diff --git a/refpolicy/policy/modules.conf b/refpolicy/policy/modules.conf
index f308739..d97d100 100644
--- a/refpolicy/policy/modules.conf
+++ b/refpolicy/policy/modules.conf
@@ -12,6 +12,14 @@
 #
 
 # Layer: kernel
+# Module: devices
+# Required in base
+#
+# Device nodes and interfaces for many basic system devices.
+# 
+devices = base
+
+# Layer: kernel
 # Module: filesystem
 # Required in base
 #
@@ -52,14 +60,6 @@ terminal = base
 kernel = base
 
 # Layer: kernel
-# Module: devices
-# Required in base
-#
-# Device nodes and interfaces for many basic system devices.
-# 
-devices = base
-
-# Layer: kernel
 # Module: corenetwork
 # Required in base
 #
@@ -125,7 +125,7 @@ kudzu = base
 #
 # Policy for the Anaconda installer.
 # 
-anaconda = off
+anaconda = base
 
 # Layer: admin
 # Module: netutils
@@ -168,14 +168,14 @@ su = base
 #
 # File system quota management
 # 
-quota = base
+quota = off
 
 # Layer: admin
 # Module: dmesg
 #
 # Policy for dmesg.
 # 
-dmesg = base
+dmesg = off
 
 # Layer: admin
 # Module: logrotate
@@ -224,7 +224,7 @@ amanda = base
 #
 # Web server log analysis
 # 
-webalizer = module
+webalizer = base
 
 # Layer: apps
 # Module: loadkeys
@@ -259,21 +259,21 @@ storage = base
 #
 # RPC port mapping service.
 # 
-portmap = module
+portmap = base
 
 # Layer: services
-# Module: remotelogin
+# Module: apm
 #
-# Policy for rshd, rlogind, and telnetd.
+# Advanced power management daemon
 # 
-remotelogin = base
+apm = base
 
 # Layer: services
-# Module: ntp
+# Module: remotelogin
 #
-# Network time protocol daemon
+# Policy for rshd, rlogind, and telnetd.
 # 
-ntp = base
+remotelogin = base
 
 # Layer: services
 # Module: rlogin
@@ -283,11 +283,25 @@ ntp = base
 rlogin = base
 
 # Layer: services
-# Module: inetd
+# Module: postfix
 #
-# Internet services daemon.
+# Postfix email server
 # 
-inetd = base
+postfix = base
+
+# Layer: services
+# Module: cyrus
+#
+# Cyrus is an IMAP service intended to be run on sealed servers
+# 
+cyrus = base
+
+# Layer: services
+# Module: rsync
+#
+# Fast incremental file transfer for synchronization
+# 
+rsync = base
 
 # Layer: services
 # Module: ktalk
@@ -304,11 +318,11 @@ ktalk = base
 finger = base
 
 # Layer: services
-# Module: howl
+# Module: cron
 #
-# Port of Apple Rendezvous multicast DNS
+# Periodic execution of scheduled commands.
 # 
-howl = base
+cron = base
 
 # Layer: services
 # Module: tftp
@@ -318,11 +332,11 @@ howl = base
 tftp = base
 
 # Layer: services
-# Module: kerberos
+# Module: canna
 #
-# MIT Kerberos admin and KDC
+# Canna - kana-kanji conversion server
 # 
-kerberos = base
+canna = base
 
 # Layer: services
 # Module: gpm
@@ -332,53 +346,53 @@ kerberos = base
 gpm = off
 
 # Layer: services
-# Module: uucp
+# Module: nscd
 #
-# Unix to Unix Copy
+# Name service cache daemon
 # 
-uucp = base
+nscd = base
 
 # Layer: services
-# Module: apache
+# Module: sendmail
 #
-# Apache web server
+# Policy for sendmail.
 # 
-apache = module
+sendmail = base
 
 # Layer: services
-# Module: dhcp
+# Module: stunnel
 #
-# Dynamic host configuration protocol (DHCP) server
+# SSL Tunneling Proxy
 # 
-dhcp = module
+stunnel = base
 
 # Layer: services
-# Module: inn
+# Module: dbus
 #
-# Internet News NNTP server
+# Desktop messaging bus
 # 
-inn = base
+dbus = base
 
 # Layer: services
-# Module: sendmail
+# Module: ftp
 #
-# Policy for sendmail.
+# File transfer protocol service
 # 
-sendmail = off
+ftp = base
 
 # Layer: services
-# Module: dbus
+# Module: dbskk
 #
-# Desktop messaging bus
+# Dictionary server for the SKK Japanese input method system.
 # 
-dbus = base
+dbskk = base
 
 # Layer: services
-# Module: rshd
+# Module: tcpd
 #
-# Remote shell service.
+# Policy for TCP daemon.
 # 
-rshd = base
+tcpd = base
 
 # Layer: services
 # Module: radvd
@@ -388,6 +402,13 @@ rshd = base
 radvd = base
 
 # Layer: services
+# Module: rshd
+#
+# Remote shell service.
+# 
+rshd = base
+
+# Layer: services
 # Module: sasl
 #
 # SASL authentication server
@@ -399,63 +420,49 @@ sasl = base
 #
 # PostgreSQL relational database
 # 
-postgresql = module
-
-# Layer: services
-# Module: hal
-#
-# Hardware abstraction layer
-# 
-hal = base
+postgresql = base
 
 # Layer: services
-# Module: zebra
+# Module: ntp
 #
-# Zebra border gateway protocol network routing service
+# Network time protocol daemon
 # 
-zebra = base
+ntp = base
 
 # Layer: services
 # Module: ldap
 #
 # OpenLDAP directory server
 # 
-ldap = module
+ldap = base
 
 # Layer: services
-# Module: mysql
-#
-# Policy for MySQL
-# 
-mysql = module
-
-# Layer: services
-# Module: bind
+# Module: inetd
 #
-# Berkeley internet name domain DNS server.
+# Internet services daemon.
 # 
-bind = module
+inetd = base
 
 # Layer: services
-# Module: snmp
+# Module: apache
 #
-# Simple network management protocol services
+# Apache web server
 # 
-snmp = module
+apache = base
 
 # Layer: services
 # Module: squid
 #
 # Squid caching http proxy server
 # 
-squid = module
+squid = base
 
 # Layer: services
-# Module: mailman
+# Module: howl
 #
-# Mailman is for managing electronic mail discussion and e-newsletter lists
+# Port of Apple Rendezvous multicast DNS
 # 
-mailman = module
+howl = base
 
 # Layer: services
 # Module: dictd
@@ -465,95 +472,90 @@ mailman = module
 dictd = base
 
 # Layer: services
-# Module: privoxy
-#
-# Privacy enhancing web proxy.
-# 
-privoxy = base
-
-# Layer: services
-# Module: nis
+# Module: kerberos
 #
-# Policy for NIS (YP) servers and clients
+# MIT Kerberos admin and KDC
 # 
-nis = base
+kerberos = base
 
 # Layer: services
-# Module: telnet
+# Module: radius
 #
-# Telnet daemon
+# RADIUS authentication and accounting server.
 # 
-telnet = off
+radius = base
 
 # Layer: services
-# Module: comsat
+# Module: uucp
 #
-# Comsat, a biff server.
+# Unix to Unix Copy
 # 
-comsat = base
+uucp = base
 
 # Layer: services
-# Module: ssh
+# Module: nis
 #
-# Secure shell client and server policy.
+# Policy for NIS (YP) servers and clients
 # 
-ssh = off
+nis = base
 
 # Layer: services
-# Module: cvs
+# Module: dhcp
 #
-# Concurrent versions system
+# Dynamic host configuration protocol (DHCP) server
 # 
-cvs = base
+dhcp = base
 
 # Layer: services
-# Module: ppp
+# Module: samba
 #
-# Point to Point Protocol daemon creates links in ppp networks
+# SMB and CIFS client/server programs for UNIX and
+# name  Service  Switch  daemon for resolving names
+# from Windows NT servers.
 # 
-ppp = base
+samba = base
 
 # Layer: services
-# Module: arpwatch
+# Module: telnet
 #
-# Ethernet activity monitor.
+# Telnet daemon
 # 
-arpwatch = base
+telnet = base
 
 # Layer: services
-# Module: bluetooth
+# Module: inn
 #
-# Bluetooth tools and system services.
+# Internet News NNTP server
 # 
-bluetooth = base
+inn = base
 
 # Layer: services
-# Module: apm
+# Module: ssh
 #
-# Advanced power management daemon
+# Secure shell client and server policy.
 # 
-apm = base
+ssh = base
 
 # Layer: services
-# Module: mta
+# Module: networkmanager
 #
-# Policy common to all email tranfer agents.
+# Manager for dynamically switching between networks.
 # 
-mta = base
+networkmanager = base
 
 # Layer: services
-# Module: nscd
+# Module: xdm
 #
-# Name service cache daemon
+# X windows login display manager
 # 
-nscd = base
+xdm = base
 
 # Layer: services
-# Module: stunnel
+# Module: arpwatch
 #
-# SSL Tunneling Proxy
+# Ethernet activity monitor.
 # 
-stunnel = base
+arpwatch = base
 
 # Layer: services
 # Module: distcc
@@ -563,27 +565,25 @@ stunnel = base
 distcc = off
 
 # Layer: services
-# Module: samba
+# Module: mta
 #
-# SMB and CIFS client/server programs for UNIX and
-# name  Service  Switch  daemon for resolving names
-# from Windows NT servers.
+# Policy common to all email tranfer agents.
 # 
-samba = module
+mta = base
 
 # Layer: services
-# Module: cyrus
+# Module: zebra
 #
-# Cyrus is an IMAP service intended to be run on sealed servers
+# Zebra border gateway protocol network routing service
 # 
-cyrus = base
+zebra = base
 
 # Layer: services
-# Module: ftp
+# Module: hal
 #
-# File transfer protocol service
+# Hardware abstraction layer
 # 
-ftp = base
+hal = base
 
 # Layer: services
 # Module: cpucontrol
@@ -593,109 +593,109 @@ ftp = base
 cpucontrol = base
 
 # Layer: services
-# Module: dovecot
+# Module: mysql
 #
-# Dovecot POP and IMAP mail server
+# Policy for MySQL
 # 
-dovecot = base
+mysql = base
 
 # Layer: services
-# Module: rsync
+# Module: cups
 #
-# Fast incremental file transfer for synchronization
+# Common UNIX printing system
 # 
-rsync = base
+cups = base
 
 # Layer: services
-# Module: canna
+# Module: bind
 #
-# Canna - kana-kanji conversion server
+# Berkeley internet name domain DNS server.
 # 
-canna = base
+bind = base
 
 # Layer: services
-# Module: cron
+# Module: snmp
 #
-# Periodic execution of scheduled commands.
+# Simple network management protocol services
 # 
-cron = base
+snmp = base
 
 # Layer: services
-# Module: tcpd
+# Module: spamassassin
 #
-# Policy for TCP daemon.
+# Filter used for removing unsolicited email.
 # 
-tcpd = base
+spamassassin = base
 
 # Layer: services
-# Module: xdm
+# Module: mailman
 #
-# X windows login display manager
+# Mailman is for managing electronic mail discussion and e-newsletter lists
 # 
-xdm = base
+mailman = base
 
 # Layer: services
-# Module: networkmanager
+# Module: lpd
 #
-# Manager for dynamically switching between networks.
+# Line printer daemon
 # 
-networkmanager = base
+lpd = base
 
 # Layer: services
-# Module: dbskk
+# Module: privoxy
 #
-# Dictionary server for the SKK Japanese input method system.
+# Privacy enhancing web proxy.
 # 
-dbskk = base
+privoxy = base
 
 # Layer: services
-# Module: pegasus
+# Module: comsat
 #
-# The Open Group Pegasus CIM/WBEM Server.
+# Comsat, a biff server.
 # 
-pegasus = base
+comsat = base
 
 # Layer: services
-# Module: radius
+# Module: cvs
 #
-# RADIUS authentication and accounting server.
+# Concurrent versions system
 # 
-radius = base
+cvs = base
 
 # Layer: services
-# Module: spamassassin
+# Module: ppp
 #
-# Filter used for removing unsolicited email.
+# Point to Point Protocol daemon creates links in ppp networks
 # 
-spamassassin = base
+ppp = base
 
 # Layer: services
-# Module: postfix
+# Module: dovecot
 #
-# Postfix email server
+# Dovecot POP and IMAP mail server
 # 
-postfix = base
+dovecot = base
 
 # Layer: services
-# Module: cups
+# Module: bluetooth
 #
-# Common UNIX printing system
+# Bluetooth tools and system services.
 # 
-cups = base
+bluetooth = base
 
 # Layer: services
-# Module: rpc
+# Module: pegasus
 #
-# Remote Procedure Call Daemon for managment of network based process communication
+# The Open Group Pegasus CIM/WBEM Server.
 # 
-rpc = base
+pegasus = base
 
 # Layer: services
-# Module: lpd
+# Module: rpc
 #
-# Line printer daemon
+# Remote Procedure Call Daemon for managment of network based process communication
 # 
-lpd = base
+rpc = base
 
 # Layer: system
 # Module: unconfined
@@ -737,7 +737,7 @@ mount = base
 #
 # TCP/IP encryption
 # 
-ipsec = base
+ipsec = off
 
 # Layer: system
 # Module: locallogin
@@ -779,7 +779,7 @@ pcmcia = base
 #
 # Policy for iptables.
 # 
-iptables = base
+iptables = off
 
 # Layer: system
 # Module: userdomain