diff --git a/Samples/one-interface/rules b/Samples/one-interface/rules
index 980e84133..663a42ab3 100644
--- a/Samples/one-interface/rules
+++ b/Samples/one-interface/rules
@@ -19,7 +19,7 @@
 
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 # Permit all ICMP traffic FROM the firewall TO the net zone
 
diff --git a/Samples/three-interfaces/rules b/Samples/three-interfaces/rules
index d489471f1..e127cbc53 100644
--- a/Samples/three-interfaces/rules
+++ b/Samples/three-interfaces/rules
@@ -19,33 +19,33 @@
 #
 #	Accept DNS connections from the firewall to the Internet
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #
 #	Accept SSH connections from the local network to the firewall and DMZ
 #
-SSH/ACCEPT      loc             $FW
-SSH/ACCEPT      loc             dmz
+SSH(ACCEPT)     loc             $FW
+SSH(ACCEPT)     loc             dmz
 #
 #	DMZ DNS access to the Internet
 #
-DNS/ACCEPT	dmz		net
+DNS(ACCEPT)	dmz		net
 
 
 # Drop Ping from the "bad" net zone.
 
-Ping/DROP   	net             $FW
+Ping(DROP)   	net             $FW
 
 #
 #       Make ping work bi-directionally between the dmz, net, Firewall and local zone
 #       (assumes that the loc-> net policy is ACCEPT).
 #
 
-Ping/ACCEPT     loc             $FW
-Ping/ACCEPT     dmz             $FW
-Ping/ACCEPT     loc             dmz
-Ping/ACCEPT     dmz             loc
-Ping/ACCEPT     dmz             net
+Ping(ACCEPT)    loc             $FW
+Ping(ACCEPT)    dmz             $FW
+Ping(ACCEPT)    loc             dmz
+Ping(ACCEPT)    dmz             loc
+Ping(ACCEPT)    dmz             net
 
 ACCEPT		$FW		net		icmp
 ACCEPT		$FW		loc		icmp
@@ -54,5 +54,5 @@ ACCEPT		$FW		dmz		icmp
 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
 # the net zone to the dmz and loc
 
-#Ping/ACCEPT    net             dmz
-#Ping/ACCEPT    net             loc
+#Ping(ACCEPT)    net             dmz
+#Ping(ACCEPT)    net             loc
diff --git a/Samples/two-interfaces/rules b/Samples/two-interfaces/rules
index 23c0746c7..d45d31476 100644
--- a/Samples/two-interfaces/rules
+++ b/Samples/two-interfaces/rules
@@ -19,21 +19,21 @@
 #
 #	Accept DNS connections from the firewall to the network
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #	Accept SSH connections from the local network for administration
 #
-SSH/ACCEPT	loc		$FW
+SSH(ACCEPT)	loc		$FW
 #
 #	Allow Ping from the local network
 #
-Ping/ACCEPT	loc		$FW
+Ping(ACCEPT)	loc		$FW
 
 #
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 #
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 ACCEPT		$FW		loc		icmp
 ACCEPT		$FW		net		icmp
diff --git a/Samples6/one-interface/rules b/Samples6/one-interface/rules
index 006bf4ddf..408bb4aa2 100644
--- a/Samples6/one-interface/rules
+++ b/Samples6/one-interface/rules
@@ -16,7 +16,7 @@
 
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 # Permit all ICMP traffic FROM the firewall TO the net zone
 
diff --git a/Samples6/three-interfaces/rules b/Samples6/three-interfaces/rules
index 9f2368cab..77cc9ed09 100644
--- a/Samples6/three-interfaces/rules
+++ b/Samples6/three-interfaces/rules
@@ -16,33 +16,33 @@
 #
 #	Accept DNS connections from the firewall to the Internet
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #
 #	Accept SSH connections from the local network to the firewall and DMZ
 #
-SSH/ACCEPT      loc             $FW
-SSH/ACCEPT      loc             dmz
+SSH(ACCEPT)     loc             $FW
+SSH(ACCEPT)     loc             dmz
 #
 #	DMZ DNS access to the Internet
 #
-DNS/ACCEPT	dmz		net
+DNS(ACCEPT)	dmz		net
 
 
 # Drop Ping from the "bad" net zone.
 
-Ping/DROP   	net             $FW
+Ping(DROP)   	net             $FW
 
 #
 #       Make ping work bi-directionally between the dmz, net, Firewall and local zone
 #       (assumes that the loc-> net policy is ACCEPT).
 #
 
-Ping/ACCEPT     loc             $FW
-Ping/ACCEPT     dmz             $FW
-Ping/ACCEPT     loc             dmz
-Ping/ACCEPT     dmz             loc
-Ping/ACCEPT     dmz             net
+Ping(ACCEPT)    loc             $FW
+Ping(ACCEPT)    dmz             $FW
+Ping(ACCEPT)    loc             dmz
+Ping(ACCEPT)    dmz             loc
+Ping(ACCEPT)    dmz             net
 
 ACCEPT		$FW		net		ipv6-icmp
 ACCEPT		$FW		loc		ipv6-icmp
@@ -51,6 +51,6 @@ ACCEPT		$FW		dmz		ipv6-icmp
 # Uncomment this if using Proxy ARP and static NAT and you want to allow ping from
 # the net zone to the dmz and loc
 
-#Ping/ACCEPT    net             dmz
-#Ping/ACCEPT    net             loc
+#Ping(ACCEPT)    net             dmz
+#Ping(ACCEPT)    net             loc
 
diff --git a/Samples6/two-interfaces/rules b/Samples6/two-interfaces/rules
index 392e82381..75065698e 100644
--- a/Samples6/two-interfaces/rules
+++ b/Samples6/two-interfaces/rules
@@ -16,21 +16,21 @@
 #
 #	Accept DNS connections from the firewall to the network
 #
-DNS/ACCEPT	$FW		net
+DNS(ACCEPT)	$FW		net
 #
 #	Accept SSH connections from the local network for administration
 #
-SSH/ACCEPT	loc		$FW
+SSH(ACCEPT)	loc		$FW
 #
 #	Allow Ping from the local network
 #
-Ping/ACCEPT	loc		$FW
+Ping(ACCEPT)	loc		$FW
 
 #
 # Drop Ping from the "bad" net zone.. and prevent your log from being flooded..
 #
 
-Ping/DROP	net		$FW
+Ping(DROP)	net		$FW
 
 ACCEPT		$FW		loc		ipv6-icmp
 ACCEPT		$FW		net		ipv6-icmp