diff --git a/org_fedora_oscap/rule_handling.py b/org_fedora_oscap/rule_handling.py

index f712ac4..738465f 100644

--- a/org_fedora_oscap/rule_handling.py

+++ b/org_fedora_oscap/rule_handling.py

@@ -26,7 +26,13 @@

 import optparse

 import shlex

 import logging

+

 from pyanaconda.pwpolicy import F22_PwPolicyData

+from pyanaconda.core.constants import (

+    FIREWALL_ENABLED, FIREWALL_DISABLED, FIREWALL_USE_SYSTEM_DEFAULTS)

+from pyanaconda.modules.common.constants.objects import FIREWALL, BOOTLOADER

+from pyanaconda.modules.common.constants.services import NETWORK, STORAGE, USERS

+

 from org_fedora_oscap import common

 from org_fedora_oscap.common import OSCAPaddonError, RuleMessage

@@ -496,7 +502,10 @@ def eval_rules(self, ksdata, storage, report_only=False):

             return []

         ret = []

-        if not ksdata.rootpw.password:

+

+        users_proxy = USERS.get_proxy()

+

+        if not users_proxy.IsRootPasswordSet:

             # root password was not set

             msg = _("make sure to create password with minimal length of %d "

@@ -505,12 +514,12 @@ def eval_rules(self, ksdata, storage, report_only=False):

                                common.MESSAGE_TYPE_WARNING, msg)]

         else:

             # root password set

-            if ksdata.rootpw.isCrypted:

+            if users_proxy.IsRootPasswordCrypted:

                 msg = _("cannot check root password length (password is crypted)")

                 log.warning("cannot check root password length (password is crypted)")

                 return [RuleMessage(self.__class__,

                                     common.MESSAGE_TYPE_WARNING, msg)]

-            elif len(ksdata.rootpw.password) < self._minlen:

+            elif len(users_proxy.RootPassword) < self._minlen:

                 # too short

                 msg = _("root password is too short, a longer one with at "

                         "least %d characters is required") % self._minlen

@@ -705,10 +714,13 @@ def __str__(self):

     def eval_rules(self, ksdata, storage, report_only=False):

         """:see: RuleHandler.eval_rules"""

-        if self._require_password and not storage.bootloader.password:

-            # Anaconda doesn't provide a way to set bootloader password, so

-            # users cannot do much about that --> we shouldn't stop the

-            # installation, should we?

+        bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)

+

+        if self._require_password and not bootloader_proxy.password_is_set:

+            # TODO: Anaconda provides a way to set bootloader password:

+            # bootloader_proxy.set_password(...)

+            # We don't support setting the bootloader password yet,

+            # but we shouldn't stop the installation, just because of that.

             return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,

                                 "boot loader password not set up")]

         else:

@@ -802,8 +814,13 @@ def __init__(self):

         self._added_trusts = set()

         self._removed_svcs = set()

+        self._new_services_to_add = set()

+        self._new_ports_to_add = set()

+        self._new_trusts_to_add = set()

+        self._new_services_to_remove = set()

+

         self._firewall_enabled = None

-        self._firewall_default_enabled = None

+        self._firewall_default_state = None

     def add_services(self, services):

         """

@@ -895,25 +912,26 @@ def __str__(self):

     def eval_rules(self, ksdata, storage, report_only=False):

         """:see: RuleHandler.eval_rules"""

+        firewall_proxy = NETWORK.get_proxy(FIREWALL)

         messages = []

-        if self._firewall_default_enabled is None:

+        if self._firewall_default_state is None:

             # firewall default startup setting

-            self._firewall_default_enabled = ksdata.firewall.enabled

+            self._firewall_default_state = firewall_proxy.FirewallMode

         if self._firewall_enabled is False:

             msg = _("Firewall will be disabled on startup")

             messages.append(RuleMessage(self.__class__,

                                         common.MESSAGE_TYPE_INFO, msg))

             if not report_only:

-                ksdata.firewall.enabled = self._firewall_enabled

+                firewall_proxy.SetFirewallMode(FIREWALL_DISABLED)

         elif self._firewall_enabled is True:

             msg = _("Firewall will be enabled on startup")

             messages.append(RuleMessage(self.__class__,

                                         common.MESSAGE_TYPE_INFO, msg))

             if not report_only:

-                ksdata.firewall.enabled = self._firewall_enabled

+                firewall_proxy.SetFirewallMode(FIREWALL_ENABLED)

         # add messages for the already added services

         for svc in self._added_svcs:

@@ -937,49 +955,58 @@ def eval_rules(self, ksdata, storage, report_only=False):

                                         common.MESSAGE_TYPE_INFO, msg))

         # services, that should be added

-        services_to_add = (svc for svc in self._add_svcs

-                           if svc not in ksdata.firewall.services)

+        self._new_services_to_add = {

+            svc for svc in self._add_svcs

+            if svc not in firewall_proxy.EnabledServices}

         # ports, that should be added

-        ports_to_add = (ports for ports in self._add_ports

-                        if ports not in ksdata.firewall.ports)

+        self._new_ports_to_add = {

+            ports for ports in self._add_ports

+            if ports not in firewall_proxy.EnabledPorts}

         # trusts, that should be added

-        trusts_to_add = (trust for trust in self._add_trusts

-                         if trust not in ksdata.firewall.trusts)

+        self._new_trusts_to_add = {

+            trust for trust in self._add_trusts

+            if trust not in firewall_proxy.Trusts}

-        for svc in services_to_add:

+        for svc in self._new_services_to_add:

             # add the service unless already added

             if not report_only:

                 self._added_svcs.add(svc)

-                ksdata.firewall.services.append(svc)

             msg = _("service '%s' has been added to the list of services to be "

                     "added to the firewall" % svc)

             messages.append(RuleMessage(self.__class__,

                                         common.MESSAGE_TYPE_INFO, msg))

+        if not report_only:

+            all_services = list(self._add_svcs.union(set(firewall_proxy.EnabledServices)))

+            firewall_proxy.SetEnabledServices(all_services)

-        for port in ports_to_add:

+        for port in self._new_ports_to_add:

             # add the port unless already added

             if not report_only:

                 self._added_ports.add(port)

-                ksdata.firewall.ports.append(port)

             msg = _("port '%s' has been added to the list of ports to be "

                     "added to the firewall" % port)

             messages.append(RuleMessage(self.__class__,

                                         common.MESSAGE_TYPE_INFO, msg))

+        if not report_only:

+            all_ports = list(self._add_ports.union(set(firewall_proxy.EnabledPorts)))

+            firewall_proxy.SetEnabledPorts(all_ports)

-        for trust in trusts_to_add:

+        for trust in self._new_trusts_to_add:

             # add the trust unless already added

             if not report_only:

                 self._added_trusts.add(trust)

-                ksdata.firewall.trusts.append(trust)

             msg = _("trust '%s' has been added to the list of trusts to be "

                     "added to the firewall" % trust)

             messages.append(RuleMessage(self.__class__,

                                         common.MESSAGE_TYPE_INFO, msg))

+        if not report_only:

+            all_trusts = list(self._add_trusts.union(set(firewall_proxy.Trusts)))

+            firewall_proxy.SetTrusts(all_trusts)

         # now do the same for the services that should be excluded

@@ -990,52 +1017,56 @@ def eval_rules(self, ksdata, storage, report_only=False):

             messages.append(RuleMessage(self.__class__,

                                         common.MESSAGE_TYPE_INFO, msg))

-        # services, that should be added

-        services_to_remove = (svc for svc in self._remove_svcs

-                              if svc not in ksdata.firewall.remove_services)

+        # services, that should be excluded

+        self._new_services_to_remove = {

+            svc for svc in self._remove_svcs

+            if svc not in firewall_proxy.DisabledServices}

-        for svc in services_to_remove:

+        for svc in self._new_services_to_remove:

             # exclude the service unless already excluded

             if not report_only:

                 self._removed_svcs.add(svc)

-                ksdata.firewall.remove_services.append(svc)

             msg = _("service '%s' has been added to the list of services to be "

                     "removed from the firewall" % svc)

             messages.append(RuleMessage(self.__class__,

                                         common.MESSAGE_TYPE_INFO, msg))

+        if not report_only:

+            all_services = list(self._remove_svcs.union(set(firewall_proxy.DisabledServices)))

+            firewall_proxy.SetDisabledServices(all_services)

         return messages

     def revert_changes(self, ksdata, storage):

         """:see: RuleHander.revert_changes"""

+        firewall_proxy = NETWORK.get_proxy(FIREWALL)

         if self._firewall_enabled is not None:

-            ksdata.firewall.enabled = self._firewall_default_enabled

+            firewall_proxy.SetFirewallMode(self._firewall_default_state)

         # remove all services this handler added

-        for svc in self._added_svcs:

-            if svc in ksdata.firewall.services:

-                ksdata.firewall.services.remove(svc)

+        all_services = firewall_proxy.EnabledServices

+        orig_services = set(all_services).difference(self._new_services_to_add)

+        firewall_proxy.SetEnabledServices(list(orig_services))

         # remove all ports this handler added

-        for port in self._added_ports:

-            if port in ksdata.firewall.ports:

-                ksdata.firewall.ports.remove(port)

+        all_ports = firewall_proxy.EnabledPorts

+        orig_ports = set(all_ports).difference(self._new_ports_to_add)

+        firewall_proxy.SetEnabledPorts(list(orig_ports))

         # remove all trusts this handler added

-        for trust in self._added_trusts:

-            if trust in ksdata.firewall.trusts:

-                ksdata.firewall.trusts.remove(trust)

+        all_trusts = firewall_proxy.Trusts

+        orig_trusts = set(all_trusts).difference(self._new_trusts_to_add)

+        firewall_proxy.SetTrusts(list(orig_trusts))

         # remove all services this handler excluded

-        for svc in self._removed_svcs:

-            if svc in ksdata.firewall.remove_services:

-                ksdata.firewall.remove_services.remove(svc)

+        all_services = firewall_proxy.DisabledServices

+        orig_services = set(all_services).difference(self._new_services_to_remove)

+        firewall_proxy.SetDisabledServices(list(orig_services))

         self._added_svcs = set()

         self._added_ports = set()

         self._added_trusts = set()

         self._removed_svcs = set()

         self._firewall_enabled = None

-        self._firewall_default_enabled = None

+        self._firewall_default_state = None