diff --git a/refpolicy/policy/modules/apps/calamaris.te b/refpolicy/policy/modules/apps/calamaris.te
index b73221e..a680581 100644
--- a/refpolicy/policy/modules/apps/calamaris.te
+++ b/refpolicy/policy/modules/apps/calamaris.te
@@ -42,17 +42,13 @@ kernel_read_system_state(calamaris_t)
 
 corecmd_exec_bin(calamaris_t)
 
+corenet_non_ipsec_sendrecv(calamaris_t)
 corenet_tcp_sendrecv_generic_if(calamaris_t)
 corenet_udp_sendrecv_generic_if(calamaris_t)
-corenet_raw_sendrecv_generic_if(calamaris_t)
 corenet_tcp_sendrecv_all_nodes(calamaris_t)
 corenet_udp_sendrecv_all_nodes(calamaris_t)
-corenet_raw_sendrecv_all_nodes(calamaris_t)
 corenet_tcp_sendrecv_all_ports(calamaris_t)
 corenet_udp_sendrecv_all_ports(calamaris_t)
-corenet_non_ipsec_sendrecv(calamaris_t)
-corenet_tcp_bind_all_nodes(calamaris_t)
-corenet_udp_bind_all_nodes(calamaris_t)
 
 dev_read_urand(calamaris_t)
 
diff --git a/refpolicy/policy/modules/apps/evolution.if b/refpolicy/policy/modules/apps/evolution.if
index 7bc383e..71d3a9f 100644
--- a/refpolicy/policy/modules/apps/evolution.if
+++ b/refpolicy/policy/modules/apps/evolution.if
@@ -188,31 +188,34 @@ template(`evolution_per_userdomain_template',`
 	corecmd_exec_bin($1_evolution_t)
 	corecmd_exec_sbin($1_evolution_t)
 
+	corenet_non_ipsec_sendrecv($1_evolution_t)
 	corenet_tcp_sendrecv_generic_if($1_evolution_t)
 	corenet_udp_sendrecv_generic_if($1_evolution_t)
 	corenet_raw_sendrecv_generic_if($1_evolution_t)
 	corenet_tcp_sendrecv_all_nodes($1_evolution_t)
 	corenet_udp_sendrecv_all_nodes($1_evolution_t)
-	corenet_raw_sendrecv_all_nodes($1_evolution_t)
 	corenet_tcp_sendrecv_pop_port($1_evolution_t)
-	corenet_tcp_sendrecv_smtp_port($1_evolution_t)
-	corenet_tcp_sendrecv_innd_port($1_evolution_t)
-	corenet_tcp_sendrecv_ldap_port($1_evolution_t)
-	###corenet_tcp_sendrecv_ipp($1_evolution_t)
 	corenet_udp_sendrecv_pop_port($1_evolution_t)
+	corenet_tcp_sendrecv_smtp_port($1_evolution_t)
 	corenet_udp_sendrecv_smtp_port($1_evolution_t)
+	corenet_tcp_sendrecv_innd_port($1_evolution_t)
 	corenet_udp_sendrecv_innd_port($1_evolution_t)
+	corenet_tcp_sendrecv_ldap_port($1_evolution_t)
 	corenet_udp_sendrecv_ldap_port($1_evolution_t)
-	###corenet_udp_sendrecv_ipp($1_evolution_t)
-	corenet_non_ipsec_sendrecv($1_evolution_t)
-	corenet_tcp_bind_all_nodes($1_evolution_t)
-	corenet_udp_bind_all_nodes($1_evolution_t)
+	corenet_tcp_sendrecv_ipp_port($1_evolution_t)
+	corenet_udp_sendrecv_ipp_port($1_evolution_t)
 	corenet_tcp_connect_pop_port($1_evolution_t)
 	corenet_tcp_connect_smtp_port($1_evolution_t)
 	corenet_tcp_connect_innd_port($1_evolution_t)
 	corenet_tcp_connect_ldap_port($1_evolution_t)
-	###corenet_tcp_connect_ipp_port($1_evolution_t)
+	corenet_tcp_connect_ipp_port($1_evolution_t)
+	corenet_sendrecv_pop_client_packets($1_evolution_t)
+	corenet_sendrecv_smtp_client_packets($1_evolution_t)
+	corenet_sendrecv_innd_client_packets($1_evolution_t)
+	corenet_sendrecv_ldap_client_packets($1_evolution_t)
+	corenet_sendrecv_ipp_client_packets($1_evolution_t)
 	# not sure about this bind
+	corenet_udp_bind_all_nodes($1_evolution_t)
 	corenet_udp_bind_generic_port($1_evolution_t)
 
 	dev_read_urand($1_evolution_t)
@@ -635,25 +638,15 @@ template(`evolution_per_userdomain_template',`
 	corecmd_exec_shell($1_evolution_server_t)
 
 	# Obtain weather data via http (read server name from xml file in /usr)
+	corenet_non_ipsec_sendrecv($1_evolution_server_t)
 	corenet_tcp_sendrecv_generic_if($1_evolution_server_t)
-	corenet_raw_sendrecv_generic_if($1_evolution_server_t)
 	corenet_tcp_sendrecv_all_nodes($1_evolution_server_t)
-	corenet_raw_sendrecv_all_nodes($1_evolution_server_t)
 	corenet_tcp_sendrecv_http_port($1_evolution_server_t)
 	corenet_tcp_sendrecv_http_cache_port($1_evolution_server_t)
-	corenet_non_ipsec_sendrecv($1_evolution_server_t)
-	corenet_tcp_bind_all_nodes($1_evolution_server_t)
 	corenet_tcp_connect_http_cache_port($1_evolution_server_t)
 	corenet_tcp_connect_http_port($1_evolution_server_t)
-	# Talk to ldap (address book)
-	corenet_tcp_sendrecv_generic_if($1_evolution_server_t)
-	corenet_raw_sendrecv_generic_if($1_evolution_server_t)
-	corenet_tcp_sendrecv_all_nodes($1_evolution_server_t)
-	corenet_raw_sendrecv_all_nodes($1_evolution_server_t)
-	corenet_tcp_sendrecv_ldap_port($1_evolution_server_t)
-	corenet_non_ipsec_sendrecv($1_evolution_server_t)
-	corenet_tcp_bind_all_nodes($1_evolution_server_t)
-	corenet_tcp_connect_ldap_port($1_evolution_server_t)
+	corenet_sendrecv_http_client_packets($1_evolution_server_t)
+	corenet_sendrecv_http_cache_client_packets($1_evolution_server_t)
 
 	files_read_etc_files($1_evolution_server_t)
 	# Obtain weather data via http (read server name from xml file in /usr)
@@ -668,9 +661,9 @@ template(`evolution_per_userdomain_template',`
 	miscfiles_read_certs($1_evolution_server_t)
 
 	# Talk to ldap (address book)
-	# Obtain weather data via http (read server name from xml file in /usr)
 	sysnet_read_config($1_evolution_server_t)
 	sysnet_dns_name_resolve($1_evolution_server_t)
+	sysnet_use_ldap($1_evolution_server_t)
 
 	# Access evolution home
 	userdom_search_user_home_dirs($1,$1_evolution_server_t)
@@ -720,16 +713,17 @@ template(`evolution_per_userdomain_template',`
 	# Transition from user type
 	domain_auto_trans($2, evolution_webcal_exec_t, $1_evolution_webcal_t)
 
+	corenet_non_ipsec_sendrecv($1_evolution_webcal_t)
 	corenet_tcp_sendrecv_generic_if($1_evolution_webcal_t)
 	corenet_raw_sendrecv_generic_if($1_evolution_webcal_t)
 	corenet_tcp_sendrecv_all_nodes($1_evolution_webcal_t)
 	corenet_raw_sendrecv_all_nodes($1_evolution_webcal_t)
 	corenet_tcp_sendrecv_http_port($1_evolution_webcal_t)
 	corenet_tcp_sendrecv_http_cache_port($1_evolution_webcal_t)
-	corenet_non_ipsec_sendrecv($1_evolution_webcal_t)
-	corenet_tcp_bind_all_nodes($1_evolution_webcal_t)
 	corenet_tcp_connect_http_cache_port($1_evolution_webcal_t)
 	corenet_tcp_connect_http_port($1_evolution_webcal_t)
+	corenet_sendrecv_http_client_packets($1_evolution_webcal_t)
+	corenet_sendrecv_http_cache_client_packets($1_evolution_webcal_t)
 
 	# Networking capability - connect to website and handle ics link
 	sysnet_read_config($1_evolution_webcal_t)
diff --git a/refpolicy/policy/modules/apps/games.if b/refpolicy/policy/modules/apps/games.if
index 319a707..6270276 100644
--- a/refpolicy/policy/modules/apps/games.if
+++ b/refpolicy/policy/modules/apps/games.if
@@ -94,19 +94,18 @@ template(`games_per_userdomain_template',`
 	corecmd_exec_bin($1_games_t)
 	corecmd_exec_sbin($1_games_t)
 
+	corenet_non_ipsec_sendrecv($1_games_t)
 	corenet_tcp_sendrecv_generic_if($1_games_t)
 	corenet_udp_sendrecv_generic_if($1_games_t)
-	corenet_raw_sendrecv_generic_if($1_games_t)
 	corenet_tcp_sendrecv_all_nodes($1_games_t)
 	corenet_udp_sendrecv_all_nodes($1_games_t)
-	corenet_raw_sendrecv_all_nodes($1_games_t)
 	corenet_tcp_sendrecv_all_ports($1_games_t)
 	corenet_udp_sendrecv_all_ports($1_games_t)
-	corenet_non_ipsec_sendrecv($1_games_t)
 	corenet_tcp_bind_all_nodes($1_games_t)
-	corenet_udp_bind_all_nodes($1_games_t)
 	corenet_tcp_bind_generic_port($1_games_t)
 	corenet_tcp_connect_generic_port($1_games_t)
+	corenet_sendrecv_generic_client_packets($1_games_t)
+	corenet_sendrecv_generic_server_packets($1_games_t)
 
 	dev_read_sound($1_games_t)
 	dev_write_sound($1_games_t)
diff --git a/refpolicy/policy/modules/apps/gift.if b/refpolicy/policy/modules/apps/gift.if
index 64b82b6..8ddc30c 100644
--- a/refpolicy/policy/modules/apps/gift.if
+++ b/refpolicy/policy/modules/apps/gift.if
@@ -104,12 +104,10 @@ template(`gift_per_userdomain_template',`
 	# Connect to gift daemon
 	corenet_non_ipsec_sendrecv($1_gift_t)
 	corenet_tcp_sendrecv_generic_if($1_gift_t)
-	corenet_raw_sendrecv_generic_if($1_gift_t)
 	corenet_tcp_sendrecv_all_nodes($1_gift_t)
-	corenet_raw_sendrecv_all_nodes($1_gift_t)
 	corenet_tcp_sendrecv_giftd_port($1_gift_t)
-	corenet_tcp_bind_all_nodes($1_gift_t)
 	corenet_tcp_connect_giftd_port($1_gift_t)
+	corenet_sendrecv_giftd_client_packets($1_gift_t)
 
 	fs_search_auto_mountpoints($1_gift_t)
 
@@ -169,10 +167,8 @@ template(`gift_per_userdomain_template',`
 	corenet_non_ipsec_sendrecv($1_giftd_t)
 	corenet_tcp_sendrecv_generic_if($1_giftd_t)
 	corenet_udp_sendrecv_generic_if($1_giftd_t)
-	corenet_raw_sendrecv_generic_if($1_giftd_t)
 	corenet_tcp_sendrecv_all_nodes($1_giftd_t)
 	corenet_udp_sendrecv_all_nodes($1_giftd_t)
-	corenet_raw_sendrecv_all_nodes($1_giftd_t)
 	corenet_tcp_sendrecv_all_ports($1_giftd_t)
 	corenet_udp_sendrecv_all_ports($1_giftd_t)
 	corenet_tcp_bind_all_nodes($1_giftd_t)
@@ -180,6 +176,7 @@ template(`gift_per_userdomain_template',`
 	corenet_tcp_bind_all_ports($1_giftd_t)
 	corenet_udp_bind_all_ports($1_giftd_t)
 	corenet_tcp_connect_all_ports($1_giftd_t)
+	corenet_sendrecv_all_client_packets($1_giftd_t)
 
 	files_read_usr_files($1_giftd_t)
 	# Read /etc/mtab
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 7732182..d0a3bed 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -96,18 +96,15 @@ template(`gpg_per_userdomain_template',`
 	allow $1_gpg_t $1_gpg_secret_t:file create_file_perms;
 	allow $1_gpg_t $1_gpg_secret_t:lnk_file create_lnk_perms;
 
+	corenet_non_ipsec_sendrecv($1_gpg_t)
 	corenet_tcp_sendrecv_all_if($1_gpg_t)
-	corenet_raw_sendrecv_all_if($1_gpg_t)
 	corenet_udp_sendrecv_all_if($1_gpg_t)
 	corenet_tcp_sendrecv_all_nodes($1_gpg_t)
-	corenet_raw_sendrecv_all_nodes($1_gpg_t)
 	corenet_udp_sendrecv_all_nodes($1_gpg_t)
 	corenet_tcp_sendrecv_all_ports($1_gpg_t)
 	corenet_udp_sendrecv_all_ports($1_gpg_t)
-	corenet_non_ipsec_sendrecv($1_gpg_t)
-	corenet_tcp_bind_all_nodes($1_gpg_t)
-	corenet_udp_bind_all_nodes($1_gpg_t)
 	corenet_tcp_connect_all_ports($1_gpg_t)
+	corenet_sendrecv_all_client_packets($1_gpg_t)
 
 	dev_read_rand($1_gpg_t)
 	dev_read_urand($1_gpg_t)
diff --git a/refpolicy/policy/modules/apps/irc.if b/refpolicy/policy/modules/apps/irc.if
index 67ab3ba..1cd0fbf 100644
--- a/refpolicy/policy/modules/apps/irc.if
+++ b/refpolicy/policy/modules/apps/irc.if
@@ -107,16 +107,14 @@ template(`irc_per_userdomain_template',`
 	corenet_non_ipsec_sendrecv($1_irc_t)
 	corenet_tcp_sendrecv_generic_if($1_irc_t)
 	corenet_udp_sendrecv_generic_if($1_irc_t)
-	corenet_raw_sendrecv_generic_if($1_irc_t)
 	corenet_tcp_sendrecv_all_nodes($1_irc_t)
 	corenet_udp_sendrecv_all_nodes($1_irc_t)
-	corenet_raw_sendrecv_all_nodes($1_irc_t)
 	corenet_tcp_sendrecv_all_ports($1_irc_t)
 	corenet_udp_sendrecv_all_ports($1_irc_t)
-	corenet_tcp_bind_all_nodes($1_irc_t)
-	corenet_udp_bind_all_nodes($1_irc_t)
+	corenet_sendrecv_ircd_client_packets($1_irc_t)
 	# cjp: this seems excessive:
 	corenet_tcp_connect_all_ports($1_irc_t)
+	corenet_sendrecv_all_client_packets($1_irc_t)
 
 	domain_use_interactive_fds($1_irc_t)
 
diff --git a/refpolicy/policy/modules/apps/java.if b/refpolicy/policy/modules/apps/java.if
index cd3d01a..c35bff5 100644
--- a/refpolicy/policy/modules/apps/java.if
+++ b/refpolicy/policy/modules/apps/java.if
@@ -103,15 +103,12 @@ template(`java_per_userdomain_template',`
 	corenet_non_ipsec_sendrecv($1_javaplugin_t)
 	corenet_tcp_sendrecv_generic_if($1_javaplugin_t)
 	corenet_udp_sendrecv_generic_if($1_javaplugin_t)
-	corenet_raw_sendrecv_generic_if($1_javaplugin_t)
 	corenet_tcp_sendrecv_all_nodes($1_javaplugin_t)
 	corenet_udp_sendrecv_all_nodes($1_javaplugin_t)
-	corenet_raw_sendrecv_all_nodes($1_javaplugin_t)
 	corenet_tcp_sendrecv_all_ports($1_javaplugin_t)
 	corenet_udp_sendrecv_all_ports($1_javaplugin_t)
-	corenet_tcp_bind_all_nodes($1_javaplugin_t)
-	corenet_udp_bind_all_nodes($1_javaplugin_t)
 	corenet_tcp_connect_all_ports($1_javaplugin_t)
+	corenet_sendrecv_all_client_packets($1_javaplugin_t)
 
 	dev_read_sound($1_javaplugin_t)
 	dev_write_sound($1_javaplugin_t)
diff --git a/refpolicy/policy/modules/apps/mozilla.if b/refpolicy/policy/modules/apps/mozilla.if
index 74bfc53..c4d489b 100644
--- a/refpolicy/policy/modules/apps/mozilla.if
+++ b/refpolicy/policy/modules/apps/mozilla.if
@@ -128,6 +128,7 @@ template(`mozilla_per_userdomain_template',`
 	corecmd_exec_bin($1_mozilla_t)
 
 	# Browse the web, connect to printer
+	corenet_non_ipsec_sendrecv($1_mozilla_t)
 	corenet_tcp_sendrecv_generic_if($1_mozilla_t)
 	corenet_raw_sendrecv_generic_if($1_mozilla_t)
 	corenet_tcp_sendrecv_all_nodes($1_mozilla_t)
@@ -136,13 +137,16 @@ template(`mozilla_per_userdomain_template',`
 	corenet_tcp_sendrecv_http_cache_port($1_mozilla_t)
 	corenet_tcp_sendrecv_ftp_port($1_mozilla_t)
 	corenet_tcp_sendrecv_ipp_port($1_mozilla_t)
-	corenet_non_ipsec_sendrecv($1_mozilla_t)
-	corenet_tcp_bind_all_nodes($1_mozilla_t)
 	corenet_tcp_connect_http_port($1_mozilla_t)
 	corenet_tcp_connect_http_cache_port($1_mozilla_t)
 	corenet_tcp_connect_ftp_port($1_mozilla_t)
 	corenet_tcp_connect_ipp_port($1_mozilla_t)
 	corenet_tcp_connect_generic_port($1_mozilla_t)
+	corenet_sendrecv_http_client_packets($1_mozilla_t)
+	corenet_sendrecv_http_cache_client_packets($1_mozilla_t)
+	corenet_sendrecv_ftp_client_packets($1_mozilla_t)
+	corenet_sendrecv_ipp_client_packets($1_mozilla_t)
+	corenet_sendrecv_generic_client_packets($1_mozilla_t)
 	# Should not need other ports
 	corenet_dontaudit_tcp_sendrecv_generic_port($1_mozilla_t)
 	corenet_dontaudit_tcp_bind_generic_port($1_mozilla_t)
diff --git a/refpolicy/policy/modules/apps/screen.if b/refpolicy/policy/modules/apps/screen.if
index 111b585..fa61d05 100644
--- a/refpolicy/policy/modules/apps/screen.if
+++ b/refpolicy/policy/modules/apps/screen.if
@@ -116,16 +116,13 @@ template(`screen_per_userdomain_template',`
 	corecmd_shell_domtrans($1_screen_t,$2)
 	corecmd_bin_domtrans($1_screen_t,$2)
 
+	corenet_non_ipsec_sendrecv($1_screen_t)
 	corenet_tcp_sendrecv_generic_if($1_screen_t)
 	corenet_udp_sendrecv_generic_if($1_screen_t)
-	corenet_raw_sendrecv_generic_if($1_screen_t)
 	corenet_tcp_sendrecv_all_nodes($1_screen_t)
 	corenet_udp_sendrecv_all_nodes($1_screen_t)
-	corenet_raw_sendrecv_all_nodes($1_screen_t)
 	corenet_tcp_sendrecv_all_ports($1_screen_t)
 	corenet_udp_sendrecv_all_ports($1_screen_t)
-	corenet_tcp_bind_all_nodes($1_screen_t)
-	corenet_udp_bind_all_nodes($1_screen_t)
 	corenet_tcp_connect_all_ports($1_screen_t)
 
 	dev_dontaudit_getattr_all_chr_files($1_screen_t)
diff --git a/refpolicy/policy/modules/apps/thunderbird.if b/refpolicy/policy/modules/apps/thunderbird.if
index 54cee7e..4dab587 100644
--- a/refpolicy/policy/modules/apps/thunderbird.if
+++ b/refpolicy/policy/modules/apps/thunderbird.if
@@ -106,24 +106,27 @@ template(`thunderbird_per_userdomain_template',`
 	# Startup shellscript
 	corecmd_exec_bin($1_thunderbird_t)
 
+	corenet_non_ipsec_sendrecv($1_thunderbird_t)
 	corenet_tcp_sendrecv_generic_if($1_thunderbird_t)
-	corenet_raw_sendrecv_generic_if($1_thunderbird_t)
+	corenet_tcp_sendrecv_all_nodes($1_thunderbird_t)
 	corenet_tcp_sendrecv_ipp_port($1_thunderbird_t)
 	corenet_tcp_sendrecv_ldap_port($1_thunderbird_t)
 	corenet_tcp_sendrecv_innd_port($1_thunderbird_t)
 	corenet_tcp_sendrecv_smtp_port($1_thunderbird_t)
 	corenet_tcp_sendrecv_pop_port($1_thunderbird_t)
 	corenet_tcp_sendrecv_http_port($1_thunderbird_t)
-	corenet_tcp_sendrecv_all_nodes($1_thunderbird_t)
-	corenet_raw_sendrecv_all_nodes($1_thunderbird_t)
-	corenet_non_ipsec_sendrecv($1_thunderbird_t)
-	corenet_tcp_bind_all_nodes($1_thunderbird_t)
 	corenet_tcp_connect_ipp_port($1_thunderbird_t)
 	corenet_tcp_connect_ldap_port($1_thunderbird_t)
 	corenet_tcp_connect_innd_port($1_thunderbird_t)
 	corenet_tcp_connect_smtp_port($1_thunderbird_t)
 	corenet_tcp_connect_pop_port($1_thunderbird_t)
 	corenet_tcp_connect_http_port($1_thunderbird_t)
+	corenet_sendrecv_ipp_client_packets($1_thunderbird_t)
+	corenet_sendrecv_ldap_client_packets($1_thunderbird_t)
+	corenet_sendrecv_innd_client_packets($1_thunderbird_t)
+	corenet_sendrecv_smtp_client_packets($1_thunderbird_t)
+	corenet_sendrecv_pop_client_packets($1_thunderbird_t)
+	corenet_sendrecv_http_client_packets($1_thunderbird_t)
 
 	files_list_tmp($1_thunderbird_t)
 	files_read_usr_files($1_thunderbird_t)
diff --git a/refpolicy/policy/modules/apps/uml.if b/refpolicy/policy/modules/apps/uml.if
index caf26dd..121b95f 100644
--- a/refpolicy/policy/modules/apps/uml.if
+++ b/refpolicy/policy/modules/apps/uml.if
@@ -65,7 +65,7 @@ template(`uml_per_userdomain_template',`
 	# Local policy
 	#
 	allow $1_uml_t self:fifo_file rw_file_perms;
-	allow $1_uml_t self:process { fork signal_perms ptrace };
+	allow $1_uml_t self:process { signal_perms ptrace };
 	allow $1_uml_t self:unix_stream_socket create_stream_socket_perms;
 	allow $1_uml_t self:unix_dgram_socket create_socket_perms;
 	# Use the network.
@@ -147,18 +147,15 @@ template(`uml_per_userdomain_template',`
 	corecmd_exec_bin($1_uml_t)
 	corecmd_exec_sbin($1_uml_t)
 
+	corenet_non_ipsec_sendrecv($1_uml_t)
 	corenet_tcp_sendrecv_generic_if($1_uml_t)
 	corenet_udp_sendrecv_generic_if($1_uml_t)
-	corenet_raw_sendrecv_generic_if($1_uml_t)
 	corenet_tcp_sendrecv_all_nodes($1_uml_t)
 	corenet_udp_sendrecv_all_nodes($1_uml_t)
-	corenet_raw_sendrecv_all_nodes($1_uml_t)
 	corenet_tcp_sendrecv_all_ports($1_uml_t)
 	corenet_udp_sendrecv_all_ports($1_uml_t)
-	corenet_non_ipsec_sendrecv($1_uml_t)
-	corenet_tcp_bind_all_nodes($1_uml_t)
-	corenet_udp_bind_all_nodes($1_uml_t)
 	corenet_tcp_connect_all_ports($1_uml_t)
+	corenet_sendrecv_all_client_packets($1_uml_t)
 	corenet_rw_tun_tap_dev($1_uml_t)
 	
 	domain_use_interactive_fds($1_uml_t)
diff --git a/refpolicy/policy/modules/apps/vmware.te b/refpolicy/policy/modules/apps/vmware.te
index 151d2fa..43d6a2e 100644
--- a/refpolicy/policy/modules/apps/vmware.te
+++ b/refpolicy/policy/modules/apps/vmware.te
@@ -51,6 +51,9 @@ corenet_non_ipsec_sendrecv(vmware_host_t)
 corenet_raw_sendrecv_generic_if(vmware_host_t)
 corenet_raw_sendrecv_all_nodes(vmware_host_t)
 corenet_raw_bind_all_nodes(vmware_host_t)
+corenet_tcp_sendrecv_all_ports(vmware_host_t)
+corenet_tcp_connect_all_ports(vmware_host_t)
+corenet_sendrecv_all_client_packets(vmware_host_t)
 
 dev_read_sysfs(vmware_host_t)
 dev_rw_vmware(vmware_host_t)
diff --git a/refpolicy/policy/modules/apps/webalizer.te b/refpolicy/policy/modules/apps/webalizer.te
index 0800b1a..7211dd6 100644
--- a/refpolicy/policy/modules/apps/webalizer.te
+++ b/refpolicy/policy/modules/apps/webalizer.te
@@ -44,7 +44,6 @@ allow webalizer_t self:unix_stream_socket create_stream_socket_perms;
 allow webalizer_t self:unix_dgram_socket sendto;
 allow webalizer_t self:unix_stream_socket connectto;
 allow webalizer_t self:tcp_socket connected_stream_socket_perms;
-allow webalizer_t self:udp_socket { connect connected_socket_perms };
 
 allow webalizer_t webalizer_etc_t:file { getattr read };
 
@@ -59,17 +58,10 @@ files_var_lib_filetrans(webalizer_t,webalizer_var_lib_t,file)
 kernel_read_kernel_sysctls(webalizer_t)
 kernel_read_system_state(webalizer_t)
 
+corenet_non_ipsec_sendrecv(webalizer_t)
 corenet_tcp_sendrecv_all_if(webalizer_t)
-corenet_udp_sendrecv_all_if(webalizer_t)
-corenet_raw_sendrecv_all_if(webalizer_t)
-corenet_udp_sendrecv_all_nodes(webalizer_t)
 corenet_tcp_sendrecv_all_nodes(webalizer_t)
-corenet_raw_sendrecv_all_nodes(webalizer_t)
 corenet_tcp_sendrecv_all_ports(webalizer_t)
-corenet_udp_sendrecv_all_ports(webalizer_t)
-corenet_non_ipsec_sendrecv(webalizer_t)
-corenet_tcp_bind_all_nodes(webalizer_t)
-corenet_udp_bind_all_nodes(webalizer_t)
 
 fs_search_auto_mountpoints(webalizer_t)
 
@@ -84,6 +76,7 @@ logging_send_syslog_msg(webalizer_t)
 
 miscfiles_read_localization(webalizer_t)
 
+sysnet_dns_name_resolve(webalizer_t)
 sysnet_read_config(webalizer_t)
 
 userdom_use_unpriv_users_fds(webalizer_t)
diff --git a/refpolicy/policy/modules/apps/yam.te b/refpolicy/policy/modules/apps/yam.te
index 90e1c04..9181eba 100644
--- a/refpolicy/policy/modules/apps/yam.te
+++ b/refpolicy/policy/modules/apps/yam.te
@@ -37,7 +37,6 @@ allow yam_t self:sem create_sem_perms;
 allow yam_t self:msgq create_msgq_perms;
 allow yam_t self:msg { send receive };
 allow yam_t self:tcp_socket create_socket_perms;
-allow yam_t self:udp_socket create_socket_perms;
 
 # Update the content being managed by yam.
 allow yam_t yam_content_t:dir create_dir_perms;
@@ -61,19 +60,14 @@ corecmd_exec_bin(yam_t)
 
 # Rsync and lftp need to network.  They also set files attributes to
 # match whats on the remote server.
+corenet_non_ipsec_sendrecv(yam_t)
 corenet_tcp_sendrecv_generic_if(yam_t)
-corenet_udp_sendrecv_generic_if(yam_t)
-corenet_raw_sendrecv_generic_if(yam_t)
 corenet_tcp_sendrecv_all_nodes(yam_t)
-corenet_udp_sendrecv_all_nodes(yam_t)
-corenet_raw_sendrecv_all_nodes(yam_t)
 corenet_tcp_sendrecv_all_ports(yam_t)
-corenet_udp_sendrecv_all_ports(yam_t)
-corenet_non_ipsec_sendrecv(yam_t)
-corenet_tcp_bind_all_nodes(yam_t)
-corenet_udp_bind_all_nodes(yam_t)
 corenet_tcp_connect_http_port(yam_t)
 corenet_tcp_connect_rsync_port(yam_t)
+corenet_sendrecv_http_client_packets(yam_t)
+corenet_sendrecv_rsync_client_packets(yam_t)
 
 # mktemp
 dev_read_urand(yam_t)
@@ -101,6 +95,7 @@ miscfiles_read_localization(yam_t)
 
 seutil_read_config(yam_t)
 
+sysnet_dns_name_resolve(yam_t)
 sysnet_read_config(yam_t)
 
 userdom_use_unpriv_users_fds(yam_t)