7 +492,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:49 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall18.fw.orig b/test/ipt/firewall18.fw.orig
index 3ff54f76c..96a457189 100755
--- a/test/ipt/firewall18.fw.orig
+++ b/test/ipt/firewall18.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:50 2011 PDT by vadim
+#  Generated Thu May 26 14:14:46 2011 PDT by vadim
 #
 # files: * firewall18.fw /etc/fw/firewall18.fw
 #
@@ -527,7 +527,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:50 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:46 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall19.fw.orig b/test/ipt/firewall19.fw.orig
index 60a890170..faa1c3dd4 100755
--- a/test/ipt/firewall19.fw.orig
+++ b/test/ipt/firewall19.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:52 2011 PDT by vadim
+#  Generated Thu May 26 14:14:51 2011 PDT by vadim
 #
 # files: * firewall19.fw /etc/fw/firewall19.fw
 #
@@ -531,7 +531,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:52 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:51 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2-1.fw.orig b/test/ipt/firewall2-1.fw.orig
index 6260a872a..f803b046d 100755
--- a/test/ipt/firewall2-1.fw.orig
+++ b/test/ipt/firewall2-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:00 2011 PDT by vadim
+#  Generated Thu May 26 14:15:04 2011 PDT by vadim
 #
 # files: * firewall2-1.fw /etc/fw/firewall2-1.fw
 #
@@ -1451,7 +1451,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:00 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:04 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2-2.fw.orig b/test/ipt/firewall2-2.fw.orig
index 1682ecc84..1c0caef4d 100755
--- a/test/ipt/firewall2-2.fw.orig
+++ b/test/ipt/firewall2-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:04 2011 PDT by vadim
+#  Generated Thu May 26 14:15:09 2011 PDT by vadim
 #
 # files: * firewall2-2.fw /etc/fw/firewall2-2.fw
 #
@@ -1280,7 +1280,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:04 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:09 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2-3.fw.orig b/test/ipt/firewall2-3.fw.orig
index 7296cde7a..6dfad128c 100755
--- a/test/ipt/firewall2-3.fw.orig
+++ b/test/ipt/firewall2-3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:05 2011 PDT by vadim
+#  Generated Thu May 26 14:15:13 2011 PDT by vadim
 #
 # files: * firewall2-3.fw /etc/fw/firewall2-3.fw
 #
@@ -1139,7 +1139,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:05 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2-4.fw.orig b/test/ipt/firewall2-4.fw.orig
index f05ca4221..3d5c85b99 100755
--- a/test/ipt/firewall2-4.fw.orig
+++ b/test/ipt/firewall2-4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:08 2011 PDT by vadim
+#  Generated Thu May 26 14:15:18 2011 PDT by vadim
 #
 # files: * firewall2-4.fw /etc/fw/firewall2-4.fw
 #
@@ -445,7 +445,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:08 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:18 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2-5.fw.orig b/test/ipt/firewall2-5.fw.orig
index 02ca64a94..379eb75b6 100755
--- a/test/ipt/firewall2-5.fw.orig
+++ b/test/ipt/firewall2-5.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:10 2011 PDT by vadim
+#  Generated Thu May 26 14:15:22 2011 PDT by vadim
 #
 # files: * firewall2-5.fw /etc/fw/firewall2-5.fw
 #
@@ -476,7 +476,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:10 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2-6.fw.orig b/test/ipt/firewall2-6.fw.orig
index caf4977b1..fa9bac028 100755
--- a/test/ipt/firewall2-6.fw.orig
+++ b/test/ipt/firewall2-6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:12 2011 PDT by vadim
+#  Generated Thu May 26 14:15:27 2011 PDT by vadim
 #
 # files: * firewall2-6.fw /etc/fw/firewall2-6.fw
 #
@@ -503,7 +503,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:12 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2-7.fw.orig b/test/ipt/firewall2-7.fw.orig
index 797895a45..03929473c 100755
--- a/test/ipt/firewall2-7.fw.orig
+++ b/test/ipt/firewall2-7.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:14 2011 PDT by vadim
+#  Generated Thu May 26 14:15:32 2011 PDT by vadim
 #
 # files: * firewall2-7.fw /etc/fw/firewall2-7.fw
 #
@@ -445,7 +445,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:14 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall2.fw.orig b/test/ipt/firewall2.fw.orig
index a064a9502..4293f5efd 100755
--- a/test/ipt/firewall2.fw.orig
+++ b/test/ipt/firewall2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:54 2011 PDT by vadim
+#  Generated Thu May 26 14:14:53 2011 PDT by vadim
 #
 # files: * firewall2.fw /etc/fw/firewall2.fw
 #
@@ -1503,7 +1503,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:54 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:53 2011 by vadim"
         check_tools
         
         check_run_time_address_table_files
diff --git a/test/ipt/firewall20-ipv6.fw.orig b/test/ipt/firewall20-ipv6.fw.orig
index bac5c263f..1c90f7ed8 100755
--- a/test/ipt/firewall20-ipv6.fw.orig
+++ b/test/ipt/firewall20-ipv6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:56 2011 PDT by vadim
+#  Generated Thu May 26 14:14:57 2011 PDT by vadim
 #
 # files: * firewall20-ipv6.fw /etc/fw/firewall20-ipv6.fw
 #
@@ -477,7 +477,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:56 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:57 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall20.fw.orig b/test/ipt/firewall20.fw.orig
index bba76e72c..528da7364 100755
--- a/test/ipt/firewall20.fw.orig
+++ b/test/ipt/firewall20.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:54 2011 PDT by vadim
+#  Generated Thu May 26 14:14:54 2011 PDT by vadim
 #
 # files: * firewall20.fw /etc/fw/firewall20.fw
 #
@@ -695,7 +695,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:54 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:54 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall21-1.fw.orig b/test/ipt/firewall21-1.fw.orig
index d74accfed..0e4b7557b 100755
--- a/test/ipt/firewall21-1.fw.orig
+++ b/test/ipt/firewall21-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:58 2011 PDT by vadim
+#  Generated Thu May 26 14:15:02 2011 PDT by vadim
 #
 # files: * firewall21-1.fw /etc/fw/firewall21-1.fw
 #
@@ -495,7 +495,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:58 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:02 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall21.fw.orig b/test/ipt/firewall21.fw.orig
index 01ae3f8fb..6f64547d8 100755
--- a/test/ipt/firewall21.fw.orig
+++ b/test/ipt/firewall21.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:39:56 2011 PDT by vadim
+#  Generated Thu May 26 14:14:58 2011 PDT by vadim
 #
 # files: * firewall21.fw /etc/fw/firewall21.fw
 #
@@ -494,7 +494,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:39:56 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:14:58 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall22.fw.orig b/test/ipt/firewall22.fw.orig
index b4c3903f6..7d302e632 100755
--- a/test/ipt/firewall22.fw.orig
+++ b/test/ipt/firewall22.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:00 2011 PDT by vadim
+#  Generated Thu May 26 14:15:05 2011 PDT by vadim
 #
 # files: * firewall22.fw /etc/fw/firewall22.fw
 #
@@ -411,7 +411,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:00 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:05 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall23-1.fw.orig b/test/ipt/firewall23-1.fw.orig
index a53862da9..993e3eaf2 100755
--- a/test/ipt/firewall23-1.fw.orig
+++ b/test/ipt/firewall23-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:06 2011 PDT by vadim
+#  Generated Thu May 26 14:15:13 2011 PDT by vadim
 #
 # files: * firewall23-1.fw /etc/fw/firewall23-1.fw
 #
@@ -585,7 +585,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:06 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:13 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall23.fw.orig b/test/ipt/firewall23.fw.orig
index 717ff5b83..8771bd4b3 100755
--- a/test/ipt/firewall23.fw.orig
+++ b/test/ipt/firewall23.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:03 2011 PDT by vadim
+#  Generated Thu May 26 14:15:08 2011 PDT by vadim
 #
 # files: * firewall23.fw /etc/fw/firewall23.fw
 #
@@ -497,7 +497,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:03 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:08 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall24.fw.orig b/test/ipt/firewall24.fw.orig
index af615742e..dd480d7bd 100755
--- a/test/ipt/firewall24.fw.orig
+++ b/test/ipt/firewall24.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:07 2011 PDT by vadim
+#  Generated Thu May 26 14:15:17 2011 PDT by vadim
 #
 # files: * firewall24.fw /etc/fw/firewall24.fw
 #
@@ -514,7 +514,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:07 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:17 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall25.fw.orig b/test/ipt/firewall25.fw.orig
index 8bc5dfa94..e7f1189a7 100755
--- a/test/ipt/firewall25.fw.orig
+++ b/test/ipt/firewall25.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:10 2011 PDT by vadim
+#  Generated Thu May 26 14:15:22 2011 PDT by vadim
 #
 # files: * firewall25.fw /etc/fw/firewall25.fw
 #
@@ -705,7 +705,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:10 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:22 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall26.fw.orig b/test/ipt/firewall26.fw.orig
index 14b328e85..80ca94f89 100755
--- a/test/ipt/firewall26.fw.orig
+++ b/test/ipt/firewall26.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:12 2011 PDT by vadim
+#  Generated Thu May 26 14:15:27 2011 PDT by vadim
 #
 # files: * firewall26.fw /etc/fw/firewall26.fw
 #
@@ -585,7 +585,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:12 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:27 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall27.fw.orig b/test/ipt/firewall27.fw.orig
index 85d3aa648..24594208f 100755
--- a/test/ipt/firewall27.fw.orig
+++ b/test/ipt/firewall27.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:14 2011 PDT by vadim
+#  Generated Thu May 26 14:15:32 2011 PDT by vadim
 #
 # files: * firewall27.fw /etc/fw/firewall27.fw
 #
@@ -567,7 +567,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:14 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:32 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall28.fw.orig b/test/ipt/firewall28.fw.orig
index 1c9d8568a..454b60a36 100755
--- a/test/ipt/firewall28.fw.orig
+++ b/test/ipt/firewall28.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:17 2011 PDT by vadim
+#  Generated Thu May 26 14:15:36 2011 PDT by vadim
 #
 # files: * firewall28.fw /etc/fw/firewall28.fw
 #
@@ -430,7 +430,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:17 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall29.fw.orig b/test/ipt/firewall29.fw.orig
index 667c0c1d2..3579ca58f 100755
--- a/test/ipt/firewall29.fw.orig
+++ b/test/ipt/firewall29.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:17 2011 PDT by vadim
+#  Generated Thu May 26 14:15:36 2011 PDT by vadim
 #
 # files: * firewall29.fw /etc/fw/firewall29.fw
 #
@@ -465,7 +465,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:17 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:36 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall3.fw.orig b/test/ipt/firewall3.fw.orig
index 26d99d2bc..9af6f7918 100755
--- a/test/ipt/firewall3.fw.orig
+++ b/test/ipt/firewall3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:19 2011 PDT by vadim
+#  Generated Thu May 26 14:15:41 2011 PDT by vadim
 #
 # files: * firewall3.fw /etc/fw/firewall3.fw
 #
@@ -599,7 +599,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall30.fw.orig b/test/ipt/firewall30.fw.orig
index 6415a2c39..fd21049ae 100755
--- a/test/ipt/firewall30.fw.orig
+++ b/test/ipt/firewall30.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:19 2011 PDT by vadim
+#  Generated Thu May 26 14:15:41 2011 PDT by vadim
 #
 # files: * firewall30.fw /etc/fw/firewall30.fw
 #
@@ -396,7 +396,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:41 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall31.fw.orig b/test/ipt/firewall31.fw.orig
index b6f8e0437..891064c1e 100755
--- a/test/ipt/firewall31.fw.orig
+++ b/test/ipt/firewall31.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:22 2011 PDT by vadim
+#  Generated Thu May 26 14:15:45 2011 PDT by vadim
 #
 # files: * firewall31.fw /etc/fw/firewall31.fw
 #
@@ -468,7 +468,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:22 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall32.fw.orig b/test/ipt/firewall32.fw.orig
index 2d981eeb2..f000a7924 100755
--- a/test/ipt/firewall32.fw.orig
+++ b/test/ipt/firewall32.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:22 2011 PDT by vadim
+#  Generated Thu May 26 14:15:45 2011 PDT by vadim
 #
 # files: * firewall32.fw /etc/fw/firewall32.fw
 #
@@ -439,7 +439,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:22 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:45 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall33-1.fw.orig b/test/ipt/firewall33-1.fw.orig
index c7c2e5a71..696c6026f 100755
--- a/test/ipt/firewall33-1.fw.orig
+++ b/test/ipt/firewall33-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:29 2011 PDT by vadim
+#  Generated Thu May 26 14:15:50 2011 PDT by vadim
 #
 # files: * firewall33-1.fw /etc/fw/firewall33-1.fw
 #
@@ -416,12 +416,11 @@ script_body() {
     # 
     $IPTABLES -N Cid438728A918346.0
     $IPTABLES -A Policy  -m state --state NEW  -j Cid438728A918346.0
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.99   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.103   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.104   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.105   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.106   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.147   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.112   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.113   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.114   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.115   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.116   -j RETURN
     $IPTABLES -A Cid438728A918346.0  -d 157.166.224.25   -j RETURN
     $IPTABLES -A Cid438728A918346.0  -d 157.166.224.26   -j RETURN
     $IPTABLES -A Cid438728A918346.0  -d 157.166.226.25   -j RETURN
@@ -547,7 +546,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:29 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:50 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall33.fw.orig b/test/ipt/firewall33.fw.orig
index 246998a23..ed33fea49 100755
--- a/test/ipt/firewall33.fw.orig
+++ b/test/ipt/firewall33.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:29 2011 PDT by vadim
+#  Generated Thu May 26 14:15:51 2011 PDT by vadim
 #
 # files: * firewall33.fw /etc/fw/firewall33.fw
 #
@@ -466,12 +466,11 @@ script_body() {
     $IPTABLES -A OUTPUT  -m state --state NEW  -j Cid438728A918346.0
     $IPTABLES -A INPUT  -m state --state NEW  -j Cid438728A918346.0
     $IPTABLES -A FORWARD  -m state --state NEW  -j Cid438728A918346.0
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.99   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.103   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.104   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.105   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.106   -j RETURN
-    $IPTABLES -A Cid438728A918346.0  -d 74.125.153.147   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.112   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.113   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.114   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.115   -j RETURN
+    $IPTABLES -A Cid438728A918346.0  -d 74.125.224.116   -j RETURN
     $IPTABLES -A Cid438728A918346.0  -d 157.166.224.25   -j RETURN
     $IPTABLES -A Cid438728A918346.0  -d 157.166.224.26   -j RETURN
     $IPTABLES -A Cid438728A918346.0  -d 157.166.226.25   -j RETURN
@@ -596,7 +595,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:29 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:51 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall34.fw.orig b/test/ipt/firewall34.fw.orig
index 4c42d346c..51f624e39 100755
--- a/test/ipt/firewall34.fw.orig
+++ b/test/ipt/firewall34.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:31 2011 PDT by vadim
+#  Generated Thu May 26 14:15:55 2011 PDT by vadim
 #
 # files: * firewall34.fw /etc/fw/firewall34.fw
 #
@@ -671,7 +671,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:31 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall35.fw.orig b/test/ipt/firewall35.fw.orig
index 8f3307e2e..2d3f88480 100755
--- a/test/ipt/firewall35.fw.orig
+++ b/test/ipt/firewall35.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:31 2011 PDT by vadim
+#  Generated Thu May 26 14:15:55 2011 PDT by vadim
 #
 # files: * firewall35.fw /etc/fw/firewall35.fw
 #
@@ -563,7 +563,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:31 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:15:55 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall36-1.fw.orig b/test/ipt/firewall36-1.fw.orig
index 6cdd76d0a..ff0812222 100755
--- a/test/ipt/firewall36-1.fw.orig
+++ b/test/ipt/firewall36-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:34 2011 PDT by vadim
+#  Generated Thu May 26 14:16:00 2011 PDT by vadim
 #
 # files: * firewall36-1.fw /etc/firewall36-1.fw
 #
@@ -454,7 +454,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:34 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall36-2.fw.orig b/test/ipt/firewall36-2.fw.orig
index b468ac6a9..8721bdf0c 100755
--- a/test/ipt/firewall36-2.fw.orig
+++ b/test/ipt/firewall36-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:36 2011 PDT by vadim
+#  Generated Thu May 26 14:16:04 2011 PDT by vadim
 #
 # files: * firewall36-2.fw /etc/firewall36-2.fw
 #
@@ -454,7 +454,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:36 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:04 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall36.fw.orig b/test/ipt/firewall36.fw.orig
index 34626a2c3..a94850c9d 100755
--- a/test/ipt/firewall36.fw.orig
+++ b/test/ipt/firewall36.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:33 2011 PDT by vadim
+#  Generated Thu May 26 14:16:00 2011 PDT by vadim
 #
 # files: * firewall36.fw /etc/firewall36.fw
 #
@@ -518,7 +518,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:33 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:00 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall37-1.fw.orig b/test/ipt/firewall37-1.fw.orig
index 1081b4af8..2bbd5f7d7 100755
--- a/test/ipt/firewall37-1.fw.orig
+++ b/test/ipt/firewall37-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:38 2011 PDT by vadim
+#  Generated Thu May 26 14:16:07 2011 PDT by vadim
 #
 # files: * firewall37-1.fw /etc/fw/firewall37-1.fw
 #
@@ -987,7 +987,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:38 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:07 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall37-2.fw.orig b/test/ipt/firewall37-2.fw.orig
index 1538c4dbf..a19a4cf5c 100755
--- a/test/ipt/firewall37-2.fw.orig
+++ b/test/ipt/firewall37-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:39 2011 PDT by vadim
+#  Generated Thu May 26 14:16:09 2011 PDT by vadim
 #
 # files: * firewall37-2.fw /etc/fw/firewall37-2.fw
 #
@@ -328,6 +328,14 @@ script_body() {
 
 
 
+    # ================ Table 'mangle', rule set classify_2
+    # 
+    # Rule classify_2 0 (global)
+    # 
+    echo "Rule classify_2 0 (global)"
+    # 
+    $IPTABLES -N classify_2 -t mangle
+    $IPTABLES -t mangle -A classify_2  -s 192.168.1.0/24   -j CLASSIFY --set-class 1:12
     # ================ Table 'mangle', rule set Policy
     # 
     # Rule 0 (eth0)
@@ -497,6 +505,38 @@ script_body() {
     $IPTABLES -t mangle -A POSTROUTING -i eth0   -s 192.168.1.0/24   -j Cid994761X26049.1
     $IPTABLES -t mangle -A Cid994761X26049.1 -p icmp  -m icmp  --icmp-type 8/0   -j CLASSIFY --set-class 1:2
     $IPTABLES -t mangle -A Cid994761X26049.1 -p tcp -m tcp  --dport 80  -j CLASSIFY --set-class 1:2
+    # 
+    # Rule 16 (global)
+    # 
+    echo "Rule 16 (global)"
+    # 
+    # test for #2405
+    # branching in mangle; branch rule set
+    # uses CLASSIFY that is ivalid in PREROUTING
+    # "Assume fw is part of any" is off for this rule
+    $IPTABLES -t mangle -A PREROUTING  -j classify_2
+    $IPTABLES -t mangle -A POSTROUTING  -j classify_2
+    $IPTABLES -t mangle -A FORWARD  -j classify_2
+    # 
+    # Rule 17 (global)
+    # 
+    echo "Rule 17 (global)"
+    # 
+    # test for #2405
+    # branching in mangle; branch rule set
+    # uses CLASSIFY that is ivalid in PREROUTING
+    # "Assume fw is part of any" is off for this rule
+    # Should create branch in OUTPUT instead of 
+    # enumerating all ip addresses of the fw in PREROUTING
+    $IPTABLES -t mangle -A PREROUTING  -s 22.22.23.22   -j classify_2
+    $IPTABLES -t mangle -A PREROUTING  -s 192.168.1.22   -j classify_2
+    $IPTABLES -t mangle -A PREROUTING  -s 192.168.2.1   -j classify_2
+    $IPTABLES -t mangle -A POSTROUTING  -s 22.22.23.22   -j classify_2
+    $IPTABLES -t mangle -A POSTROUTING  -s 192.168.1.22   -j classify_2
+    $IPTABLES -t mangle -A POSTROUTING  -s 192.168.2.1   -j classify_2
+    $IPTABLES -t mangle -A FORWARD  -s 22.22.23.22   -j classify_2
+    $IPTABLES -t mangle -A FORWARD  -s 192.168.1.22   -j classify_2
+    $IPTABLES -t mangle -A FORWARD  -s 192.168.2.1   -j classify_2
 
     # ================ Table 'filter', rule set Policy
     # 
@@ -580,12 +620,35 @@ script_body() {
     # 
     echo "Rule 16 (global)"
     # 
-    $IPTABLES -N RULE_16
-    $IPTABLES -A OUTPUT  -j RULE_16
-    $IPTABLES -A INPUT  -j RULE_16
-    $IPTABLES -A FORWARD  -j RULE_16
-    $IPTABLES -A RULE_16  -j LOG  --log-level info --log-prefix "RULE 16 -- DENY "
-    $IPTABLES -A RULE_16  -j DROP
+    # test for #2405
+    # branching in mangle; branch rule set
+    # uses CLASSIFY that is ivalid in PREROUTING
+    # "Assume fw is part of any" is off for this rule
+    $IPTABLES -N classify_2
+    $IPTABLES -A FORWARD  -j classify_2
+    # 
+    # Rule 17 (global)
+    # 
+    echo "Rule 17 (global)"
+    # 
+    # test for #2405
+    # branching in mangle; branch rule set
+    # uses CLASSIFY that is ivalid in PREROUTING
+    # "Assume fw is part of any" is off for this rule
+    # Should create branch in OUTPUT instead of 
+    # enumerating all ip addresses of the fw in PREROUTING
+    $IPTABLES -A OUTPUT  -j classify_2
+    # 
+    # Rule 18 (global)
+    # 
+    echo "Rule 18 (global)"
+    # 
+    $IPTABLES -N RULE_18
+    $IPTABLES -A OUTPUT  -j RULE_18
+    $IPTABLES -A INPUT  -j RULE_18
+    $IPTABLES -A FORWARD  -j RULE_18
+    $IPTABLES -A RULE_18  -j LOG  --log-level info --log-prefix "RULE 18 -- DENY "
+    $IPTABLES -A RULE_18  -j DROP
 }
 
 ip_forward() {
@@ -641,7 +704,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:39 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:09 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall37.fw.orig b/test/ipt/firewall37.fw.orig
index 4e7d5e380..bb2dc3d29 100755
--- a/test/ipt/firewall37.fw.orig
+++ b/test/ipt/firewall37.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:41 2011 PDT by vadim
+#  Generated Thu May 26 14:16:05 2011 PDT by vadim
 #
 # files: * firewall37.fw /etc/fw/firewall37.fw
 #
@@ -618,21 +618,29 @@ script_body() {
     # 
     echo "Rule 30 (global)"
     # 
+    $IPTABLES -t mangle -A POSTROUTING  -s 22.22.23.22   -j CLASSIFY --set-class 1:2
+    $IPTABLES -t mangle -A POSTROUTING  -s 192.168.1.22   -j CLASSIFY --set-class 1:2
+    $IPTABLES -t mangle -A POSTROUTING  -s 192.168.2.1   -j CLASSIFY --set-class 1:2
+    # 
+    # Rule 31 (global)
+    # 
+    echo "Rule 31 (global)"
+    # 
     # testing for bug #1618381
     # classify action is non-terminating
     # in this firewall object
     $IPTABLES -t mangle -A POSTROUTING -p icmp  -m icmp  --icmp-type 3  -j CLASSIFY --set-class 1:10
     # 
-    # Rule 31 (eth0)
+    # Rule 32 (eth0)
     # 
-    echo "Rule 31 (eth0)"
+    echo "Rule 32 (eth0)"
     # 
     # second rule for bug #1618381
     $IPTABLES -t mangle -A POSTROUTING -o eth0   -j CLASSIFY --set-class 1:11
     # 
-    # Rule 32 (global)
+    # Rule 33 (global)
     # 
-    echo "Rule 32 (global)"
+    echo "Rule 33 (global)"
     # 
     # testing for bug #1618381
     $IPTABLES -N Cid459A026219324.0 -t mangle
@@ -641,9 +649,9 @@ script_body() {
     $IPTABLES -t mangle -A Cid459A026219324.0  -s 192.168.2.0/24   -j RETURN
     $IPTABLES -t mangle -A Cid459A026219324.0  -j CLASSIFY --set-class 1:10
     # 
-    # Rule 33 (global)
+    # Rule 34 (global)
     # 
-    echo "Rule 33 (global)"
+    echo "Rule 34 (global)"
     # 
     # testing for bug #1618381
     $IPTABLES -N Cid459A5AFB19324.0 -t mangle
@@ -653,9 +661,9 @@ script_body() {
     $IPTABLES -t mangle -A Cid459A5AFB19324.0  -s 192.168.2.0/24   -j RETURN
     $IPTABLES -t mangle -A Cid459A5AFB19324.0  -j CLASSIFY --set-class 1:10
     # 
-    # Rule 34 (eth0)
+    # Rule 35 (eth0)
     # 
-    echo "Rule 34 (eth0)"
+    echo "Rule 35 (eth0)"
     # 
     # bug #1618381
     # this rule uses multiport
@@ -665,9 +673,9 @@ script_body() {
     $IPTABLES -t mangle -A POSTROUTING -o eth0  -p tcp -m tcp  -m multiport  --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540  -j CLASSIFY --set-class 1:11
     $IPTABLES -t mangle -A POSTROUTING -o eth0  -p udp -m udp  -m multiport  --dports 53,161  -j CLASSIFY --set-class 1:11
     # 
-    # Rule 36 (global)
+    # Rule 37 (global)
     # 
-    echo "Rule 36 (global)"
+    echo "Rule 37 (global)"
     # 
     $IPTABLES -t mangle -A PREROUTING  -j mymark
     $IPTABLES -t mangle -A POSTROUTING  -j mymark
@@ -1150,9 +1158,9 @@ script_body() {
     $IPTABLES -A Out_RULE_29  -j LOG  --log-level info --log-prefix "RULE 29 -- ACCEPT "
     $IPTABLES -A Out_RULE_29  -j ACCEPT
     # 
-    # Rule 30 (global)
+    # Rule 31 (global)
     # 
-    echo "Rule 30 (global)"
+    echo "Rule 31 (global)"
     # 
     # testing for bug #1618381
     # classify action is non-terminating
@@ -1161,9 +1169,9 @@ script_body() {
     $IPTABLES -A INPUT -p icmp  -m icmp  --icmp-type 3  -j ACCEPT
     $IPTABLES -A FORWARD -p icmp  -m icmp  --icmp-type 3  -j ACCEPT
     # 
-    # Rule 31 (eth0)
+    # Rule 32 (eth0)
     # 
-    echo "Rule 31 (eth0)"
+    echo "Rule 32 (eth0)"
     # 
     # second rule for bug #1618381
     $IPTABLES -A INPUT -i eth0   -j ACCEPT
@@ -1171,9 +1179,9 @@ script_body() {
     $IPTABLES -A OUTPUT -o eth0   -j ACCEPT
     $IPTABLES -A FORWARD -o eth0   -j ACCEPT
     # 
-    # Rule 32 (global)
+    # Rule 33 (global)
     # 
-    echo "Rule 32 (global)"
+    echo "Rule 33 (global)"
     # 
     # testing for bug #1618381
     $IPTABLES -N Cid459A026219324.0
@@ -1184,9 +1192,9 @@ script_body() {
     $IPTABLES -A Cid459A026219324.0  -s 192.168.2.0/24   -j RETURN
     $IPTABLES -A Cid459A026219324.0  -j ACCEPT
     # 
-    # Rule 33 (global)
+    # Rule 34 (global)
     # 
-    echo "Rule 33 (global)"
+    echo "Rule 34 (global)"
     # 
     # testing for bug #1618381
     $IPTABLES -N Cid459A5AFB19324.0
@@ -1200,9 +1208,9 @@ script_body() {
     $IPTABLES -A Cid459A5AFB19324.0  -s 192.168.2.0/24   -j RETURN
     $IPTABLES -A Cid459A5AFB19324.0  -j ACCEPT
     # 
-    # Rule 34 (eth0)
+    # Rule 35 (eth0)
     # 
-    echo "Rule 34 (eth0)"
+    echo "Rule 35 (eth0)"
     # 
     # bug #1618381
     # this rule uses multiport
@@ -1221,24 +1229,13 @@ script_body() {
     $IPTABLES -A FORWARD -o eth0  -p tcp -m tcp  -m multiport  --dports 113,13,53,2105,21,70,80,443,6667,119,25,3128,22,23,540  -j ACCEPT
     $IPTABLES -A FORWARD -o eth0  -p udp -m udp  -m multiport  --dports 53,161  -j ACCEPT
     # 
-    # Rule 35 (global)
-    # 
-    echo "Rule 35 (global)"
-    # 
-    $IPTABLES -A INPUT  -s 192.168.1.0/24   -j TCPMSS --set-mss 1400
-    $IPTABLES -A OUTPUT  -s 192.168.1.0/24   -j TCPMSS --set-mss 1400
-    $IPTABLES -A FORWARD  -s 192.168.1.0/24   -j TCPMSS --set-mss 1400
-    # 
     # Rule 36 (global)
     # 
     echo "Rule 36 (global)"
     # 
-    $IPTABLES -N RULE_36
-    $IPTABLES -A OUTPUT  -j RULE_36
-    $IPTABLES -A INPUT  -j RULE_36
-    $IPTABLES -A FORWARD  -j RULE_36
-    $IPTABLES -A RULE_36  -j LOG  --log-level info --log-prefix "RULE 36 -- BRANCH "
-    $IPTABLES -A RULE_36  -j mymark
+    $IPTABLES -A INPUT  -s 192.168.1.0/24   -j TCPMSS --set-mss 1400
+    $IPTABLES -A OUTPUT  -s 192.168.1.0/24   -j TCPMSS --set-mss 1400
+    $IPTABLES -A FORWARD  -s 192.168.1.0/24   -j TCPMSS --set-mss 1400
     # 
     # Rule 37 (global)
     # 
@@ -1248,8 +1245,19 @@ script_body() {
     $IPTABLES -A OUTPUT  -j RULE_37
     $IPTABLES -A INPUT  -j RULE_37
     $IPTABLES -A FORWARD  -j RULE_37
-    $IPTABLES -A RULE_37  -j LOG  --log-level info --log-prefix "RULE 37 -- DENY "
-    $IPTABLES -A RULE_37  -j DROP
+    $IPTABLES -A RULE_37  -j LOG  --log-level info --log-prefix "RULE 37 -- BRANCH "
+    $IPTABLES -A RULE_37  -j mymark
+    # 
+    # Rule 38 (global)
+    # 
+    echo "Rule 38 (global)"
+    # 
+    $IPTABLES -N RULE_38
+    $IPTABLES -A OUTPUT  -j RULE_38
+    $IPTABLES -A INPUT  -j RULE_38
+    $IPTABLES -A FORWARD  -j RULE_38
+    $IPTABLES -A RULE_38  -j LOG  --log-level info --log-prefix "RULE 38 -- DENY "
+    $IPTABLES -A RULE_38  -j DROP
 }
 
 ip_forward() {
@@ -1305,7 +1313,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:41 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:05 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall38.fw.orig b/test/ipt/firewall38.fw.orig
index 75e978093..57a5dc774 100755
--- a/test/ipt/firewall38.fw.orig
+++ b/test/ipt/firewall38.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:41 2011 PDT by vadim
+#  Generated Thu May 26 14:16:11 2011 PDT by vadim
 #
 # files: * firewall38.fw /etc/fw/firewall38.fw
 #
@@ -540,7 +540,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:41 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:11 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall39.fw.orig b/test/ipt/firewall39.fw.orig
index 423df29fc..f7fa63d5c 100755
--- a/test/ipt/firewall39.fw.orig
+++ b/test/ipt/firewall39.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:43 2011 PDT by vadim
+#  Generated Thu May 26 14:16:13 2011 PDT by vadim
 #
 # files: * firewall39.fw /etc/fw/firewall39.fw
 #
@@ -820,7 +820,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:43 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:13 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall4.fw.orig b/test/ipt/firewall4.fw.orig
index ad7ab412a..62ffcd1a1 100755
--- a/test/ipt/firewall4.fw.orig
+++ b/test/ipt/firewall4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:44 2011 PDT by vadim
+#  Generated Thu May 26 14:16:14 2011 PDT by vadim
 #
 # files: * firewall4.fw /etc/fw/firewall4.fw
 #
@@ -733,7 +733,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:44 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:14 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall40-1.fw.orig b/test/ipt/firewall40-1.fw.orig
index 9f1e85576..18cee16b5 100755
--- a/test/ipt/firewall40-1.fw.orig
+++ b/test/ipt/firewall40-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:46 2011 PDT by vadim
+#  Generated Thu May 26 14:16:18 2011 PDT by vadim
 #
 # files: * firewall40-1.fw /etc/firewall40-1.fw
 #
@@ -12,8 +12,8 @@
 #
 # more complex and realistic combination of Tag and Route rules that are in the separate Policy rule set
 
-# firewall40-1:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
-# firewall40-1:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
+# firewall40-1:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
+# firewall40-1:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
 
 
 FWBDEBUG=""
@@ -462,7 +462,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:46 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:18 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall40-2.fw.orig b/test/ipt/firewall40-2.fw.orig
index f4c16bb8c..d9c92cf34 100755
--- a/test/ipt/firewall40-2.fw.orig
+++ b/test/ipt/firewall40-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:47 2011 PDT by vadim
+#  Generated Thu May 26 14:16:20 2011 PDT by vadim
 #
 # files: * firewall40-2.fw /etc/firewall40-2.fw
 #
@@ -12,8 +12,8 @@
 #
 # more complex and realistic combination of Tag and Route rules that are in the separate Policy rule set. Here the top Policy rule set is empty
 
-# firewall40-2:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
-# firewall40-2:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
+# firewall40-2:Policy_1:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
+# firewall40-2:Policy_1:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
 
 
 FWBDEBUG=""
@@ -449,7 +449,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:47 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:20 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall40.fw.orig b/test/ipt/firewall40.fw.orig
index dfbce9b2f..3b65d667f 100755
--- a/test/ipt/firewall40.fw.orig
+++ b/test/ipt/firewall40.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:45 2011 PDT by vadim
+#  Generated Thu May 26 14:16:17 2011 PDT by vadim
 #
 # files: * firewall40.fw /etc/firewall40.fw
 #
@@ -12,8 +12,8 @@
 #
 # more complex and realistic combination of Tag and Route rules
 
-# firewall40:Policy:3: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
-# firewall40:Policy:4: error: Option Route is deprecated. You can use Custom Action to geenrate iptables command using '-j ROUTE' target if it is supported by your firewall OS
+# firewall40:Policy:3: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
+# firewall40:Policy:4: error: Option Route is deprecated. You can use Custom Action to generate iptables command using '-j ROUTE' target if it is supported by your firewall OS
 
 
 FWBDEBUG=""
@@ -455,7 +455,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:45 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:17 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall41-1.fw.orig b/test/ipt/firewall41-1.fw.orig
index 67e50b50e..87c77a96a 100755
--- a/test/ipt/firewall41-1.fw.orig
+++ b/test/ipt/firewall41-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:49 2011 PDT by vadim
+#  Generated Thu May 26 14:16:24 2011 PDT by vadim
 #
 # files: * firewall41-1.fw /etc/firewall41-1.fw
 #
@@ -596,7 +596,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:49 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:24 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall41.fw.orig b/test/ipt/firewall41.fw.orig
index 0a2e9b659..347bed83f 100755
--- a/test/ipt/firewall41.fw.orig
+++ b/test/ipt/firewall41.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:50 2011 PDT by vadim
+#  Generated Thu May 26 14:16:22 2011 PDT by vadim
 #
 # files: * firewall41.fw /etc/firewall41.fw
 #
@@ -480,7 +480,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:50 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:22 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall42.fw.orig b/test/ipt/firewall42.fw.orig
index ba7f07928..1178a52bb 100755
--- a/test/ipt/firewall42.fw.orig
+++ b/test/ipt/firewall42.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:52 2011 PDT by vadim
+#  Generated Thu May 26 14:16:28 2011 PDT by vadim
 #
 # files: * firewall42.fw /etc/fw/firewall42.fw
 #
@@ -405,7 +405,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:52 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:28 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall5.fw.orig b/test/ipt/firewall5.fw.orig
index d5f709883..331d7356f 100755
--- a/test/ipt/firewall5.fw.orig
+++ b/test/ipt/firewall5.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:54 2011 PDT by vadim
+#  Generated Thu May 26 14:16:29 2011 PDT by vadim
 #
 # files: * firewall5.fw /etc/fw/firewall5.fw
 #
@@ -647,7 +647,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:54 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:29 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall50.fw.orig b/test/ipt/firewall50.fw.orig
index cc53f50db..726581499 100755
--- a/test/ipt/firewall50.fw.orig
+++ b/test/ipt/firewall50.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:54 2011 PDT by vadim
+#  Generated Thu May 26 14:16:31 2011 PDT by vadim
 #
 # files: * firewall50.fw /etc/fw/firewall50.fw
 #
@@ -439,7 +439,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:54 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:31 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall51.fw.orig b/test/ipt/firewall51.fw.orig
index 3fd16dc47..0349a5d9b 100755
--- a/test/ipt/firewall51.fw.orig
+++ b/test/ipt/firewall51.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:56 2011 PDT by vadim
+#  Generated Thu May 26 14:16:33 2011 PDT by vadim
 #
 # files: * firewall51.fw /etc/fw/firewall51.fw
 #
@@ -512,7 +512,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:56 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:33 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall6.fw.orig b/test/ipt/firewall6.fw.orig
index 0f8bfe5a4..953e4eb42 100755
--- a/test/ipt/firewall6.fw.orig
+++ b/test/ipt/firewall6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:56 2011 PDT by vadim
+#  Generated Thu May 26 14:16:35 2011 PDT by vadim
 #
 # files: * firewall6.fw /etc/fw/firewall6.fw
 #
@@ -534,7 +534,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:56 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:35 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall60.fw.orig b/test/ipt/firewall60.fw.orig
index ed89ba600..c4d5ac129 100755
--- a/test/ipt/firewall60.fw.orig
+++ b/test/ipt/firewall60.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:58 2011 PDT by vadim
+#  Generated Thu May 26 14:16:37 2011 PDT by vadim
 #
 # files: * firewall60.fw /etc/firewall60.fw
 #
@@ -440,7 +440,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:58 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:37 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall61-1.2.5.fw.orig b/test/ipt/firewall61-1.2.5.fw.orig
index 639fd2ec6..893cadda6 100755
--- a/test/ipt/firewall61-1.2.5.fw.orig
+++ b/test/ipt/firewall61-1.2.5.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:58 2011 PDT by vadim
+#  Generated Thu May 26 14:16:38 2011 PDT by vadim
 #
 # files: * firewall61-1.2.5.fw /etc/firewall61-1.2.5.fw
 #
@@ -520,7 +520,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:40:58 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:38 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall61-1.2.6.fw.orig b/test/ipt/firewall61-1.2.6.fw.orig
index 639364b36..6b99ae44c 100755
--- a/test/ipt/firewall61-1.2.6.fw.orig
+++ b/test/ipt/firewall61-1.2.6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:00 2011 PDT by vadim
+#  Generated Thu May 26 14:16:41 2011 PDT by vadim
 #
 # files: * firewall61-1.2.6.fw /etc/firewall61-1.2.6.fw
 #
@@ -526,7 +526,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:00 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:41 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall61-1.3.x.fw.orig b/test/ipt/firewall61-1.3.x.fw.orig
index ae28afc5d..bb11affcc 100755
--- a/test/ipt/firewall61-1.3.x.fw.orig
+++ b/test/ipt/firewall61-1.3.x.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:01 2011 PDT by vadim
+#  Generated Thu May 26 14:16:42 2011 PDT by vadim
 #
 # files: * firewall61-1.3.x.fw /etc/firewall61-1.3.x.fw
 #
@@ -513,7 +513,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:01 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:42 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall61-1.4.fw.orig b/test/ipt/firewall61-1.4.fw.orig
index 0e98ce912..cc58f2535 100755
--- a/test/ipt/firewall61-1.4.fw.orig
+++ b/test/ipt/firewall61-1.4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:02 2011 PDT by vadim
+#  Generated Thu May 26 14:16:45 2011 PDT by vadim
 #
 # files: * firewall61-1.4.fw /etc/firewall61-1.4.fw
 #
@@ -514,7 +514,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:02 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:45 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall62.fw.orig b/test/ipt/firewall62.fw.orig
index e560efef4..6cb7b324a 100755
--- a/test/ipt/firewall62.fw.orig
+++ b/test/ipt/firewall62.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:03 2011 PDT by vadim
+#  Generated Thu May 26 14:16:46 2011 PDT by vadim
 #
 # files: * firewall62.fw /etc/firewall62.fw
 #
@@ -590,7 +590,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:03 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:46 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall63.fw.orig b/test/ipt/firewall63.fw.orig
index 33a91db4b..37c8f48cd 100755
--- a/test/ipt/firewall63.fw.orig
+++ b/test/ipt/firewall63.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:04 2011 PDT by vadim
+#  Generated Thu May 26 14:16:49 2011 PDT by vadim
 #
 # files: * firewall63.fw /etc/firewall63.fw
 #
@@ -410,7 +410,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:04 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:49 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall7.fw.orig b/test/ipt/firewall7.fw.orig
index 33d60e047..f9eebe4a4 100755
--- a/test/ipt/firewall7.fw.orig
+++ b/test/ipt/firewall7.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:05 2011 PDT by vadim
+#  Generated Thu May 26 14:16:50 2011 PDT by vadim
 #
 # files: * firewall7.fw /etc/fw/firewall7.fw
 #
@@ -494,7 +494,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:05 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:50 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall70.fw.orig b/test/ipt/firewall70.fw.orig
index 07ce2f624..a9b13d1e5 100755
--- a/test/ipt/firewall70.fw.orig
+++ b/test/ipt/firewall70.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:07 2011 PDT by vadim
+#  Generated Thu May 26 14:16:52 2011 PDT by vadim
 #
 # files: * firewall70.fw iptables.sh
 #
@@ -433,7 +433,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:07 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:52 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall71.fw.orig b/test/ipt/firewall71.fw.orig
index 6bc505b78..bfd5495b1 100755
--- a/test/ipt/firewall71.fw.orig
+++ b/test/ipt/firewall71.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:07 2011 PDT by vadim
+#  Generated Thu May 26 14:16:54 2011 PDT by vadim
 #
 # files: * firewall71.fw /etc/fw/firewall71.fw
 #
@@ -449,7 +449,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:07 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:54 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall72-1.3.x.fw.orig b/test/ipt/firewall72-1.3.x.fw.orig
index b6f162156..fcf799cb3 100755
--- a/test/ipt/firewall72-1.3.x.fw.orig
+++ b/test/ipt/firewall72-1.3.x.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:09 2011 PDT by vadim
+#  Generated Thu May 26 14:16:56 2011 PDT by vadim
 #
 # files: * firewall72-1.3.x.fw /etc/fw/firewall72-1.3.x.fw
 #
@@ -581,7 +581,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:09 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:56 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall72-1.4.3.fw.orig b/test/ipt/firewall72-1.4.3.fw.orig
index 32820e12c..9a91d1a8c 100755
--- a/test/ipt/firewall72-1.4.3.fw.orig
+++ b/test/ipt/firewall72-1.4.3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:09 2011 PDT by vadim
+#  Generated Thu May 26 14:16:57 2011 PDT by vadim
 #
 # files: * firewall72-1.4.3.fw /etc/fw/firewall72-1.4.3.fw
 #
@@ -581,7 +581,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:09 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:16:57 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall73.fw.orig b/test/ipt/firewall73.fw.orig
index 03056a52d..d836622ec 100755
--- a/test/ipt/firewall73.fw.orig
+++ b/test/ipt/firewall73.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:11 2011 PDT by vadim
+#  Generated Thu May 26 14:17:01 2011 PDT by vadim
 #
 # files: * firewall73.fw /etc/fw/firewall73.fw
 #
@@ -544,7 +544,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:11 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall74.fw.orig b/test/ipt/firewall74.fw.orig
index 71420bac2..dae927513 100755
--- a/test/ipt/firewall74.fw.orig
+++ b/test/ipt/firewall74.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:11 2011 PDT by vadim
+#  Generated Thu May 26 14:17:01 2011 PDT by vadim
 #
 # files: * firewall74.fw /etc/fw/firewall74.fw
 #
@@ -396,7 +396,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:11 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:01 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall8.fw.orig b/test/ipt/firewall8.fw.orig
index 3d078d9dd..41c61e515 100755
--- a/test/ipt/firewall8.fw.orig
+++ b/test/ipt/firewall8.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:13 2011 PDT by vadim
+#  Generated Thu May 26 14:17:05 2011 PDT by vadim
 #
 # files: * firewall8.fw /etc/fw/firewall8.fw
 #
@@ -381,7 +381,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:13 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall80.fw.orig b/test/ipt/firewall80.fw.orig
index 388e9307a..a475e3b01 100755
--- a/test/ipt/firewall80.fw.orig
+++ b/test/ipt/firewall80.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:14 2011 PDT by vadim
+#  Generated Thu May 26 14:17:05 2011 PDT by vadim
 #
 # files: * firewall80.fw /etc/fw/firewall80.fw
 #
@@ -420,7 +420,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:14 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:05 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall81.fw.orig b/test/ipt/firewall81.fw.orig
index 44b7170d7..257b6c2e7 100755
--- a/test/ipt/firewall81.fw.orig
+++ b/test/ipt/firewall81.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:15 2011 PDT by vadim
+#  Generated Thu May 26 14:17:08 2011 PDT by vadim
 #
 # files: * firewall81.fw /etc/fw/firewall81.fw
 #
@@ -441,7 +441,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:15 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:08 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall82.fw.orig b/test/ipt/firewall82.fw.orig
index 59bbf2714..a6ef10b31 100755
--- a/test/ipt/firewall82.fw.orig
+++ b/test/ipt/firewall82.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:16 2011 PDT by vadim
+#  Generated Thu May 26 14:17:09 2011 PDT by vadim
 #
 # files: * firewall82.fw /etc/firewall82.fw
 #
@@ -434,7 +434,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:16 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:09 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall82_A.fw.orig b/test/ipt/firewall82_A.fw.orig
index c8465d8d1..08782b8f4 100755
--- a/test/ipt/firewall82_A.fw.orig
+++ b/test/ipt/firewall82_A.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:18 2011 PDT by vadim
+#  Generated Thu May 26 14:17:12 2011 PDT by vadim
 #
 # files: * firewall82_A.fw /etc/fw/firewall82_A.fw
 #
@@ -421,7 +421,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:12 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall82_B.fw.orig b/test/ipt/firewall82_B.fw.orig
index 5eb9f8f48..59706b61c 100755
--- a/test/ipt/firewall82_B.fw.orig
+++ b/test/ipt/firewall82_B.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:18 2011 PDT by vadim
+#  Generated Thu May 26 14:17:13 2011 PDT by vadim
 #
 # files: * firewall82_B.fw /etc/fw/firewall82_B.fw
 #
@@ -384,7 +384,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:13 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall9.fw.orig b/test/ipt/firewall9.fw.orig
index 726e2c61c..4e7b42944 100755
--- a/test/ipt/firewall9.fw.orig
+++ b/test/ipt/firewall9.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:20 2011 PDT by vadim
+#  Generated Thu May 26 14:17:16 2011 PDT by vadim
 #
 # files: * firewall9.fw /etc/fw/firewall9.fw
 #
@@ -642,7 +642,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:20 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:16 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall90.fw.orig b/test/ipt/firewall90.fw.orig
index a45be4848..ca1873278 100755
--- a/test/ipt/firewall90.fw.orig
+++ b/test/ipt/firewall90.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:20 2011 PDT by vadim
+#  Generated Thu May 26 14:17:17 2011 PDT by vadim
 #
 # files: * firewall90.fw /etc/fw/firewall90.fw
 #
@@ -404,7 +404,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:20 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:17 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall91.fw.orig b/test/ipt/firewall91.fw.orig
index 8f612ede0..d71167b1e 100755
--- a/test/ipt/firewall91.fw.orig
+++ b/test/ipt/firewall91.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:22 2011 PDT by vadim
+#  Generated Thu May 26 14:17:20 2011 PDT by vadim
 #
 # files: * firewall91.fw /etc/fw/firewall91.fw
 #
@@ -404,7 +404,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:22 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:20 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall92.fw.orig b/test/ipt/firewall92.fw.orig
index c66b74034..0fcbef882 100755
--- a/test/ipt/firewall92.fw.orig
+++ b/test/ipt/firewall92.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:22 2011 PDT by vadim
+#  Generated Thu May 26 14:17:21 2011 PDT by vadim
 #
 # files: * firewall92.fw /etc/fw/firewall92.fw
 #
@@ -440,7 +440,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:22 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:21 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/firewall93.fw.orig b/test/ipt/firewall93.fw.orig
index 75b095bbf..7b77a4e6e 100755
--- a/test/ipt/firewall93.fw.orig
+++ b/test/ipt/firewall93.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:41:25 2011 PDT by vadim
+#  Generated Thu May 26 14:17:25 2011 PDT by vadim
 #
 # files: * firewall93.fw /etc/fw/firewall93.fw
 #
@@ -483,7 +483,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:41:25 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:17:25 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/fw-A.fw.orig b/test/ipt/fw-A.fw.orig
index a8d5b15bb..f4643fcd4 100755
--- a/test/ipt/fw-A.fw.orig
+++ b/test/ipt/fw-A.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:11 2011 PDT by vadim
+#  Generated Thu May 26 14:18:08 2011 PDT by vadim
 #
 # files: * fw-A.fw /sw/FWbuilder/fw-A.fw
 #
@@ -745,7 +745,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:11 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:08 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/fw1.fw.orig b/test/ipt/fw1.fw.orig
index c987c4554..d942c10f7 100755
--- a/test/ipt/fw1.fw.orig
+++ b/test/ipt/fw1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:09 2011 PDT by vadim
+#  Generated Thu May 26 14:18:07 2011 PDT by vadim
 #
 # files: * fw1.fw /etc/fw1.fw
 #
@@ -546,7 +546,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:09 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:07 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/fwbuilder.fw.orig b/test/ipt/fwbuilder.fw.orig
index 3f7ff9ca3..bae232e7a 100755
--- a/test/ipt/fwbuilder.fw.orig
+++ b/test/ipt/fwbuilder.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:40:51 2011 PDT by vadim
+#  Generated Thu May 26 14:16:26 2011 PDT by vadim
 #
 # files: * fwbuilder.fw /etc/init.d/fwbuilder.fw
 #
@@ -504,7 +504,7 @@ status_action() {
 }
 
 start() {
-    log "Activating firewall script generated Sat May 14 15:40:51 2011 by vadim"
+    log "Activating firewall script generated Thu May 26 14:16:26 2011 by vadim"
     check_tools
      prolog_commands 
     check_run_time_address_table_files
diff --git a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
index c02473d33..15936b04a 100755
--- a/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
+++ b/test/ipt/heartbeat_cluster_1_d_linux-1-d.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:18 2011 PDT by vadim
+#  Generated Thu May 26 14:18:22 2011 PDT by vadim
 #
 # files: * heartbeat_cluster_1_d_linux-1-d.fw firewall.sh
 #
@@ -747,7 +747,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
index cb573cfa0..80e3bc7e0 100755
--- a/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
+++ b/test/ipt/heartbeat_cluster_1_d_linux-2-d.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:18 2011 PDT by vadim
+#  Generated Thu May 26 14:18:22 2011 PDT by vadim
 #
 # files: * heartbeat_cluster_1_d_linux-2-d.fw firewall.sh
 #
@@ -751,7 +751,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig
index 9af2bdcb5..8d01b8050 100755
--- a/test/ipt/heartbeat_cluster_1_linux-1.fw.orig
+++ b/test/ipt/heartbeat_cluster_1_linux-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:18 2011 PDT by vadim
+#  Generated Thu May 26 14:18:21 2011 PDT by vadim
 #
 # files: * heartbeat_cluster_1_linux-1.fw /etc/heartbeat_cluster_1_linux-1.fw
 #
@@ -864,7 +864,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig
index 704e26a22..ecc7192e1 100755
--- a/test/ipt/heartbeat_cluster_1_linux-2.fw.orig
+++ b/test/ipt/heartbeat_cluster_1_linux-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:18 2011 PDT by vadim
+#  Generated Thu May 26 14:18:21 2011 PDT by vadim
 #
 # files: * heartbeat_cluster_1_linux-2.fw /etc/heartbeat_cluster_1_linux-2.fw
 #
@@ -762,7 +762,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:21 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig
index d8e2a488d..0db794844 100755
--- a/test/ipt/heartbeat_cluster_2_linux-1.fw.orig
+++ b/test/ipt/heartbeat_cluster_2_linux-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:22 2011 PDT by vadim
 #
 # files: * heartbeat_cluster_2_linux-1.fw /etc/heartbeat_cluster_2_linux-1.fw
 #
@@ -728,7 +728,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig
index 85d43b683..3fe662357 100755
--- a/test/ipt/heartbeat_cluster_2_linux-2.fw.orig
+++ b/test/ipt/heartbeat_cluster_2_linux-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:23 2011 PDT by vadim
 #
 # files: * heartbeat_cluster_2_linux-2.fw /etc/heartbeat_cluster_2_linux-2.fw
 #
@@ -641,7 +641,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/host.fw.orig b/test/ipt/host.fw.orig
index f8a4865ad..d4ed4f5cf 100755
--- a/test/ipt/host.fw.orig
+++ b/test/ipt/host.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:11 2011 PDT by vadim
+#  Generated Thu May 26 14:18:11 2011 PDT by vadim
 #
 # files: * host.fw /etc/fw/host.fw
 #
@@ -443,7 +443,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:11 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:11 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/openais_cluster_1_linux-1.fw.orig b/test/ipt/openais_cluster_1_linux-1.fw.orig
index 8a99b75c0..ab0744cd9 100755
--- a/test/ipt/openais_cluster_1_linux-1.fw.orig
+++ b/test/ipt/openais_cluster_1_linux-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:23 2011 PDT by vadim
 #
 # files: * openais_cluster_1_linux-1.fw /etc/openais_cluster_1_linux-1.fw
 #
@@ -728,7 +728,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/openais_cluster_1_linux-2.fw.orig b/test/ipt/openais_cluster_1_linux-2.fw.orig
index 9ededa8e4..93da2796a 100755
--- a/test/ipt/openais_cluster_1_linux-2.fw.orig
+++ b/test/ipt/openais_cluster_1_linux-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:23 2011 PDT by vadim
 #
 # files: * openais_cluster_1_linux-2.fw /etc/openais_cluster_1_linux-2.fw
 #
@@ -632,7 +632,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/rc.firewall.local b/test/ipt/rc.firewall.local
index c390c6b6c..0c636c2ae 100755
--- a/test/ipt/rc.firewall.local
+++ b/test/ipt/rc.firewall.local
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:13 2011 PDT by vadim
+#  Generated Thu May 26 14:18:12 2011 PDT by vadim
 #
 # files: * rc.firewall.local /etc/rc.d//rc.firewall.local
 #
diff --git a/test/ipt/rh90.fw.orig b/test/ipt/rh90.fw.orig
index 87a42060f..d2d1530ce 100755
--- a/test/ipt/rh90.fw.orig
+++ b/test/ipt/rh90.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:13 2011 PDT by vadim
+#  Generated Thu May 26 14:18:15 2011 PDT by vadim
 #
 # files: * rh90.fw /etc/rh90.fw
 #
@@ -442,7 +442,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:13 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:15 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
index 136df11d1..97de27c67 100755
--- a/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
+++ b/test/ipt/secuwall_cluster_1_secuwall-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:23 2011 PDT by vadim
 #
 # files: * secuwall_cluster_1_secuwall-1.fw /etc/secuwall_cluster_1_secuwall-1.fw
 #
@@ -426,7 +426,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
         log "Database was cluster-tests.fwb"
         check_tools
         check_run_time_address_table_files
diff --git a/test/ipt/server-cluster-1_server-1.fw.orig b/test/ipt/server-cluster-1_server-1.fw.orig
index fa7418f67..f8d19357b 100755
--- a/test/ipt/server-cluster-1_server-1.fw.orig
+++ b/test/ipt/server-cluster-1_server-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:23 2011 PDT by vadim
 #
 # files: * server-cluster-1_server-1.fw /etc/fw/server-cluster-1_server-1.fw
 #
@@ -421,7 +421,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/server-cluster-1_server-2.fw.orig b/test/ipt/server-cluster-1_server-2.fw.orig
index 592c04d51..718d1a550 100755
--- a/test/ipt/server-cluster-1_server-2.fw.orig
+++ b/test/ipt/server-cluster-1_server-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:23 2011 PDT by vadim
 #
 # files: * server-cluster-1_server-2.fw /etc/fw/server-cluster-1_server-2.fw
 #
@@ -418,7 +418,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:23 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/test-shadowing-1.fw.orig b/test/ipt/test-shadowing-1.fw.orig
index 0e76ac0ee..bd9a2f0c9 100755
--- a/test/ipt/test-shadowing-1.fw.orig
+++ b/test/ipt/test-shadowing-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:15 2011 PDT by vadim
+#  Generated Thu May 26 14:18:19 2011 PDT by vadim
 #
 # files: * test-shadowing-1.fw /etc/test-shadowing-1.fw
 #
@@ -492,7 +492,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:15 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:19 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/test-shadowing-2.fw.orig b/test/ipt/test-shadowing-2.fw.orig
index d30689dbe..a5dd11756 100755
--- a/test/ipt/test-shadowing-2.fw.orig
+++ b/test/ipt/test-shadowing-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:17 2011 PDT by vadim
+#  Generated Thu May 26 14:18:20 2011 PDT by vadim
 #
 # files: * test-shadowing-2.fw /etc/test-shadowing-2.fw
 #
@@ -450,7 +450,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:17 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:20 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/test-shadowing-3.fw.orig b/test/ipt/test-shadowing-3.fw.orig
index fc32edf9b..4c1f37fc7 100755
--- a/test/ipt/test-shadowing-3.fw.orig
+++ b/test/ipt/test-shadowing-3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:18 2011 PDT by vadim
+#  Generated Thu May 26 14:18:22 2011 PDT by vadim
 #
 # files: * test-shadowing-3.fw /etc/test-shadowing-3.fw
 #
@@ -499,7 +499,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:18 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:22 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/test_fw.fw.orig b/test/ipt/test_fw.fw.orig
index 401437ba7..a7e16a7f3 100755
--- a/test/ipt/test_fw.fw.orig
+++ b/test/ipt/test_fw.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:15 2011 PDT by vadim
+#  Generated Thu May 26 14:18:16 2011 PDT by vadim
 #
 # files: * test_fw.fw /etc/test_fw.fw
 #
@@ -591,7 +591,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:15 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:16 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/vrrp_cluster_1_linux-1.fw.orig b/test/ipt/vrrp_cluster_1_linux-1.fw.orig
index 3da903046..45fc4ccb3 100755
--- a/test/ipt/vrrp_cluster_1_linux-1.fw.orig
+++ b/test/ipt/vrrp_cluster_1_linux-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:19 2011 PDT by vadim
+#  Generated Thu May 26 14:18:24 2011 PDT by vadim
 #
 # files: * vrrp_cluster_1_linux-1.fw /etc/vrrp_cluster_1_linux-1.fw
 #
@@ -731,7 +731,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:19 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/vrrp_cluster_1_linux-2.fw.orig b/test/ipt/vrrp_cluster_1_linux-2.fw.orig
index eaf0ddf70..d0958aea6 100755
--- a/test/ipt/vrrp_cluster_1_linux-2.fw.orig
+++ b/test/ipt/vrrp_cluster_1_linux-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:20 2011 PDT by vadim
+#  Generated Thu May 26 14:18:24 2011 PDT by vadim
 #
 # files: * vrrp_cluster_1_linux-2.fw /etc/vrrp_cluster_1_linux-2.fw
 #
@@ -636,7 +636,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/vrrp_cluster_2_linux-1.fw.orig b/test/ipt/vrrp_cluster_2_linux-1.fw.orig
index 8f22e4234..be4015563 100755
--- a/test/ipt/vrrp_cluster_2_linux-1.fw.orig
+++ b/test/ipt/vrrp_cluster_2_linux-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:20 2011 PDT by vadim
+#  Generated Thu May 26 14:18:24 2011 PDT by vadim
 #
 # files: * vrrp_cluster_2_linux-1.fw /etc/vrrp_cluster_2_linux-1.fw
 #
@@ -663,7 +663,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/vrrp_cluster_2_linux-2.fw.orig b/test/ipt/vrrp_cluster_2_linux-2.fw.orig
index 5a72eb397..3f4852ee9 100755
--- a/test/ipt/vrrp_cluster_2_linux-2.fw.orig
+++ b/test/ipt/vrrp_cluster_2_linux-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:20 2011 PDT by vadim
+#  Generated Thu May 26 14:18:24 2011 PDT by vadim
 #
 # files: * vrrp_cluster_2_linux-2.fw /etc/vrrp_cluster_2_linux-2.fw
 #
@@ -568,7 +568,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/ipt/vrrp_cluster_2_linux-3.fw.orig b/test/ipt/vrrp_cluster_2_linux-3.fw.orig
index 2cb9631f5..910240d44 100755
--- a/test/ipt/vrrp_cluster_2_linux-3.fw.orig
+++ b/test/ipt/vrrp_cluster_2_linux-3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_ipt v4.3.0.3542
+#  Firewall Builder  fwb_ipt v4.3.0.3546
 #
-#  Generated Sat May 14 15:42:20 2011 PDT by vadim
+#  Generated Thu May 26 14:18:24 2011 PDT by vadim
 #
 # files: * vrrp_cluster_2_linux-3.fw /etc/vrrp_cluster_2_linux-3.fw
 #
@@ -544,7 +544,7 @@ test -z "$cmd" && {
 
 case "$cmd" in
     start)
-        log "Activating firewall script generated Sat May 14 15:42:20 2011 by vadim"
+        log "Activating firewall script generated Thu May 26 14:18:24 2011 by vadim"
         check_tools
          prolog_commands 
         check_run_time_address_table_files
diff --git a/test/pf/firewall-base-rulesets.fw.orig b/test/pf/firewall-base-rulesets.fw.orig
index fa1a7ee2e..af4a49b6f 100755
--- a/test/pf/firewall-base-rulesets.fw.orig
+++ b/test/pf/firewall-base-rulesets.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:33 2011 PDT by vadim
+#  Generated Thu May 26 14:09:41 2011 PDT by vadim
 #
 # files: * firewall-base-rulesets.fw /etc/fw/firewall-base-rulesets.fw
 # files:   firewall-base-rulesets.conf /etc/fw/firewall-base-rulesets.conf
@@ -169,7 +169,7 @@ configure_interfaces() {
     update_addresses_of_interface "en2 192.168.100.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall-ipv6-1.conf.orig b/test/pf/firewall-ipv6-1.conf.orig
index 5fe45b730..334aaa42e 100644
--- a/test/pf/firewall-ipv6-1.conf.orig
+++ b/test/pf/firewall-ipv6-1.conf.orig
@@ -46,7 +46,7 @@ pass  quick inet6 proto tcp  from 2001:5c0:0:2::24  to fe80::21d:9ff:fe8b:8e94 p
 # firewall-ipv6-1:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)'  below it
 # firewall-ipv6-1:Policy:3: warning: Changing rule direction due to self reference
 
-pass in   log  quick inet6 proto tcp  from 3ffe:1200:2001:1:8000::1  to fe80::21d:9ff:fe8b:8e94 port 22 keep state  label "RULE 3 -- ACCEPT "  
+pass in   log  quick inet6 proto tcp  from 3ffe:1200:2001:1:8000::1  to self port 22 keep state  label "RULE 3 -- ACCEPT "  
 # 
 # Rule  4 (global)
 # firewall-ipv6-1:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)'  below it
@@ -59,15 +59,15 @@ pass  log  quick inet6 proto tcp  from <tbl.r5.s>  to fe80::21d:9ff:fe8b:8e94 po
 # Rule  6 (global)
 # firewall-ipv6-1:Policy:6: warning: Changing rule direction due to self reference
 
-pass in   log  quick inet6 proto tcp  from <tbl.r4.s>  to fe80::21d:9ff:fe8b:8e94 port 22 keep state  label "RULE 6 -- ACCEPT "  
+pass in   log  quick inet6 proto tcp  from <tbl.r4.s>  to self port 22 keep state  label "RULE 6 -- ACCEPT "  
 # 
 # Rule  7 (global)
 # firewall-ipv6-1:Policy:7: warning: Changing rule direction due to self reference
 
-pass in   log  quick inet6 proto tcp  from <tbl.r5.s>  to fe80::21d:9ff:fe8b:8e94 port 22 keep state  label "RULE 7 -- ACCEPT "  
+pass in   log  quick inet6 proto tcp  from <tbl.r5.s>  to self port 22 keep state  label "RULE 7 -- ACCEPT "  
 # 
 # Rule  8 (global)
-pass in   log  quick inet6  from any  to fe80::21d:9ff:fe8b:8e94 keep state  label "RULE 8 -- ACCEPT "  
+pass in   log  quick inet6  from any  to self keep state  label "RULE 8 -- ACCEPT "  
 # 
 # Rule  9 (global)
 pass  log  quick inet6  from fe80::/64  to any keep state  label "RULE 9 -- ACCEPT "  
diff --git a/test/pf/firewall-ipv6-1.fw.orig b/test/pf/firewall-ipv6-1.fw.orig
index ffc83e805..94d2811ce 100755
--- a/test/pf/firewall-ipv6-1.fw.orig
+++ b/test/pf/firewall-ipv6-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:33 2011 PDT by vadim
+#  Generated Thu May 26 14:09:41 2011 PDT by vadim
 #
 # files: * firewall-ipv6-1.fw pf-ipv6.fw
 # files:   firewall-ipv6-1.conf /etc/fw/pf-ipv6.conf
@@ -181,7 +181,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:33 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:41 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall-ipv6-2.conf.orig b/test/pf/firewall-ipv6-2.conf.orig
index abf894394..b1db3ca87 100644
--- a/test/pf/firewall-ipv6-2.conf.orig
+++ b/test/pf/firewall-ipv6-2.conf.orig
@@ -5,7 +5,7 @@
 # Tables: (5)
 table <tbl.r4.s> { 222.222.222.22 , 222.222.222.23 } 
 table <tbl.r4.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2000::/36 , 3ffe:1200:2001:1:8000::1 } 
-table <tbl.r5.s> { 61.150.47.112 , 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 192.168.1.0 } 
+table <tbl.r5.s> { 61.150.47.112 , 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 192.168.1.0 } 
 table <tbl.r5.sx> { 2001:5c0:0:2::24 , 3ffe:1200:2001:1:8000::1 } 
 table <tbl.r7.s> { 61.150.47.112 , 192.168.1.0 } 
 
@@ -28,10 +28,10 @@ pass  log  quick inet proto tcp  from <tbl.r5.s>  to 1.1.1.1 port 22 keep state
 # Rule  7 (global)
 # firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
 
-pass in   log  quick inet proto tcp  from <tbl.r7.s>  to 1.1.1.1 port 22 keep state  label "RULE 7 -- ACCEPT "  
+pass in   log  quick inet proto tcp  from <tbl.r7.s>  to self port 22 keep state  label "RULE 7 -- ACCEPT "  
 # 
 # Rule  8 (global)
-pass in   log  quick inet  from any  to 1.1.1.1 keep state  label "RULE 8 -- ACCEPT "  
+pass in   log  quick inet  from any  to self keep state  label "RULE 8 -- ACCEPT "  
 # 
 # Rule  11 (global)
 pass  log  quick inet  from <tbl.r7.s>  to any keep state  label "RULE 11 -- ACCEPT "  
@@ -83,7 +83,7 @@ pass  quick inet6 proto tcp  from 2001:5c0:0:2::24  to fe80::21d:9ff:fe8b:8e94 p
 # firewall-ipv6-2:Policy:3: error: Rule '3 (global)' shadows rule '7 (global)'  below it
 # firewall-ipv6-2:Policy:3: warning: Changing rule direction due to self reference
 
-pass in   log  quick inet6 proto tcp  from 3ffe:1200:2001:1:8000::1  to fe80::21d:9ff:fe8b:8e94 port 22 keep state  label "RULE 3 -- ACCEPT "  
+pass in   log  quick inet6 proto tcp  from 3ffe:1200:2001:1:8000::1  to self port 22 keep state  label "RULE 3 -- ACCEPT "  
 # 
 # Rule  4 (global)
 # firewall-ipv6-2:Policy:4: error: Rule '4 (global)' shadows rule '6 (global)'  below it
@@ -96,15 +96,15 @@ pass  log  quick inet6 proto tcp  from <tbl.r5.sx>  to fe80::21d:9ff:fe8b:8e94 p
 # Rule  6 (global)
 # firewall-ipv6-2:Policy:6: warning: Changing rule direction due to self reference
 
-pass in   log  quick inet6 proto tcp  from <tbl.r4.sx>  to fe80::21d:9ff:fe8b:8e94 port 22 keep state  label "RULE 6 -- ACCEPT "  
+pass in   log  quick inet6 proto tcp  from <tbl.r4.sx>  to self port 22 keep state  label "RULE 6 -- ACCEPT "  
 # 
 # Rule  7 (global)
 # firewall-ipv6-2:Policy:7: warning: Changing rule direction due to self reference
 
-pass in   log  quick inet6 proto tcp  from <tbl.r5.sx>  to fe80::21d:9ff:fe8b:8e94 port 22 keep state  label "RULE 7 -- ACCEPT "  
+pass in   log  quick inet6 proto tcp  from <tbl.r5.sx>  to self port 22 keep state  label "RULE 7 -- ACCEPT "  
 # 
 # Rule  8 (global)
-pass in   log  quick inet6  from any  to fe80::21d:9ff:fe8b:8e94 keep state  label "RULE 8 -- ACCEPT "  
+pass in   log  quick inet6  from any  to self keep state  label "RULE 8 -- ACCEPT "  
 # 
 # Rule  9 (global)
 pass  log  quick inet6  from fe80::/64  to any keep state  label "RULE 9 -- ACCEPT "  
diff --git a/test/pf/firewall-ipv6-2.fw.orig b/test/pf/firewall-ipv6-2.fw.orig
index 10f8746d2..0366b77f2 100755
--- a/test/pf/firewall-ipv6-2.fw.orig
+++ b/test/pf/firewall-ipv6-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * firewall-ipv6-2.fw pf.fw
 # files:   firewall-ipv6-2.conf pf.conf
@@ -185,7 +185,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo ::1/128 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall-ipv6-3.fw.orig b/test/pf/firewall-ipv6-3.fw.orig
index 7f34c4d84..74e6c1295 100755
--- a/test/pf/firewall-ipv6-3.fw.orig
+++ b/test/pf/firewall-ipv6-3.fw.orig
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * firewall-ipv6-3.fw /etc/firewall-ipv6-3.fw
 # files:   firewall-ipv6-3.conf /etc/firewall-ipv6-3.conf
diff --git a/test/pf/firewall.conf.orig b/test/pf/firewall.conf.orig
index 90337d2fd..739d2b76c 100644
--- a/test/pf/firewall.conf.orig
+++ b/test/pf/firewall.conf.orig
@@ -50,10 +50,10 @@ rdr proto tcp from any to any port 80 -> 127.0.0.1 port 3128
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to <tbl.r2> port 22 flags S/SA modulate state  label "RULE -1 - ACCEPT"  
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 flags S/SA modulate state  label "RULE -1 - ACCEPT"  
 # 
 # Rule  0 (eth1)
-block in   log  quick on eth1 inet  from any  to <tbl.r2>  fragment  label "RULE 0 - DROP"  
+block in   log  quick on eth1 inet  from any  to self  fragment  label "RULE 0 - DROP"  
 # 
 # Rule  1 (eth1)
 # Automatically generated rule blocking short fragments
@@ -61,14 +61,14 @@ block in   log  quick on eth1 inet  from any  to any  fragment  label "RULE 1 -
 # 
 # Rule  2 (eth1)
 # Automatically generated anti-spoofing rule
-block in   log  quick on eth1 inet  from <tbl.r2>  to any  label "RULE 2 - DROP"  
+block in   log  quick on eth1 inet  from self  to any  label "RULE 2 - DROP"  
 block in   log  quick on eth1 inet  from 192.168.1.0/24  to any  label "RULE 2 - DROP"  
 # 
 # Rule  3 (eth0)
 # комментарий по-русски, Проверяем конвертацию в Utf-8
 # firewall:Policy:3: warning: Changing rule direction due to self reference
 
-pass in   quick on eth0 inet proto udp  from 192.168.1.0/24  to <tbl.r2> port 53 keep state  label "RULE 3 - ACCEPT"  
+pass in   quick on eth0 inet proto udp  from 192.168.1.0/24  to self port 53 keep state  label "RULE 3 - ACCEPT"  
 # 
 # Rule  4 (eth0)
 # code should go into INPUT chain with 
@@ -109,7 +109,7 @@ pass  quick inet  from any  to 192.168.1.10 keep state  label "RULE 16 - ACCEPT"
 # firewall:Policy:18: error: Rule '18 (global)' shadows rule '21 (global)'  below it
 # firewall:Policy:18: warning: Changing rule direction due to self reference
 
-pass out  quick inet  from <tbl.r2>  to any keep state  label "RULE 18 - ACCEPT"  
+pass out  quick inet  from self  to any keep state  label "RULE 18 - ACCEPT"  
 pass  quick inet  from 192.168.1.0/24  to any keep state  label "RULE 18 - ACCEPT"  
 # 
 # Rule  19 (global)
diff --git a/test/pf/firewall.fw.orig b/test/pf/firewall.fw.orig
index 0443a17f5..dc57f6c23 100755
--- a/test/pf/firewall.fw.orig
+++ b/test/pf/firewall.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:08 2011 PDT by vadim
+#  Generated Thu May 26 14:08:53 2011 PDT by vadim
 #
 # files: * firewall.fw /etc/pf.fw
 # files:   firewall.conf /etc/pf.conf
@@ -173,7 +173,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:08:53 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall1.conf.orig b/test/pf/firewall1.conf.orig
index e815aa909..b4de647d5 100644
--- a/test/pf/firewall1.conf.orig
+++ b/test/pf/firewall1.conf.orig
@@ -18,12 +18,11 @@
 scrub in all fragment reassemble
 
 
-# Tables: (7)
+# Tables: (6)
 table <tbl.r0.s> { 22.22.22.22 , 192.168.1.1 } 
 table <tbl.r11> { 192.168.1.10 , 192.168.1.20 } 
-table <tbl.r11.s> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.0/24 , 192.168.2.1 } 
+table <tbl.r11.s> { self  , 192.168.2.0/24 } 
 table <tbl.r16> { 33.33.33.0/24 , 33.33.44.0/24 } 
-table <tbl.r18.d> { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 } 
 table <tbl.r7> { 192.168.1.0/24 , 192.168.2.0/24 } 
 table <tbl.r9> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } 
 
@@ -113,7 +112,7 @@ block  quick on eth0 inet proto 50  from <tbl.r11>  to ! <tbl.r11>
 # 
 # Rule  2 (eth1)
 # Anti-spoofing rule
-block in   log  quick on eth1 inet  from <tbl.r9>  to any 
+block in   log  quick on eth1 inet  from self  to any 
 block in   log  quick on eth1 inet  from 192.168.1.0/24  to any 
 # 
 # Rule  3 (eth1)
@@ -144,7 +143,7 @@ block  log  quick inet proto icmp  from ! <tbl.r11>  to any icmp-type 3
 # this rule is shaded by rule above.
 # firewall1:Policy:10: warning: Changing rule direction due to self reference
 
-block in   log  quick inet proto icmp  from ! <tbl.r11>  to <tbl.r9> icmp-type 3  
+block in   log  quick inet proto icmp  from ! <tbl.r11>  to self icmp-type 3  
 # 
 # Rule  11 (global)
 # this rule shades rule below
@@ -168,7 +167,7 @@ pass  quick inet  from 192.168.1.0/24  to any keep state
 # Rule  18 (global)
 # firewall1:Policy:18: warning: Changing rule direction due to self reference
 
-pass in   quick inet proto tcp  from any  to <tbl.r18.d> port 3128 keep state 
+pass in   quick inet proto tcp  from any  to self port 3128 keep state 
 # 
 # Rule  19 (eth0)
 # rule from http://www.benzedrine.cx/transquid.html
diff --git a/test/pf/firewall1.fw.orig b/test/pf/firewall1.fw.orig
index bc170a496..63725585f 100755
--- a/test/pf/firewall1.fw.orig
+++ b/test/pf/firewall1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:08 2011 PDT by vadim
+#  Generated Thu May 26 14:08:55 2011 PDT by vadim
 #
 # files: * firewall1.fw /etc/fw/firewall1.fw
 # files:   firewall1.conf /etc/fw/firewall1.conf
@@ -76,7 +76,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall10-1.conf.orig b/test/pf/firewall10-1.conf.orig
index f29dfb78a..f8dcc0174 100644
--- a/test/pf/firewall10-1.conf.orig
+++ b/test/pf/firewall10-1.conf.orig
@@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to 192.168.1.1 port 22 flags S/SA keep state 
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 flags S/SA keep state 
 # 
 # Rule  0 (eth0)
 pass in   quick on eth0 inet proto tcp  from 192.168.1.0/24  to any port { 80, 22 } flags S/SA keep state 
diff --git a/test/pf/firewall10-1.fw.orig b/test/pf/firewall10-1.fw.orig
index ad980410e..ee698eb86 100755
--- a/test/pf/firewall10-1.fw.orig
+++ b/test/pf/firewall10-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:09 2011 PDT by vadim
+#  Generated Thu May 26 14:08:56 2011 PDT by vadim
 #
 # files: * firewall10-1.fw /etc/fw/firewall10-1.fw
 # files:   firewall10-1.conf /etc/fw/firewall10-1.conf
@@ -74,7 +74,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall10-2.conf.orig b/test/pf/firewall10-2.conf.orig
index 41b1bfff2..cc504aeee 100644
--- a/test/pf/firewall10-2.conf.orig
+++ b/test/pf/firewall10-2.conf.orig
@@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to 192.168.1.1 port 22 modulate state 
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 modulate state 
 # 
 # Rule  0 (eth0)
 pass in   quick on eth0 inet proto tcp  from 192.168.1.0/24  to any port { 80, 22 } modulate state 
diff --git a/test/pf/firewall10-2.fw.orig b/test/pf/firewall10-2.fw.orig
index 431241e11..97c1d8249 100755
--- a/test/pf/firewall10-2.fw.orig
+++ b/test/pf/firewall10-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:10 2011 PDT by vadim
+#  Generated Thu May 26 14:08:58 2011 PDT by vadim
 #
 # files: * firewall10-2.fw /etc/fw/firewall10-2.fw
 # files:   firewall10-2.conf /etc/fw/firewall10-2.conf
@@ -74,7 +74,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:10 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:08:58 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall10-3.conf.orig b/test/pf/firewall10-3.conf.orig
index 22311b7d9..42da3b64b 100644
--- a/test/pf/firewall10-3.conf.orig
+++ b/test/pf/firewall10-3.conf.orig
@@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to 192.168.1.1 port 22 keep state 
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 keep state 
 # 
 # Rule  0 (eth0)
 pass in   quick on eth0 inet proto tcp  from 192.168.1.0/24  to any port { 80, 22 } keep state 
diff --git a/test/pf/firewall10-3.fw.orig b/test/pf/firewall10-3.fw.orig
index 8834d76c4..d0d62c1c9 100755
--- a/test/pf/firewall10-3.fw.orig
+++ b/test/pf/firewall10-3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:11 2011 PDT by vadim
+#  Generated Thu May 26 14:09:00 2011 PDT by vadim
 #
 # files: * firewall10-3.fw /etc/fw/firewall10-3.fw
 # files:   firewall10-3.conf /etc/fw/firewall10-3.conf
@@ -76,7 +76,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall10-4.conf.orig b/test/pf/firewall10-4.conf.orig
index 97e5c8c1f..a71856753 100644
--- a/test/pf/firewall10-4.conf.orig
+++ b/test/pf/firewall10-4.conf.orig
@@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to 192.168.1.1 port 22 flags any 
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 flags any 
 # 
 # Rule  0 (eth0)
 pass in   quick on eth0 inet proto tcp  from 192.168.1.0/24  to any port { 80, 22 } flags any 
diff --git a/test/pf/firewall10-4.fw.orig b/test/pf/firewall10-4.fw.orig
index f0a0eae5a..a0362a3ef 100755
--- a/test/pf/firewall10-4.fw.orig
+++ b/test/pf/firewall10-4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:13 2011 PDT by vadim
+#  Generated Thu May 26 14:09:04 2011 PDT by vadim
 #
 # files: * firewall10-4.fw /etc/fw/firewall10-4.fw
 # files:   firewall10-4.conf /etc/fw/firewall10-4.conf
@@ -76,7 +76,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall10-5.conf.orig b/test/pf/firewall10-5.conf.orig
index 7441823d6..1defbe6da 100644
--- a/test/pf/firewall10-5.conf.orig
+++ b/test/pf/firewall10-5.conf.orig
@@ -12,7 +12,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to 192.168.1.1 port 22 keep state 
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 keep state 
 # 
 # Rule  0 (enc0)
 # This adds "pass  out ... keep state" 
diff --git a/test/pf/firewall10-5.fw.orig b/test/pf/firewall10-5.fw.orig
index e78040031..a39f6cc3f 100755
--- a/test/pf/firewall10-5.fw.orig
+++ b/test/pf/firewall10-5.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:14 2011 PDT by vadim
+#  Generated Thu May 26 14:09:07 2011 PDT by vadim
 #
 # files: * firewall10-5.fw /etc/fw/firewall10-5.fw
 # files:   firewall10-5.conf /etc/fw/firewall10-5.conf
@@ -77,7 +77,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:07 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall10-6.conf.orig b/test/pf/firewall10-6.conf.orig
index 97e5c8c1f..a71856753 100644
--- a/test/pf/firewall10-6.conf.orig
+++ b/test/pf/firewall10-6.conf.orig
@@ -13,7 +13,7 @@ nat on eth0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 192.168.1.1
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to 192.168.1.1 port 22 flags any 
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 flags any 
 # 
 # Rule  0 (eth0)
 pass in   quick on eth0 inet proto tcp  from 192.168.1.0/24  to any port { 80, 22 } flags any 
diff --git a/test/pf/firewall10-6.fw.orig b/test/pf/firewall10-6.fw.orig
index d0c9f9fdd..bb74569fc 100755
--- a/test/pf/firewall10-6.fw.orig
+++ b/test/pf/firewall10-6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:15 2011 PDT by vadim
+#  Generated Thu May 26 14:09:09 2011 PDT by vadim
 #
 # files: * firewall10-6.fw /etc/fw/firewall10-6.fw
 # files:   firewall10-6.conf /etc/fw/firewall10-6.conf
@@ -77,7 +77,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:15 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:09 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall100.conf.orig b/test/pf/firewall100.conf.orig
index ac8df8eec..3f946e0ba 100644
--- a/test/pf/firewall100.conf.orig
+++ b/test/pf/firewall100.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall100.fw.orig b/test/pf/firewall100.fw.orig
index 112bc9242..e2b4c4cb4 100755
--- a/test/pf/firewall100.fw.orig
+++ b/test/pf/firewall100.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:08 2011 PDT by vadim
+#  Generated Thu May 26 14:08:55 2011 PDT by vadim
 #
 # files: * firewall100.fw /etc/fw/pf.fw
 # files:   firewall100.conf /etc/fw/path\ with\ space/pf.conf
@@ -167,7 +167,7 @@ configure_interfaces() {
     update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:08 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:08:55 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall101.conf.orig b/test/pf/firewall101.conf.orig
index ac8df8eec..3f946e0ba 100644
--- a/test/pf/firewall101.conf.orig
+++ b/test/pf/firewall101.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall101.fw.orig b/test/pf/firewall101.fw.orig
index 3eefe08ca..c36c1346a 100755
--- a/test/pf/firewall101.fw.orig
+++ b/test/pf/firewall101.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:09 2011 PDT by vadim
+#  Generated Thu May 26 14:08:56 2011 PDT by vadim
 #
 # files: * firewall101.fw /etc/fw/pf.fw
 # files:   firewall101.conf /etc/fw/path\ with\ space/pf.conf
@@ -170,7 +170,7 @@ configure_interfaces() {
     update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:09 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:08:56 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall102.conf.orig b/test/pf/firewall102.conf.orig
index ac8df8eec..3f946e0ba 100644
--- a/test/pf/firewall102.conf.orig
+++ b/test/pf/firewall102.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall102.fw.orig b/test/pf/firewall102.fw.orig
index 348ac40b5..a1c1fe4c5 100755
--- a/test/pf/firewall102.fw.orig
+++ b/test/pf/firewall102.fw.orig
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:10 2011 PDT by vadim
+#  Generated Thu May 26 14:08:58 2011 PDT by vadim
 #
 # files: * firewall102.fw /etc/fw/pf.fw
 # files:   firewall102.conf /etc/fw/path\ with\ space/pf.conf
diff --git a/test/pf/firewall103-1.conf.orig b/test/pf/firewall103-1.conf.orig
index 6635011fc..3f946e0ba 100644
--- a/test/pf/firewall103-1.conf.orig
+++ b/test/pf/firewall103-1.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall103-1.fw.orig b/test/pf/firewall103-1.fw.orig
index 6ef886c4d..93492cd73 100755
--- a/test/pf/firewall103-1.fw.orig
+++ b/test/pf/firewall103-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:12 2011 PDT by vadim
+#  Generated Thu May 26 14:09:02 2011 PDT by vadim
 #
 # files: * firewall103-1.fw /etc/fw/pf.fw
 # files:   firewall103-1.conf /etc/fw/path\ with\ space/pf.conf
@@ -394,7 +394,7 @@ configure_interfaces() {
     update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall103-2.conf.orig b/test/pf/firewall103-2.conf.orig
index dbaea8222..eb16085f4 100644
--- a/test/pf/firewall103-2.conf.orig
+++ b/test/pf/firewall103-2.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 scrub all reassemble tcp no-df 
 scrub out all random-id min-ttl  1 max-mss  1460
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall103-2.fw.orig b/test/pf/firewall103-2.fw.orig
index 58c5e4c30..6f0c36092 100755
--- a/test/pf/firewall103-2.fw.orig
+++ b/test/pf/firewall103-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:12 2011 PDT by vadim
+#  Generated Thu May 26 14:09:02 2011 PDT by vadim
 #
 # files: * firewall103-2.fw /etc/fw/pf.fw
 # files:   firewall103-2.conf /etc/fw/path\ with\ space/pf.conf
@@ -394,7 +394,7 @@ configure_interfaces() {
     update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:12 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:02 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall103.conf.orig b/test/pf/firewall103.conf.orig
index 6635011fc..3f946e0ba 100644
--- a/test/pf/firewall103.conf.orig
+++ b/test/pf/firewall103.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall103.fw.orig b/test/pf/firewall103.fw.orig
index d4e3dacbf..aaaa7007e 100755
--- a/test/pf/firewall103.fw.orig
+++ b/test/pf/firewall103.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:11 2011 PDT by vadim
+#  Generated Thu May 26 14:09:00 2011 PDT by vadim
 #
 # files: * firewall103.fw /etc/fw/pf.fw
 # files:   firewall103.conf /etc/fw/path\ with\ space/pf.conf
@@ -397,7 +397,7 @@ configure_interfaces() {
     update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:11 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:00 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall104-1.conf.orig b/test/pf/firewall104-1.conf.orig
index 8c25d7aa5..3f946e0ba 100644
--- a/test/pf/firewall104-1.conf.orig
+++ b/test/pf/firewall104-1.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall104-1.fw.orig b/test/pf/firewall104-1.fw.orig
index 5527a4d43..cce5ac486 100755
--- a/test/pf/firewall104-1.fw.orig
+++ b/test/pf/firewall104-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:14 2011 PDT by vadim
+#  Generated Thu May 26 14:09:05 2011 PDT by vadim
 #
 # files: * firewall104-1.fw /etc/fw/pf.fw
 # files:   firewall104-1.conf /etc/fw/path\ with\ space/pf.conf
@@ -393,7 +393,7 @@ configure_interfaces() {
     $IFCONFIG bridge0 -stp em3
 }
 
-log "Activating firewall script generated Tue May 10 14:53:14 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:05 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall104.conf.orig b/test/pf/firewall104.conf.orig
index 8c25d7aa5..3f946e0ba 100644
--- a/test/pf/firewall104.conf.orig
+++ b/test/pf/firewall104.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall104.fw.orig b/test/pf/firewall104.fw.orig
index 8846a98f9..c495d0429 100755
--- a/test/pf/firewall104.fw.orig
+++ b/test/pf/firewall104.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:13 2011 PDT by vadim
+#  Generated Thu May 26 14:09:04 2011 PDT by vadim
 #
 # files: * firewall104.fw /etc/fw/pf.fw
 # files:   firewall104.conf /etc/fw/path\ with\ space/pf.conf
@@ -396,7 +396,7 @@ configure_interfaces() {
     $IFCONFIG bridge0 stp em3
 }
 
-log "Activating firewall script generated Tue May 10 14:53:13 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:04 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall105.conf.orig b/test/pf/firewall105.conf.orig
index 6635011fc..3f946e0ba 100644
--- a/test/pf/firewall105.conf.orig
+++ b/test/pf/firewall105.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.1.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall105.fw.orig b/test/pf/firewall105.fw.orig
index 31a7422b0..8c2424324 100755
--- a/test/pf/firewall105.fw.orig
+++ b/test/pf/firewall105.fw.orig
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:14 2011 PDT by vadim
+#  Generated Thu May 26 14:09:06 2011 PDT by vadim
 #
 # files: * firewall105.fw /etc/fw/pf.fw
 # files:   firewall105.conf /etc/fw/path\ with\ space/pf.conf
diff --git a/test/pf/firewall106.conf.orig b/test/pf/firewall106.conf.orig
index 8c25d7aa5..3f946e0ba 100644
--- a/test/pf/firewall106.conf.orig
+++ b/test/pf/firewall106.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { bridge0 , 10.1.1.81 , 10.3.14.81 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall106.fw.orig b/test/pf/firewall106.fw.orig
index 41a3a3036..07249874e 100755
--- a/test/pf/firewall106.fw.orig
+++ b/test/pf/firewall106.fw.orig
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:15 2011 PDT by vadim
+#  Generated Thu May 26 14:09:07 2011 PDT by vadim
 #
 # files: * firewall106.fw /etc/fw/pf.fw
 # files:   firewall106.conf /etc/fw/path\ with\ space/pf.conf
diff --git a/test/pf/firewall107.conf.orig b/test/pf/firewall107.conf.orig
index 4c2afd3cb..3f946e0ba 100644
--- a/test/pf/firewall107.conf.orig
+++ b/test/pf/firewall107.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall107.fw.orig b/test/pf/firewall107.fw.orig
index 9f87da76f..8794c2c2a 100755
--- a/test/pf/firewall107.fw.orig
+++ b/test/pf/firewall107.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:15 2011 PDT by vadim
+#  Generated Thu May 26 14:09:09 2011 PDT by vadim
 #
 # files: * firewall107.fw /etc/fw/pf.fw
 # files:   firewall107.conf /etc/fw/path\ with\ space/pf.conf
@@ -395,7 +395,7 @@ configure_interfaces() {
     update_addresses_of_interface "vlan102 192.168.102.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:15 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:09 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall108.conf.orig b/test/pf/firewall108.conf.orig
index 4c2afd3cb..3f946e0ba 100644
--- a/test/pf/firewall108.conf.orig
+++ b/test/pf/firewall108.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 , 192.168.101.1 , 192.168.102.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall108.fw.orig b/test/pf/firewall108.fw.orig
index 1356dc577..64c512743 100755
--- a/test/pf/firewall108.fw.orig
+++ b/test/pf/firewall108.fw.orig
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:16 2011 PDT by vadim
+#  Generated Thu May 26 14:09:11 2011 PDT by vadim
 #
 # files: * firewall108.fw /etc/fw/pf.fw
 # files:   firewall108.conf /etc/fw/path\ with\ space/pf.conf
diff --git a/test/pf/firewall109-1.conf.orig b/test/pf/firewall109-1.conf.orig
index 3354274f7..3f946e0ba 100644
--- a/test/pf/firewall109-1.conf.orig
+++ b/test/pf/firewall109-1.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall109-1.fw.orig b/test/pf/firewall109-1.fw.orig
index 72b8556cb..02da67193 100755
--- a/test/pf/firewall109-1.fw.orig
+++ b/test/pf/firewall109-1.fw.orig
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:17 2011 PDT by vadim
+#  Generated Thu May 26 14:09:12 2011 PDT by vadim
 #
 # files: * firewall109-1.fw /etc/fw/pf.fw
 # files:   firewall109-1.conf /etc/fw/path\ with\ space/pf.conf
diff --git a/test/pf/firewall109-2.conf.orig b/test/pf/firewall109-2.conf.orig
index f2903793e..3f946e0ba 100644
--- a/test/pf/firewall109-2.conf.orig
+++ b/test/pf/firewall109-2.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall109-2.fw.orig b/test/pf/firewall109-2.fw.orig
index c375ced4e..b20a54fe4 100755
--- a/test/pf/firewall109-2.fw.orig
+++ b/test/pf/firewall109-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:17 2011 PDT by vadim
+#  Generated Thu May 26 14:09:13 2011 PDT by vadim
 #
 # files: * firewall109-2.fw /etc/fw/pf.fw
 # files:   firewall109-2.conf /etc/fw/path\ with\ space/pf.conf
@@ -400,7 +400,7 @@ configure_interfaces() {
     update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:17 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:13 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall109-3.conf.orig b/test/pf/firewall109-3.conf.orig
index f2903793e..3f946e0ba 100644
--- a/test/pf/firewall109-3.conf.orig
+++ b/test/pf/firewall109-3.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall109-3.fw.orig b/test/pf/firewall109-3.fw.orig
index 3867cddfa..e41dd76e9 100755
--- a/test/pf/firewall109-3.fw.orig
+++ b/test/pf/firewall109-3.fw.orig
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:18 2011 PDT by vadim
+#  Generated Thu May 26 14:09:14 2011 PDT by vadim
 #
 # files: * firewall109-3.fw /etc/fw/pf.fw
 # files:   firewall109-3.conf /etc/fw/path\ with\ space/pf.conf
diff --git a/test/pf/firewall109.conf.orig b/test/pf/firewall109.conf.orig
index 3354274f7..3f946e0ba 100644
--- a/test/pf/firewall109.conf.orig
+++ b/test/pf/firewall109.conf.orig
@@ -7,14 +7,10 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.3.14.81 , 192.168.1.1 , 192.168.101.1 , 192.168.102.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall109.fw.orig b/test/pf/firewall109.fw.orig
index a3c2a2bf7..9a9083d45 100755
--- a/test/pf/firewall109.fw.orig
+++ b/test/pf/firewall109.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:16 2011 PDT by vadim
+#  Generated Thu May 26 14:09:11 2011 PDT by vadim
 #
 # files: * firewall109.fw /etc/fw/pf.fw
 # files:   firewall109.conf /etc/fw/path\ with\ space/pf.conf
@@ -401,7 +401,7 @@ configure_interfaces() {
     update_addresses_of_interface "bridge0 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:16 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:11 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall11.conf.orig b/test/pf/firewall11.conf.orig
index e26e2d41f..c0825d4d7 100644
--- a/test/pf/firewall11.conf.orig
+++ b/test/pf/firewall11.conf.orig
@@ -2,8 +2,7 @@
 
 
 
-# Tables: (3)
-table <tbl.r0.d> { ppp0 , 33.33.33.33 , 192.168.1.1 } 
+# Tables: (2)
 table <tbl.r0.s> { 192.168.1.10 , 192.168.1.20 } 
 table <tbl.r2.s> { 192.168.1.0/24 , 192.168.2.0/24 } 
 
@@ -14,12 +13,12 @@ table <tbl.r2.s> { 192.168.1.0/24 , 192.168.2.0/24 }
 # Rule  0 (global)
 # firewall11:Policy:0: warning: Changing rule direction due to self reference
 
-pass in   quick inet proto tcp  from <tbl.r0.s>  to <tbl.r0.d> port 22 flags S/SA keep state 
+pass in   quick inet proto tcp  from <tbl.r0.s>  to self port 22 flags S/SA keep state 
 # 
 # Rule  1 (global)
 # firewall11:Policy:1: warning: Changing rule direction due to self reference
 
-block in   quick inet  from any  to <tbl.r0.d> 
+block in   quick inet  from any  to self 
 # 
 # Rule  2 (global)
 pass  quick inet  from <tbl.r2.s>  to any keep state 
diff --git a/test/pf/firewall11.fw.orig b/test/pf/firewall11.fw.orig
index c727edac6..999946b0c 100755
--- a/test/pf/firewall11.fw.orig
+++ b/test/pf/firewall11.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:18 2011 PDT by vadim
+#  Generated Thu May 26 14:09:14 2011 PDT by vadim
 #
 # files: * firewall11.fw /etc/firewall11.fw
 # files:   firewall11.conf /etc/firewall11.conf
@@ -77,7 +77,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:18 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:14 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall110.fw.orig b/test/pf/firewall110.fw.orig
index f61fa218d..ae4d2169e 100755
--- a/test/pf/firewall110.fw.orig
+++ b/test/pf/firewall110.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:19 2011 PDT by vadim
+#  Generated Thu May 26 14:09:15 2011 PDT by vadim
 #
 # files: * firewall110.fw /etc/fw/firewall110.fw
 # files:   firewall110.conf /etc/fw/firewall110.conf
@@ -76,7 +76,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:15 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall111.fw.orig b/test/pf/firewall111.fw.orig
index 5093b1b99..9a2d6c075 100755
--- a/test/pf/firewall111.fw.orig
+++ b/test/pf/firewall111.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:19 2011 PDT by vadim
+#  Generated Thu May 26 14:09:16 2011 PDT by vadim
 #
 # files: * firewall111.fw /etc/fw/firewall111.fw
 # files:   firewall111.conf /etc/fw/firewall111.conf
@@ -86,7 +86,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:16 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall12.fw.orig b/test/pf/firewall12.fw.orig
index 32d3e354a..d25a3d3ad 100755
--- a/test/pf/firewall12.fw.orig
+++ b/test/pf/firewall12.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:19 2011 PDT by vadim
+#  Generated Thu May 26 14:09:17 2011 PDT by vadim
 #
 # files: * firewall12.fw /etc/fw/firewall12.fw
 # files:   firewall12.conf /etc/fw/firewall12.conf
@@ -165,7 +165,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:19 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:17 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall13.fw.orig b/test/pf/firewall13.fw.orig
index ec49a6be1..6d2a32006 100755
--- a/test/pf/firewall13.fw.orig
+++ b/test/pf/firewall13.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:20 2011 PDT by vadim
+#  Generated Thu May 26 14:09:17 2011 PDT by vadim
 #
 # files: * firewall13.fw /etc/fw/firewall13.fw
 # files:   firewall13.conf /etc/fw/firewall13.conf
@@ -88,7 +88,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:17 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall14-1.conf.orig b/test/pf/firewall14-1.conf.orig
index ec61f0175..bce2ee7bb 100644
--- a/test/pf/firewall14-1.conf.orig
+++ b/test/pf/firewall14-1.conf.orig
@@ -6,14 +6,10 @@
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  64 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall14-1.fw.orig b/test/pf/firewall14-1.fw.orig
index 2b69e2b92..4982af3f2 100755
--- a/test/pf/firewall14-1.fw.orig
+++ b/test/pf/firewall14-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:20 2011 PDT by vadim
+#  Generated Thu May 26 14:09:19 2011 PDT by vadim
 #
 # files: * firewall14-1.fw /etc/firewall14-1.fw
 # files:   firewall14-1.conf /etc/firewall14-1.conf
@@ -248,7 +248,7 @@ configure_interfaces() {
     update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:19 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall14.conf.orig b/test/pf/firewall14.conf.orig
index 328eb5870..e804a629e 100644
--- a/test/pf/firewall14.conf.orig
+++ b/test/pf/firewall14.conf.orig
@@ -6,14 +6,10 @@
 scrub in all fragment reassemble no-df 
 scrub out all random-id min-ttl  64 max-mss  1460
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any no state  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall14.fw.orig b/test/pf/firewall14.fw.orig
index 8a42c7cbc..de1d00c30 100755
--- a/test/pf/firewall14.fw.orig
+++ b/test/pf/firewall14.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:20 2011 PDT by vadim
+#  Generated Thu May 26 14:09:19 2011 PDT by vadim
 #
 # files: * firewall14.fw /etc/firewall14.fw
 # files:   firewall14.conf /etc/firewall14.conf
@@ -248,7 +248,7 @@ configure_interfaces() {
     update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:20 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:19 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall2-1.conf.orig b/test/pf/firewall2-1.conf.orig
index e1d4698a7..a645b0bdf 100644
--- a/test/pf/firewall2-1.conf.orig
+++ b/test/pf/firewall2-1.conf.orig
@@ -22,9 +22,8 @@ scrub in all fragment reassemble no-df
 scrub out all random-id min-ttl  32 max-mss  1460
 
 
-# Tables: (2)
+# Tables: (1)
 table <tbl.r0> { 22.22.22.22 , 192.168.1.1 } 
-table <tbl.r0.d> { 22.22.22.22 , 192.168.1.1 , 192.168.2.1 } 
 
 # NAT compiler errors and warnings:
 # firewall2-1:NAT:1: error: Negation in original service is not supported.
@@ -68,7 +67,7 @@ rdr-anchor "NAT" proto tcp from 192.168.1.0/24 to any port 1080
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to <tbl.r0.d> port 22 keep state  label "RULE -1 - ACCEPT **"  
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 keep state  label "RULE -1 - ACCEPT **"  
 # 
 # Rule  0 (global)
 # 'catch all' rule
diff --git a/test/pf/firewall2-1.fw.orig b/test/pf/firewall2-1.fw.orig
index f3fcac9bc..c90b54c8e 100755
--- a/test/pf/firewall2-1.fw.orig
+++ b/test/pf/firewall2-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:22 2011 PDT by vadim
+#  Generated Thu May 26 14:09:22 2011 PDT by vadim
 #
 # files: * firewall2-1.fw /etc/fw/firewall2-1.fw
 # files:   firewall2-1.conf /etc/fw/firewall2-1.conf
@@ -88,7 +88,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:22 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:22 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall2-6.fw.orig b/test/pf/firewall2-6.fw.orig
index ae46be3df..92a00602e 100755
--- a/test/pf/firewall2-6.fw.orig
+++ b/test/pf/firewall2-6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:23 2011 PDT by vadim
+#  Generated Thu May 26 14:09:24 2011 PDT by vadim
 #
 # files: * firewall2-6.fw /etc/firewall2-6.fw
 # files:   firewall2-6.conf /etc/firewall2-6.conf
@@ -170,7 +170,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:23 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:24 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall2.conf.orig b/test/pf/firewall2.conf.orig
index 440d070d7..fc340ea0a 100644
--- a/test/pf/firewall2.conf.orig
+++ b/test/pf/firewall2.conf.orig
@@ -22,12 +22,11 @@ scrub in all fragment reassemble no-df
 scrub out all random-id min-ttl  32 max-mss  1460
 
 
-# Tables: (5)
+# Tables: (4)
 table <tbl.r1> { 192.168.1.10 , 192.168.1.20 } 
-table <tbl.r12.d> { 22.22.22.22 , 22.22.23.23 , 127.0.0.1 , 192.168.1.1 , 192.168.2.1 } 
 table <tbl.r16> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } 
 table <tbl.r29> { 192.168.1.0/24 , 192.168.2.0/24 } 
-table <tbl.r5.s> { 22.22.22.22 , 22.22.23.23 , 192.168.1.0/24 , 192.168.1.1 , 192.168.2.1 } 
+table <tbl.r5.s> { self  , 192.168.1.0/24 } 
 
 # 
 # Rule  0 (NAT)
@@ -152,14 +151,14 @@ nat on eth1 proto icmp from 192.168.1.0/24 to any -> 22.22.22.22
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 192.168.1.100  to <tbl.r16> port 22 keep state  label "RULE -1 - ACCEPT **"  
+pass in   quick inet proto tcp  from 192.168.1.100  to self port 22 keep state  label "RULE -1 - ACCEPT **"  
 # 
 # Rule  0 (eth0)
 block in   log  quick on eth0 inet  from ! 192.168.1.0/24  to any  label "RULE 0 - DROP **"  
 # 
 # Rule  1 (eth1)
 # Anti-spoofing rule
-block in   log  quick on eth1 inet  from <tbl.r16>  to any  label "Iface:  eth1 RULE 1 -- DROP **"  
+block in   log  quick on eth1 inet  from self  to any  label "Iface:  eth1 RULE 1 -- DROP **"  
 block in   log  quick on eth1 inet  from 192.168.1.0/24  to any  label "Iface:  eth1 RULE 1 -- DROP **"  
 # 
 # Rule  2 (f2i1,3)
@@ -167,17 +166,17 @@ block in   log  quick on eth1 inet  from 192.168.1.0/24  to any  label "Iface:
 # usage in interface
 # all three rules should yield
 # the same config
-block in   log  quick on { eth1 eth3 } inet  from <tbl.r16>  to any  label "Iface:  eth1 eth3 RULE 2 -- DROP **"  
+block in   log  quick on { eth1 eth3 } inet  from self  to any  label "Iface:  eth1 eth3 RULE 2 -- DROP **"  
 block in   log  quick on { eth1 eth3 } inet  from 192.168.1.0/24  to any  label "Iface:  eth1 eth3 RULE 2 -- DROP **"  
 # 
 # Rule  3 (f2i1,eth3)
 # Anti-spoofing rule
-block in   log  quick on { eth1 eth3 } inet  from <tbl.r16>  to any  label "Iface:  eth1 eth3 RULE 3 -- DROP **"  
+block in   log  quick on { eth1 eth3 } inet  from self  to any  label "Iface:  eth1 eth3 RULE 3 -- DROP **"  
 block in   log  quick on { eth1 eth3 } inet  from 192.168.1.0/24  to any  label "Iface:  eth1 eth3 RULE 3 -- DROP **"  
 # 
 # Rule  4 (eth1,eth3)
 # Anti-spoofing rule
-block in   log  quick on { eth1 eth3 } inet  from <tbl.r16>  to any  label "Iface:  eth1 eth3 RULE 4 -- DROP **"  
+block in   log  quick on { eth1 eth3 } inet  from self  to any  label "Iface:  eth1 eth3 RULE 4 -- DROP **"  
 block in   log  quick on { eth1 eth3 } inet  from 192.168.1.0/24  to any  label "Iface:  eth1 eth3 RULE 4 -- DROP **"  
 # 
 # Rule  5 (eth1)
@@ -205,7 +204,7 @@ pass  quick inet  from 192.168.1.0/24  to any keep state  label "RULE 10 - ACCEP
 # Rule  12 (global)
 # firewall2:Policy:12: warning: Changing rule direction due to self reference
 
-pass in   quick inet proto tcp  from any  to <tbl.r12.d> port { 21, 80, 25 } keep state  label "RULE 12 - ACCEPT **"  
+pass in   quick inet proto tcp  from any  to self port { 21, 80, 25 } keep state  label "RULE 12 - ACCEPT **"  
 pass  quick inet proto tcp  from any  to 192.168.1.10 port { 21, 80, 25 } keep state  label "RULE 12 - ACCEPT **"  
 # 
 # Rule  13 (global)
diff --git a/test/pf/firewall2.fw.orig b/test/pf/firewall2.fw.orig
index 2ab85f639..a4d1e04b8 100755
--- a/test/pf/firewall2.fw.orig
+++ b/test/pf/firewall2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:21 2011 PDT by vadim
+#  Generated Thu May 26 14:09:20 2011 PDT by vadim
 #
 # files: * firewall2.fw /etc/fw/firewall2.fw
 # files:   firewall2.conf /etc/fw/firewall2.conf
@@ -73,7 +73,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:21 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:20 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall20.fw.orig b/test/pf/firewall20.fw.orig
index ed0c6185f..ab8657f55 100755
--- a/test/pf/firewall20.fw.orig
+++ b/test/pf/firewall20.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:21 2011 PDT by vadim
+#  Generated Thu May 26 14:09:21 2011 PDT by vadim
 #
 # files: * firewall20.fw /etc/fw/firewall20.fw
 # files:   firewall20.conf /etc/fw/firewall20.conf
@@ -73,7 +73,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:21 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:21 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall21.fw.orig b/test/pf/firewall21.fw.orig
index c82942781..d3ed3a79a 100755
--- a/test/pf/firewall21.fw.orig
+++ b/test/pf/firewall21.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:22 2011 PDT by vadim
+#  Generated Thu May 26 14:09:22 2011 PDT by vadim
 #
 # files: * firewall21.fw /etc/fw/firewall21.fw
 # files:   firewall21.conf /etc/fw/firewall21.conf
@@ -81,7 +81,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:22 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:22 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall22.fw.orig b/test/pf/firewall22.fw.orig
index 68cc216ab..80dfd84cd 100755
--- a/test/pf/firewall22.fw.orig
+++ b/test/pf/firewall22.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:23 2011 PDT by vadim
+#  Generated Thu May 26 14:09:24 2011 PDT by vadim
 #
 # files: * firewall22.fw /etc/fw/firewall22.fw
 # files:   firewall22.conf /etc/fw/firewall22.conf
@@ -80,7 +80,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:23 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:24 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall3.conf.orig b/test/pf/firewall3.conf.orig
index f68efdd8d..d8ed1169d 100644
--- a/test/pf/firewall3.conf.orig
+++ b/test/pf/firewall3.conf.orig
@@ -17,10 +17,6 @@ scrub out all random-id
 #
 # End of prolog script
 #
-
-# Tables: (1)
-table <tbl.r0.d> { 22.22.22.21 , 22.22.22.22 , 192.168.1.1 } 
-
 # 
 # Rule  0 (NAT)
 nat on le0 proto {tcp udp icmp} from 192.168.1.0/24 to any -> 22.22.22.21 
@@ -45,7 +41,7 @@ rdr proto {tcp udp icmp} from any to 22.22.22.21 -> { 192.168.1.10 , 192.168.1.2
 # the firewall are denied and logged
 # firewall3:Policy:0: warning: Changing rule direction due to self reference
 
-block in   log  quick inet  from any  to <tbl.r0.d>  label "RULE 0 -- DROP "  
+block in   log  quick inet  from any  to self  label "RULE 0 -- DROP "  
 # 
 # Rule  1 (global)
 pass  quick inet  from 192.168.1.0/24  to any keep state ( max 1000 ) label "RULE 1 -- ACCEPT "  
diff --git a/test/pf/firewall3.fw.orig b/test/pf/firewall3.fw.orig
index cd0a51957..9c77a57cb 100755
--- a/test/pf/firewall3.fw.orig
+++ b/test/pf/firewall3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:24 2011 PDT by vadim
+#  Generated Thu May 26 14:09:25 2011 PDT by vadim
 #
 # files: * firewall3.fw /etc/firewall3.fw
 # files:   firewall3.conf /etc/firewall3.conf
@@ -165,7 +165,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:25 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall33.conf.orig b/test/pf/firewall33.conf.orig
index 6cbba8bc4..18c214500 100644
--- a/test/pf/firewall33.conf.orig
+++ b/test/pf/firewall33.conf.orig
@@ -6,7 +6,7 @@
 table <tbl.r0> { 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } 
 table <tbl.r10.d> { www.google.com  , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } 
 table <tbl.r2> { www.google.com  , www.cnn.com  } 
-table <tbl.r8.d> { 64.233.183.99 , 64.233.183.103 , 64.233.183.104 , 64.233.183.105 , 64.233.183.106 , 64.233.183.147 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } 
+table <tbl.r8.d> { 74.125.224.112 , 74.125.224.113 , 74.125.224.114 , 74.125.224.115 , 74.125.224.116 , 157.166.224.25 , 157.166.224.26 , 157.166.226.25 , 157.166.226.26 , 157.166.255.18 , 157.166.255.19 } 
 
 # 
 # Rule  0 (NAT)
diff --git a/test/pf/firewall33.fw.orig b/test/pf/firewall33.fw.orig
index 1a308df3a..87ed5bc47 100755
--- a/test/pf/firewall33.fw.orig
+++ b/test/pf/firewall33.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:24 2011 PDT by vadim
+#  Generated Thu May 26 14:09:26 2011 PDT by vadim
 #
 # files: * firewall33.fw /etc/fw/firewall33.fw
 # files:   firewall33.conf /etc/fw/firewall33.conf
@@ -168,7 +168,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:26 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall34.fw.orig b/test/pf/firewall34.fw.orig
index 202952b76..6933ad633 100755
--- a/test/pf/firewall34.fw.orig
+++ b/test/pf/firewall34.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:24 2011 PDT by vadim
+#  Generated Thu May 26 14:09:27 2011 PDT by vadim
 #
 # files: * firewall34.fw /etc/fw/firewall34.fw
 # files:   firewall34.conf /etc/fw/firewall34.conf
@@ -164,7 +164,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:24 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:27 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall38.fw.orig b/test/pf/firewall38.fw.orig
index 74c8ca4c3..c135f2b8f 100755
--- a/test/pf/firewall38.fw.orig
+++ b/test/pf/firewall38.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:25 2011 PDT by vadim
+#  Generated Thu May 26 14:09:27 2011 PDT by vadim
 #
 # files: * firewall38.fw /etc/fw/firewall38.fw
 # files:   firewall38.conf /etc/fw/firewall38.conf
@@ -76,7 +76,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:27 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall39-rule2_branch.conf.orig b/test/pf/firewall39-rule2_branch.conf.orig
index ee5f7ddd4..b5d53ae9a 100644
--- a/test/pf/firewall39-rule2_branch.conf.orig
+++ b/test/pf/firewall39-rule2_branch.conf.orig
@@ -1,14 +1,10 @@
-
-# Tables: (1)
-table <rule2_branch:tbl.r0.d> { 192.168.1.1 , 192.168.2.1 } 
-
 # Policy compiler errors and warnings:
 # firewall39:rule2_branch:0: warning: Changing rule direction due to self reference
 # 
 # Rule  rule2_branch 0 (global)
 # firewall39:rule2_branch:0: warning: Changing rule direction due to self reference
 
-pass in   quick inet  from any  to <rule2_branch:tbl.r0.d> keep state 
+pass in   quick inet  from any  to self keep state 
 # 
 # Rule  rule2_branch 1 (global)
 block  log  quick inet  from any  to any 
diff --git a/test/pf/firewall39.fw.orig b/test/pf/firewall39.fw.orig
index 768dc3e9a..c3ec0fcf2 100755
--- a/test/pf/firewall39.fw.orig
+++ b/test/pf/firewall39.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:25 2011 PDT by vadim
+#  Generated Thu May 26 14:09:28 2011 PDT by vadim
 #
 # files: * firewall39.fw pf.fw
 # files:   firewall39.conf pf.conf
@@ -79,7 +79,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:28 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall4.conf.orig b/test/pf/firewall4.conf.orig
index a041e4170..2b8f0e2cd 100644
--- a/test/pf/firewall4.conf.orig
+++ b/test/pf/firewall4.conf.orig
@@ -5,7 +5,7 @@ set optimization high-latency
 
 # Tables: (3)
 table <tbl.r2> { eth1 , 192.168.1.1 , 192.168.2.1 , 222.222.222.222 } 
-table <tbl.r4.s> { eth1 , 192.168.1.0/24 , 192.168.1.1 , 192.168.2.1 , 222.222.222.222 } 
+table <tbl.r4.s> { self  , 192.168.1.0/24 } 
 table <tbl.r6.s> { 192.168.1.10 , 192.168.1.20 } 
 
 
@@ -59,7 +59,7 @@ block  log  quick on eth1 inet proto icmp  from ! 192.168.2.0/24  to any icmp-ty
 # 
 # Rule  3 (eth1)
 # Anti-spoofing rule
-block in   log  quick on eth1 inet  from <tbl.r2>  to any 
+block in   log  quick on eth1 inet  from self  to any 
 block in   log  quick on eth1 inet  from 192.168.1.0/24  to any 
 # 
 # Rule  4 (eth1)
@@ -73,7 +73,7 @@ pass  log  quick inet proto icmp  from any  to 192.168.1.1 icmp-type 8 code 0  k
 # Rule  6 (global)
 # firewall4:Policy:6: warning: Changing rule direction due to self reference
 
-block in   log  quick inet proto icmp  from ! <tbl.r6.s>  to <tbl.r2> icmp-type 3  
+block in   log  quick inet proto icmp  from ! <tbl.r6.s>  to self icmp-type 3  
 # 
 # Rule  7 (global)
 # testing negation in the policy rule
diff --git a/test/pf/firewall4.fw.orig b/test/pf/firewall4.fw.orig
index feca4c86d..4546e1440 100755
--- a/test/pf/firewall4.fw.orig
+++ b/test/pf/firewall4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:25 2011 PDT by vadim
+#  Generated Thu May 26 14:09:29 2011 PDT by vadim
 #
 # files: * firewall4.fw pf.fw
 # files:   firewall4.conf /etc/fw/pf.conf
@@ -77,7 +77,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:25 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:29 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall40-1.fw.orig b/test/pf/firewall40-1.fw.orig
index 1785a918d..976cd566a 100755
--- a/test/pf/firewall40-1.fw.orig
+++ b/test/pf/firewall40-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:26 2011 PDT by vadim
+#  Generated Thu May 26 14:09:30 2011 PDT by vadim
 #
 # files: * firewall40-1.fw /etc/firewall40-1.fw
 # files:   firewall40-1.conf /etc/firewall40-1.conf
@@ -182,7 +182,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:26 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:30 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall40.conf.orig b/test/pf/firewall40.conf.orig
index ccebffb32..9fa30b55d 100644
--- a/test/pf/firewall40.conf.orig
+++ b/test/pf/firewall40.conf.orig
@@ -1,10 +1,6 @@
 
 
 
-
-# Tables: (1)
-table <tbl.r4.s> { 192.0.2.1 , 192.0.3.1 , 192.168.1.1 } 
-
 # 
 # Rule  0 (NAT)
 # Translate source address
@@ -30,7 +26,7 @@ pass in   quick on fxp0 route-to { ( le1 192.0.2.10 ) } inet proto tcp  from 192
 pass in   quick on fxp0 route-to { ( le2 192.0.3.10 ) } inet proto tcp  from 192.168.1.0/24  to any port 22  label "RULE 3 -- ACCEPT "  
 # 
 # Rule  4 (global)
-pass out  quick inet  from <tbl.r4.s>  to any keep state  label "RULE 4 -- ACCEPT "  
+pass out  quick inet  from self  to any keep state  label "RULE 4 -- ACCEPT "  
 # 
 # Rule  5 (global)
 block  log  quick inet  from any  to any  label "RULE 5 -- DROP "  
diff --git a/test/pf/firewall40.fw.orig b/test/pf/firewall40.fw.orig
index 27ddda20f..1138660b3 100755
--- a/test/pf/firewall40.fw.orig
+++ b/test/pf/firewall40.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:26 2011 PDT by vadim
+#  Generated Thu May 26 14:09:29 2011 PDT by vadim
 #
 # files: * firewall40.fw /etc/firewall40.fw
 # files:   firewall40.conf /etc/firewall40.conf
@@ -166,7 +166,7 @@ configure_interfaces() {
     update_addresses_of_interface "lo0 127.0.0.1/0xff000000" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:26 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:29 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall41.conf.orig b/test/pf/firewall41.conf.orig
index c8bca35c1..5e270cf67 100644
--- a/test/pf/firewall41.conf.orig
+++ b/test/pf/firewall41.conf.orig
@@ -2,10 +2,9 @@
 
 
 
-# Tables: (4)
+# Tables: (3)
 table <block these> persist file "block-hosts.tbl"
 table <spammers> persist
-table <tbl.r0.s> { 1.1.1.1 , 2.2.2.2 } 
 table <tbl.r1.d> { 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 , 192.168.1.201 , 192.168.2.128/25 } 
 
 # Policy compiler errors and warnings:
@@ -14,22 +13,22 @@ table <tbl.r1.d> { 192.168.1.1 , 192.168.1.2 , 192.168.1.3/30 , 192.168.1.200 ,
 # firewall41:Policy:3: error: File not found for Address Table: missing table (file_does_not_exist.tbl) Using dummy address in test mode
 # 
 # Rule  0 (global)
-pass out  log  quick inet  from <tbl.r0.s>  to www.heise.de keep state  label "RULE 0 -- ACCEPT "  
+pass out  log  quick inet  from self  to www.heise.de keep state  label "RULE 0 -- ACCEPT "  
 # 
 # Rule  1 (global)
-pass out  log  quick inet  from <tbl.r0.s>  to <tbl.r1.d> keep state  label "RULE 1 -- ACCEPT "  
+pass out  log  quick inet  from self  to <tbl.r1.d> keep state  label "RULE 1 -- ACCEPT "  
 # 
 # Rule  2 (global)
-pass out  log  quick inet  from <tbl.r0.s>  to <block these> keep state  label "RULE 2 -- ACCEPT "  
-pass out  log  quick inet  from <tbl.r0.s>  to <spammers> keep state  label "RULE 2 -- ACCEPT "  
+pass out  log  quick inet  from self  to <block these> keep state  label "RULE 2 -- ACCEPT "  
+pass out  log  quick inet  from self  to <spammers> keep state  label "RULE 2 -- ACCEPT "  
 # 
 # Rule  3 (global)
 # firewall41:Policy:3: error: File not found for Address Table: missing table (file_does_not_exist.tbl) Using dummy address in test mode
 
-pass out  log  quick inet  from <tbl.r0.s>  to 192.0.2.0/24 keep state  label "RULE 3 -- ACCEPT "  
+pass out  log  quick inet  from self  to 192.0.2.0/24 keep state  label "RULE 3 -- ACCEPT "  
 # 
 # Rule  4 (global)
-pass out  log  quick inet  from <tbl.r0.s>  to 1.1.1.1 keep state  label "RULE 4 -- ACCEPT "  
+pass out  log  quick inet  from self  to 1.1.1.1 keep state  label "RULE 4 -- ACCEPT "  
 # 
 # Rule  fallback rule
 #    fallback rule 
diff --git a/test/pf/firewall41.fw.orig b/test/pf/firewall41.fw.orig
index 7ee3d7efd..0947da088 100755
--- a/test/pf/firewall41.fw.orig
+++ b/test/pf/firewall41.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:27 2011 PDT by vadim
+#  Generated Thu May 26 14:09:31 2011 PDT by vadim
 #
 # files: * firewall41.fw /etc/firewall41.fw
 # files:   firewall41.conf /etc/firewall41.conf
@@ -169,7 +169,7 @@ configure_interfaces() {
     update_addresses_of_interface "eth1 2.2.2.2/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:27 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:31 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall5.fw.orig b/test/pf/firewall5.fw.orig
index 49de690af..5fddbe851 100755
--- a/test/pf/firewall5.fw.orig
+++ b/test/pf/firewall5.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:27 2011 PDT by vadim
+#  Generated Thu May 26 14:09:32 2011 PDT by vadim
 #
 # files: * firewall5.fw /etc/fw/firewall5.fw
 # files:   firewall5.conf /etc/fw/firewall5.conf
@@ -77,7 +77,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:27 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:32 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall51.fw.orig b/test/pf/firewall51.fw.orig
index e983ed0c3..85c2f7e22 100755
--- a/test/pf/firewall51.fw.orig
+++ b/test/pf/firewall51.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:28 2011 PDT by vadim
+#  Generated Thu May 26 14:09:32 2011 PDT by vadim
 #
 # files: * firewall51.fw /etc/fw/firewall51.fw
 # files:   firewall51.conf /etc/fw/firewall51.conf
@@ -80,7 +80,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:28 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:32 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall6.conf.orig b/test/pf/firewall6.conf.orig
index 1ae8eb5d7..f72195672 100644
--- a/test/pf/firewall6.conf.orig
+++ b/test/pf/firewall6.conf.orig
@@ -1,20 +1,16 @@
 
 
 
-
-# Tables: (1)
-table <tbl.r0.d> { 22.22.22.22 , 22.22.23.23 , 192.168.1.1 , 192.168.2.1 } 
-
 # Policy compiler errors and warnings:
 # firewall6:Policy:1: warning: Changing rule direction due to self reference
 # 
 # Rule  0 (eth1)
-block in   log  quick on eth1 inet  from any  to ! <tbl.r0.d> 
+block in   log  quick on eth1 inet  from any  to ! self 
 # 
 # Rule  1 (global)
 # firewall6:Policy:1: warning: Changing rule direction due to self reference
 
-block in   quick inet  from any  to ! <tbl.r0.d> 
+block in   quick inet  from any  to ! self 
 # 
 # Rule  fallback rule
 #    fallback rule 
diff --git a/test/pf/firewall6.fw.orig b/test/pf/firewall6.fw.orig
index 7a8250122..5c837f1e0 100755
--- a/test/pf/firewall6.fw.orig
+++ b/test/pf/firewall6.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:28 2011 PDT by vadim
+#  Generated Thu May 26 14:09:33 2011 PDT by vadim
 #
 # files: * firewall6.fw /etc/fw/firewall6.fw
 # files:   firewall6.conf /etc/fw/firewall6.conf
@@ -73,7 +73,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:28 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:33 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall62.conf.orig b/test/pf/firewall62.conf.orig
index 8dfe7b541..32232ad3b 100644
--- a/test/pf/firewall62.conf.orig
+++ b/test/pf/firewall62.conf.orig
@@ -1,10 +1,6 @@
 
 
 
-
-# Tables: (1)
-table <tbl.r1.s> { 192.168.1.1 , 222.222.222.222 } 
-
 # Policy compiler errors and warnings:
 # firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)'  below it
 # firewall62:Policy:1: error: Rule '1 (global)' shadows rule '2 (global)'  below it
@@ -44,29 +40,29 @@ pass in   quick on en0 inet  from any  to any user proxy   label "RULE 0 -- ACCE
 # firewall62:Policy:1: error: Rule '1 (global)' shadows rule '6 (global)'  below it
 # firewall62:Policy:1: warning: Changing rule direction due to self reference
 
-pass out  quick inet  from <tbl.r1.s>  to any user { 2000, 500 }  label "RULE 1 -- ACCEPT "  
+pass out  quick inet  from self  to any user { 2000, 500 }  label "RULE 1 -- ACCEPT "  
 # 
 # Rule  2 (global)
 # firewall62:Policy:2: warning: Changing rule direction due to self reference
 
-pass out  quick inet  from <tbl.r1.s>  to any user 2000   label "RULE 2 -- ACCEPT "  
+pass out  quick inet  from self  to any user 2000   label "RULE 2 -- ACCEPT "  
 # 
 # Rule  3 (global)
 # firewall62:Policy:3: error: Rule '3 (global)' shadows rule '4 (global)'  below it
 # firewall62:Policy:3: error: Rule '3 (global)' shadows rule '5 (global)'  below it
 
-pass out  quick inet proto tcp  from <tbl.r1.s>  to any port 80 flags any  label "RULE 3 -- ACCEPT "  
-pass out  quick inet  from <tbl.r1.s>  to any user 2000   label "RULE 3 -- ACCEPT "  
+pass out  quick inet proto tcp  from self  to any port 80 flags any  label "RULE 3 -- ACCEPT "  
+pass out  quick inet  from self  to any user 2000   label "RULE 3 -- ACCEPT "  
 # 
 # Rule  4 (global)
 # firewall62:Policy:4: warning: Changing rule direction due to self reference
 
-pass out  quick inet proto tcp  from <tbl.r1.s>  to any port 80 flags any  label "RULE 4 -- ACCEPT "  
-pass out  quick inet  from <tbl.r1.s>  to any user 2000   label "RULE 4 -- ACCEPT "  
+pass out  quick inet proto tcp  from self  to any port 80 flags any  label "RULE 4 -- ACCEPT "  
+pass out  quick inet  from self  to any user 2000   label "RULE 4 -- ACCEPT "  
 # 
 # Rule  5 (global)
-pass out  quick inet proto tcp  from <tbl.r1.s>  to any port 80 flags any  label "RULE 5 -- ACCEPT "  
-pass out  quick inet  from <tbl.r1.s>  to any user 2000   label "RULE 5 -- ACCEPT "  
+pass out  quick inet proto tcp  from self  to any port 80 flags any  label "RULE 5 -- ACCEPT "  
+pass out  quick inet  from self  to any user 2000   label "RULE 5 -- ACCEPT "  
 # 
 # Rule  6 (global)
 pass  quick inet  from 192.168.1.1  to any user 2000   label "RULE 6 -- ACCEPT "  
@@ -79,15 +75,15 @@ pass  quick inet  from 192.168.1.0/24  to any user 2000   label "RULE 7 -- ACCEP
 # firewall62:Policy:8: error: Rule '8 (global)' shadows rule '9 (global)'  below it
 # firewall62:Policy:8: warning: Changing rule direction due to self reference
 
-pass in   quick inet  from any  to <tbl.r1.s> user 2000   label "RULE 8 -- ACCEPT "  
+pass in   quick inet  from any  to self user 2000   label "RULE 8 -- ACCEPT "  
 # 
 # Rule  9 (global)
 # firewall62:Policy:9: warning: Changing rule direction due to self reference
 
-pass in   quick inet  from any  to <tbl.r1.s> user { 2000, 500 }  label "RULE 9 -- ACCEPT "  
+pass in   quick inet  from any  to self user { 2000, 500 }  label "RULE 9 -- ACCEPT "  
 # 
 # Rule  10 (global)
-pass in   quick inet  from any  to <tbl.r1.s> user 2000   label "RULE 10 -- ACCEPT "  
+pass in   quick inet  from any  to self user 2000   label "RULE 10 -- ACCEPT "  
 # 
 # Rule  11 (global)
 pass  quick inet  from ! 192.168.1.0/24  to any user 2000   label "RULE 11 -- ACCEPT "  
@@ -95,7 +91,7 @@ pass  quick inet  from ! 192.168.1.0/24  to any user 2000   label "RULE 11 -- AC
 # Rule  12 (global)
 # firewall62:Policy:12: warning: Changing rule direction due to self reference
 
-pass in   quick inet  from any  to ! <tbl.r1.s> user 2000   label "RULE 12 -- ACCEPT "  
+pass in   quick inet  from any  to ! self user 2000   label "RULE 12 -- ACCEPT "  
 # 
 # Rule  13 (global)
 block  quick inet  from any  to any no state  label "RULE 13 -- DROP "  
diff --git a/test/pf/firewall62.fw.orig b/test/pf/firewall62.fw.orig
index eb53f5a23..6c3e09c32 100755
--- a/test/pf/firewall62.fw.orig
+++ b/test/pf/firewall62.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:29 2011 PDT by vadim
+#  Generated Thu May 26 14:09:34 2011 PDT by vadim
 #
 # files: * firewall62.fw /etc/firewall62.fw
 # files:   firewall62.conf /etc/firewall62.conf
@@ -191,7 +191,7 @@ configure_interfaces() {
     update_addresses_of_interface "en1 222.222.222.222/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:34 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall63.fw.orig b/test/pf/firewall63.fw.orig
index b04ecf09f..c47f13e47 100755
--- a/test/pf/firewall63.fw.orig
+++ b/test/pf/firewall63.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:29 2011 PDT by vadim
+#  Generated Thu May 26 14:09:34 2011 PDT by vadim
 #
 # files: * firewall63.fw /etc/fw/firewall63.fw
 # files:   firewall63.conf /etc/fw/firewall63.conf
@@ -77,7 +77,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:34 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall7.fw.orig b/test/pf/firewall7.fw.orig
index a1d6f26a6..b00cc82c5 100755
--- a/test/pf/firewall7.fw.orig
+++ b/test/pf/firewall7.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:29 2011 PDT by vadim
+#  Generated Thu May 26 14:09:35 2011 PDT by vadim
 #
 # files: * firewall7.fw /etc/fw/firewall7.fw
 # files:   firewall7.conf /etc/fw/firewall7.conf
@@ -73,7 +73,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:29 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:35 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall70.conf.orig b/test/pf/firewall70.conf.orig
index 4aa5a8c66..32b97eb51 100644
--- a/test/pf/firewall70.conf.orig
+++ b/test/pf/firewall70.conf.orig
@@ -1,10 +1,6 @@
 
 
 
-
-# Tables: (1)
-table <tbl.r0.d> { 22.22.22.22 , 192.0.2.1 , 192.168.1.1 } 
-
 # Policy compiler errors and warnings:
 # firewall70:Policy:0: warning: Changing rule direction due to self reference
 # firewall70:Policy:1: warning: Changing rule direction due to self reference
@@ -16,32 +12,32 @@ table <tbl.r0.d> { 22.22.22.22 , 192.0.2.1 , 192.168.1.1 }
 # Rule  0 (global)
 # firewall70:Policy:0: warning: Changing rule direction due to self reference
 
-pass in   quick inet proto tcp  from any  to <tbl.r0.d> port 22 flags S/SA keep state 
+pass in   quick inet proto tcp  from any  to self port 22 flags S/SA keep state 
 # 
 # Rule  1 (en0)
 # firewall70:Policy:1: warning: Changing rule direction due to self reference
 
-pass in   quick on en0 inet proto tcp  from any  to <tbl.r0.d> port 22 flags S/SA keep state 
+pass in   quick on en0 inet proto tcp  from any  to self port 22 flags S/SA keep state 
 # 
 # Rule  2 (en0,en1)
 # firewall70:Policy:2: warning: Changing rule direction due to self reference
 
-pass in   quick on { en0 en1 } inet proto tcp  from any  to <tbl.r0.d> port 22 flags S/SA keep state 
+pass in   quick on { en0 en1 } inet proto tcp  from any  to self port 22 flags S/SA keep state 
 # 
 # Rule  3 (en2,en0,en1,en3)
 # firewall70:Policy:3: warning: Changing rule direction due to self reference
 
-pass in   quick on { en0 en1 en2 en3 } inet proto tcp  from any  to <tbl.r0.d> port 22 flags S/SA keep state 
+pass in   quick on { en0 en1 en2 en3 } inet proto tcp  from any  to self port 22 flags S/SA keep state 
 # 
 # Rule  4 (en0)
 # firewall70:Policy:4: warning: Changing rule direction due to self reference
 
-pass in   quick on { en1 en2 } inet proto tcp  from any  to <tbl.r0.d> port 22 flags S/SA keep state 
+pass in   quick on { en1 en2 } inet proto tcp  from any  to self port 22 flags S/SA keep state 
 # 
 # Rule  5 (en0,en1)
 # firewall70:Policy:5: warning: Changing rule direction due to self reference
 
-pass in   quick on en2 inet proto tcp  from any  to <tbl.r0.d> port 22 flags S/SA keep state 
+pass in   quick on en2 inet proto tcp  from any  to self port 22 flags S/SA keep state 
 # 
 # Rule  fallback rule
 #    fallback rule 
diff --git a/test/pf/firewall70.fw.orig b/test/pf/firewall70.fw.orig
index e687ceb99..0bbede766 100755
--- a/test/pf/firewall70.fw.orig
+++ b/test/pf/firewall70.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:30 2011 PDT by vadim
+#  Generated Thu May 26 14:09:36 2011 PDT by vadim
 #
 # files: * firewall70.fw /etc/fw/firewall70.fw
 # files:   firewall70.conf /etc/fw/firewall70.conf
@@ -82,7 +82,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:36 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall8.fw.orig b/test/pf/firewall8.fw.orig
index 2aaa77d25..a2b8b7178 100755
--- a/test/pf/firewall8.fw.orig
+++ b/test/pf/firewall8.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:30 2011 PDT by vadim
+#  Generated Thu May 26 14:09:37 2011 PDT by vadim
 #
 # files: * firewall8.fw /etc/firewall8.fw
 # files:   firewall8.conf /etc/firewall8.conf
@@ -72,7 +72,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:37 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall80-4.5.fw.orig b/test/pf/firewall80-4.5.fw.orig
index 1b5848843..0510c0afc 100755
--- a/test/pf/firewall80-4.5.fw.orig
+++ b/test/pf/firewall80-4.5.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:31 2011 PDT by vadim
+#  Generated Thu May 26 14:09:38 2011 PDT by vadim
 #
 # files: * firewall80-4.5.fw /etc/firewall80-4.5.fw
 # files:   firewall80-4.5.conf /etc/firewall80-4.5.conf
@@ -73,7 +73,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:31 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:38 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall80.fw.orig b/test/pf/firewall80.fw.orig
index 6cce2185a..0758f8bf1 100755
--- a/test/pf/firewall80.fw.orig
+++ b/test/pf/firewall80.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:30 2011 PDT by vadim
+#  Generated Thu May 26 14:09:37 2011 PDT by vadim
 #
 # files: * firewall80.fw /etc/firewall80.fw
 # files:   firewall80.conf /etc/firewall80.conf
@@ -73,7 +73,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:30 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:37 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall9.fw.orig b/test/pf/firewall9.fw.orig
index 7fb36c24c..ba284ec86 100755
--- a/test/pf/firewall9.fw.orig
+++ b/test/pf/firewall9.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:31 2011 PDT by vadim
+#  Generated Thu May 26 14:09:39 2011 PDT by vadim
 #
 # files: * firewall9.fw /etc/fw/firewall9.fw
 # files:   firewall9.conf /etc/fw/firewall9.conf
@@ -76,7 +76,7 @@ configure_interfaces() {
     
 }
 
-log "Activating firewall script generated Tue May 10 14:53:31 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:39 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall91.conf.orig b/test/pf/firewall91.conf.orig
index 562f6ee2f..fed8a2d2c 100644
--- a/test/pf/firewall91.conf.orig
+++ b/test/pf/firewall91.conf.orig
@@ -1,14 +1,10 @@
 
 
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.50 , 10.3.14.50 , 10.100.101.1 , 10.100.103.1 } 
-
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22 flags S/SA keep state  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22 flags S/SA keep state  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 block  log  quick inet  from any  to any  label "RULE 0 -- DROP "  
diff --git a/test/pf/firewall91.fw.orig b/test/pf/firewall91.fw.orig
index 5441f88fd..27eaa899b 100755
--- a/test/pf/firewall91.fw.orig
+++ b/test/pf/firewall91.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:32 2011 PDT by vadim
+#  Generated Thu May 26 14:09:39 2011 PDT by vadim
 #
 # files: * firewall91.fw /etc/fw/pf.fw
 # files:   firewall91.conf /etc/fw/pf.conf
@@ -247,7 +247,7 @@ configure_interfaces() {
     update_addresses_of_interface "vlan103 10.100.103.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:32 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:39 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/firewall92.conf.orig b/test/pf/firewall92.conf.orig
index a0b55c9fd..2d0ec3d3f 100644
--- a/test/pf/firewall92.conf.orig
+++ b/test/pf/firewall92.conf.orig
@@ -7,10 +7,6 @@ set timeout udp.single 5
 match all scrub (reassemble tcp no-df )
 match out all scrub (random-id min-ttl  1 max-mss  1460)
 
-
-# Tables: (1)
-table <tbl.r0.d> { 10.1.1.81 , 10.3.14.81 } 
-
 # NAT compiler errors and warnings:
 # firewall92:NAT:2: error: No translation rules are not supported for PF 4.7, use negation to implement exclusions
 # 
@@ -28,12 +24,12 @@ match in on em0 proto udp from any to 10.3.14.81 port 161 rdr-to 10.1.1.1 port 1
 # 
 # Rule  backup ssh access rule
 #    backup ssh access rule 
-pass in   quick inet proto tcp  from 10.3.14.30  to <tbl.r0.d> port 22  label "RULE -1 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.30  to self port 22  label "RULE -1 -- ACCEPT "  
 # 
 # Rule  0 (global)
 # firewall92:Policy:0: warning: Changing rule direction due to self reference
 
-pass in   quick inet proto tcp  from 10.3.14.0/24  to <tbl.r0.d> port 22  label "RULE 0 -- ACCEPT "  
+pass in   quick inet proto tcp  from 10.3.14.0/24  to self port 22  label "RULE 0 -- ACCEPT "  
 # 
 # Rule  1 (global)
 pass  quick inet  from 10.1.1.0/24  to any  label "RULE 1 -- ACCEPT "  
diff --git a/test/pf/firewall92.fw.orig b/test/pf/firewall92.fw.orig
index 57a101cc2..b01bf49d0 100755
--- a/test/pf/firewall92.fw.orig
+++ b/test/pf/firewall92.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:32 2011 PDT by vadim
+#  Generated Thu May 26 14:09:40 2011 PDT by vadim
 #
 # files: * firewall92.fw /etc/fw/pf.fw
 # files:   firewall92.conf /etc/fw/path\ with\ space/pf.conf
@@ -166,7 +166,7 @@ configure_interfaces() {
     update_addresses_of_interface "em1 10.1.1.81/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:32 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:40 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/objects-for-regression-tests.fwb b/test/pf/objects-for-regression-tests.fwb
index d9e345411..1927d4745 100644
--- a/test/pf/objects-for-regression-tests.fwb
+++ b/test/pf/objects-for-regression-tests.fwb
@@ -2281,7 +2281,7 @@
       </ServiceGroup>
     </ServiceGroup>
     <ObjectGroup id="stdid12_1" name="Firewalls" comment="" ro="False">
-      <Firewall id="fw-firewall2" host_OS="openbsd" inactive="False" lastCompiled="1249943117" lastInstalled="0" lastModified="1263586319" platform="pf" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
+      <Firewall id="fw-firewall2" host_OS="openbsd" inactive="False" lastCompiled="1249943117" lastInstalled="0" lastModified="1306442913" platform="pf" version="" name="firewall" comment="this is simple firewall with two interfaces. Test regular policy rules, including IP_fragments rule" ro="False">
         <NAT id="nat-firewall2" name="NAT" comment="" ro="False" ipv4_rule_set="False" ipv6_rule_set="False" top_rule_set="True">
           <NATRule id="nat-firewall2-0" disabled="False" group="" position="0" action="Translate" comment="">
             <OSrc neg="False">
@@ -3002,7 +3002,9 @@
           <Option name="clamp_mss_to_mtu">False</Option>
           <Option name="cmdline">-xt</Option>
           <Option name="compiler"></Option>
+          <Option name="conf1_file"></Option>
           <Option name="conf_file_name_on_firewall">/etc/pf.conf</Option>
+          <Option name="configure_bridge_interfaces">False</Option>
           <Option name="configure_carp_interfaces">False</Option>
           <Option name="configure_interfaces">True</Option>
           <Option name="configure_pfsync_interfaces">False</Option>
@@ -3014,6 +3016,8 @@
           <Option name="firewall_dir">/etc/firewall</Option>
           <Option name="firewall_is_part_of_any">True</Option>
           <Option name="firewall_is_part_of_any_and_networks">True</Option>
+          <Option name="generate_rc_conf_file">False</Option>
+          <Option name="generate_shell_script">True</Option>
           <Option name="ignore_empty_groups">False</Option>
           <Option name="in_out_code">True</Option>
           <Option name="inst_cmdline"></Option>
@@ -3050,6 +3054,7 @@
           <Option name="pass_all_out">False</Option>
           <Option name="pf_adaptive_end">12000</Option>
           <Option name="pf_adaptive_start">6000</Option>
+          <Option name="pf_block_policy"></Option>
           <Option name="pf_do_limit_frags">True</Option>
           <Option name="pf_do_limit_src_nodes">True</Option>
           <Option name="pf_do_limit_states">True</Option>
@@ -3078,9 +3083,11 @@
           <Option name="pf_scrub_no_df">False</Option>
           <Option name="pf_scrub_random_id">False</Option>
           <Option name="pf_scrub_reassemble">True</Option>
+          <Option name="pf_scrub_reassemble_tcp">False</Option>
           <Option name="pf_scrub_use_maxmss">False</Option>
           <Option name="pf_scrub_use_minttl">False</Option>
           <Option name="pf_set_adaptive">True</Option>
+          <Option name="pf_set_debug"></Option>
           <Option name="pf_set_icmp_error">True</Option>
           <Option name="pf_set_icmp_first">True</Option>
           <Option name="pf_set_other_first">True</Option>
@@ -3095,6 +3102,7 @@
           <Option name="pf_set_udp_first">True</Option>
           <Option name="pf_set_udp_multiple">True</Option>
           <Option name="pf_set_udp_single">True</Option>
+          <Option name="pf_state_policy"></Option>
           <Option name="pf_tcp_closed">30</Option>
           <Option name="pf_tcp_closing">60</Option>
           <Option name="pf_tcp_established">86400</Option>
diff --git a/test/pf/pf_cluster_1_openbsd-1.fw.orig b/test/pf/pf_cluster_1_openbsd-1.fw.orig
index f49c2cad4..336398654 100755
--- a/test/pf/pf_cluster_1_openbsd-1.fw.orig
+++ b/test/pf/pf_cluster_1_openbsd-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * pf_cluster_1_openbsd-1.fw /etc/pf_cluster_1_openbsd-1.fw
 # files:   pf_cluster_1_openbsd-1.conf /etc/pf_cluster_1_openbsd-1.conf
@@ -299,7 +299,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/pf_cluster_1_openbsd-2.fw.orig b/test/pf/pf_cluster_1_openbsd-2.fw.orig
index 8b19d5f75..071bfdf81 100755
--- a/test/pf/pf_cluster_1_openbsd-2.fw.orig
+++ b/test/pf/pf_cluster_1_openbsd-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * pf_cluster_1_openbsd-2.fw /etc/pf_cluster_1_openbsd-2.fw
 # files:   pf_cluster_1_openbsd-2.conf /etc/pf_cluster_1_openbsd-2.conf
@@ -195,7 +195,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/pf_cluster_2_freebsd-1.fw.orig b/test/pf/pf_cluster_2_freebsd-1.fw.orig
index f70ee4353..4903aa80f 100755
--- a/test/pf/pf_cluster_2_freebsd-1.fw.orig
+++ b/test/pf/pf_cluster_2_freebsd-1.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * pf_cluster_2_freebsd-1.fw /etc/pf_cluster_2_freebsd-1.fw
 # files:   pf_cluster_2_freebsd-1.conf /etc/pf_cluster_2_freebsd-1.conf
@@ -301,7 +301,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/pf_cluster_2_freebsd-2.fw.orig b/test/pf/pf_cluster_2_freebsd-2.fw.orig
index 81dc6b79e..3ccb32835 100755
--- a/test/pf/pf_cluster_2_freebsd-2.fw.orig
+++ b/test/pf/pf_cluster_2_freebsd-2.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * pf_cluster_2_freebsd-2.fw /etc/pf_cluster_2_freebsd-2.fw
 # files:   pf_cluster_2_freebsd-2.conf /etc/pf_cluster_2_freebsd-2.conf
@@ -197,7 +197,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp1 192.168.1.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/pf_cluster_3_openbsd-3.fw.orig b/test/pf/pf_cluster_3_openbsd-3.fw.orig
index a8a69f540..8ead3ec42 100755
--- a/test/pf/pf_cluster_3_openbsd-3.fw.orig
+++ b/test/pf/pf_cluster_3_openbsd-3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * pf_cluster_3_openbsd-3.fw /etc/pf_cluster_3_openbsd-3.fw
 # files:   pf_cluster_3_openbsd-3.conf /etc/pf_cluster_3_openbsd-3.conf
@@ -302,7 +302,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/pf_cluster_3_openbsd-4.fw.orig b/test/pf/pf_cluster_3_openbsd-4.fw.orig
index ad11f03a7..3591777ce 100755
--- a/test/pf/pf_cluster_3_openbsd-4.fw.orig
+++ b/test/pf/pf_cluster_3_openbsd-4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * pf_cluster_3_openbsd-4.fw /etc/pf_cluster_3_openbsd-4.fw
 # files:   pf_cluster_3_openbsd-4.conf /etc/pf_cluster_3_openbsd-4.conf
@@ -199,7 +199,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:43 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/pf_cluster_4_rc.conf.local b/test/pf/pf_cluster_4_rc.conf.local
index 7885d0da5..a4b89c3e3 100755
--- a/test/pf/pf_cluster_4_rc.conf.local
+++ b/test/pf/pf_cluster_4_rc.conf.local
@@ -1,9 +1,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.3542
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Sat May 14 15:46:00 2011 PDT by vadim
+#  Generated Thu May 26 14:09:43 2011 PDT by vadim
 #
 # files: * pf_cluster_4_rc.conf.local /etc/pf_cluster_4_rc.conf.local
 # files:   pf_cluster_4_pf.conf /etc/pf_cluster_4_pf.conf
diff --git a/test/pf/pf_cluster_5_openbsd-3.fw.orig b/test/pf/pf_cluster_5_openbsd-3.fw.orig
index 1d776dd97..a2f147fa9 100755
--- a/test/pf/pf_cluster_5_openbsd-3.fw.orig
+++ b/test/pf/pf_cluster_5_openbsd-3.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:44 2011 PDT by vadim
 #
 # files: * pf_cluster_5_openbsd-3.fw /etc/pf_cluster_5_openbsd-3.fw
 # files:   pf_cluster_5_openbsd-3.conf /etc/pf_cluster_5_openbsd-3.conf
@@ -302,7 +302,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:44 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces
diff --git a/test/pf/pf_cluster_5_openbsd-4.fw.orig b/test/pf/pf_cluster_5_openbsd-4.fw.orig
index 36986132f..c102083bd 100755
--- a/test/pf/pf_cluster_5_openbsd-4.fw.orig
+++ b/test/pf/pf_cluster_5_openbsd-4.fw.orig
@@ -2,9 +2,9 @@
 #
 #  This is automatically generated file. DO NOT MODIFY !
 #
-#  Firewall Builder  fwb_pf v4.3.0.1
+#  Firewall Builder  fwb_pf v4.3.0.3546
 #
-#  Generated Tue May 10 14:53:34 2011 PDT by vadim
+#  Generated Thu May 26 14:09:44 2011 PDT by vadim
 #
 # files: * pf_cluster_5_openbsd-4.fw /etc/pf_cluster_5_openbsd-4.fw
 # files:   pf_cluster_5_openbsd-4.conf /etc/pf_cluster_5_openbsd-4.conf
@@ -199,7 +199,7 @@ configure_interfaces() {
     update_addresses_of_interface "carp2 172.20.0.1/0xffffff00" ""
 }
 
-log "Activating firewall script generated Tue May 10 14:53:34 2011 by vadim"
+log "Activating firewall script generated Thu May 26 14:09:44 2011 by vadim"
 
 set_kernel_vars
 configure_interfaces