diff --git a/Changelog b/Changelog
index 422326d..b24b764 100644
--- a/Changelog
+++ b/Changelog
@@ -12,6 +12,7 @@
 - Issuing commands to upstart is over a datagram socket, not the initctl
   named pipe.  Updated init_telinit() to match.
 - Added modules:
+	cyphesis (Dan Walsh)
 	w3c (Dan Walsh)
 
 * Wed Jul 02 2008 Chris PeBenito <selinux@tresys.com> - 20080702
diff --git a/policy/modules/kernel/corenetwork.te.in b/policy/modules/kernel/corenetwork.te.in
index 137d2a5..d686641 100644
--- a/policy/modules/kernel/corenetwork.te.in
+++ b/policy/modules/kernel/corenetwork.te.in
@@ -82,6 +82,7 @@ network_port(clamd, tcp,3310,s0)
 network_port(clockspeed, udp,4041,s0)
 network_port(cluster, tcp,5149,s0, udp,5149,s0, tcp,40040,s0, tcp,50006,s0, udp,50006,s0, tcp,50007,s0, udp,50007,s0, tcp,50008,s0, udp,50008,s0)
 network_port(comsat, udp,512,s0)
+network_port(cyphesis, tcp,6767,s0, tcp,6769,s0, udp,32771,s0)
 network_port(cvs, tcp,2401,s0, udp,2401,s0)
 network_port(dcc, udp,6276,s0, udp,6277,s0)
 network_port(dbskkd, tcp,1178,s0)
@@ -149,11 +150,11 @@ network_port(ricci, tcp,11111,s0, udp,11111,s0)
 network_port(ricci_modcluster, tcp,16851,s0, udp,16851,s0)
 network_port(rlogind, tcp,513,s0)
 network_port(rndc, tcp,953,s0)
-network_port(router, udp,520,s0)
+network_port(router, udp,520,s0, udp,521,s0, tcp,521,s0)
 network_port(rsh, tcp,514,s0)
 network_port(rsync, tcp,873,s0, udp,873,s0)
 network_port(rwho, udp,513,s0)
-network_port(smbd, tcp,139,s0, tcp,445,s0)
+network_port(smbd, tcp,137-139,s0, tcp,445,s0)
 network_port(smtp, tcp,25,s0, tcp,465,s0, tcp,587,s0)
 network_port(snmp, udp,161,s0, udp,162,s0, tcp,199,s0)
 network_port(spamd, tcp,783,s0)
diff --git a/policy/modules/services/cyphesis.fc b/policy/modules/services/cyphesis.fc
new file mode 100644
index 0000000..74a8802
--- /dev/null
+++ b/policy/modules/services/cyphesis.fc
@@ -0,0 +1 @@
+/usr/bin/cyphesis	--	gen_context(system_u:object_r:cyphesis_exec_t,s0)
diff --git a/policy/modules/services/cyphesis.if b/policy/modules/services/cyphesis.if
new file mode 100644
index 0000000..9d44538
--- /dev/null
+++ b/policy/modules/services/cyphesis.if
@@ -0,0 +1,19 @@
+## <summary>Cyphesis WorldForge game server</summary>
+
+########################################
+## <summary>
+##	Execute a domain transition to run cyphesis.
+## </summary>
+## <param name="domain">
+## <summary>
+##	Domain allowed to transition.
+## </summary>
+## </param>
+#
+interface(`cyphesis_domtrans',`
+	gen_require(`
+		type cyphesis_t, cyphesis_exec_t;
+	')
+
+	domtrans_pattern($1, cyphesis_exec_t, cyphesis_t)
+')
diff --git a/policy/modules/services/cyphesis.te b/policy/modules/services/cyphesis.te
new file mode 100644
index 0000000..3133350
--- /dev/null
+++ b/policy/modules/services/cyphesis.te
@@ -0,0 +1,88 @@
+
+policy_module(cyphesis, 1.0.0)
+
+########################################
+#
+# Declarations
+#
+
+type cyphesis_t;
+type cyphesis_exec_t;
+init_daemon_domain(cyphesis_t, cyphesis_exec_t)
+
+type cyphesis_log_t;
+logging_log_file(cyphesis_log_t)
+
+type cyphesis_tmp_t;
+files_tmp_file(cyphesis_tmp_t)
+
+type cyphesis_var_run_t;
+files_pid_file(cyphesis_var_run_t)
+
+########################################
+#
+# cyphesis local policy
+#
+
+allow cyphesis_t self:process { setfscreate setsched signal };
+allow cyphesis_t self:fifo_file rw_fifo_file_perms;
+allow cyphesis_t self:tcp_socket create_stream_socket_perms;
+allow cyphesis_t self:unix_stream_socket create_stream_socket_perms;
+allow cyphesis_t self:unix_dgram_socket create_socket_perms;
+
+manage_files_pattern(cyphesis_t, cyphesis_log_t, cyphesis_log_t)
+logging_log_filetrans(cyphesis_t, cyphesis_log_t, file)
+
+# DAN > Does cyphesis really create a sock_file in /tmp?  Why?
+allow cyphesis_t cyphesis_tmp_t:sock_file manage_sock_file_perms;
+files_tmp_filetrans(cyphesis_t, cyphesis_tmp_t, file)
+
+manage_files_pattern(cyphesis_t, cyphesis_var_run_t, cyphesis_var_run_t)
+manage_sock_files_pattern(cyphesis_t, cyphesis_var_run_t, cyphesis_var_run_t)
+files_pid_filetrans(cyphesis_t, cyphesis_var_run_t, { file sock_file })
+
+kernel_read_system_state(cyphesis_t)
+kernel_read_kernel_sysctls(cyphesis_t)
+
+# DAN> What is cyphesis looking for in /bin?
+corecmd_search_bin(cyphesis_t)
+corecmd_getattr_bin_files(cyphesis_t)
+
+corenet_all_recvfrom_unlabeled(cyphesis_t)
+corenet_tcp_sendrecv_generic_if(cyphesis_t)
+corenet_tcp_sendrecv_all_nodes(cyphesis_t)
+corenet_tcp_sendrecv_all_ports(cyphesis_t)
+corenet_tcp_bind_all_nodes(cyphesis_t)
+corenet_tcp_bind_cyphesis_port(cyphesis_t)
+corenet_sendrecv_cyphesis_server_packets(cyphesis_t)
+
+dev_read_urand(cyphesis_t)
+
+# Init script handling
+domain_use_interactive_fds(cyphesis_t)
+
+files_read_etc_files(cyphesis_t)
+files_read_usr_files(cyphesis_t)
+
+libs_use_ld_so(cyphesis_t)
+libs_use_shared_libs(cyphesis_t)
+
+logging_send_syslog_msg(cyphesis_t)
+
+miscfiles_read_localization(cyphesis_t)
+
+sysnet_dns_name_resolve(cyphesis_t)
+
+# cyphesis wants to talk to avahi via dbus
+optional_policy(`
+	avahi_dbus_chat(cyphesis_t)
+	dbus_system_bus_client_template(cyphesis, cyphesis_t)
+')
+
+optional_policy(`
+	kerberos_use(cyphesis_t)
+')
+
+optional_policy(`
+	postgresql_stream_connect(cyphesis_t)
+')