diff --git a/policy-20070703.patch b/policy-20070703.patch
index 8cb0b69..f7dfa86 100644
--- a/policy-20070703.patch
+++ b/policy-20070703.patch
@@ -2518,8 +2518,8 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain.te serefpolicy-3.0.6/policy/modules/kernel/domain.te
 --- nsaserefpolicy/policy/modules/kernel/domain.te	2007-07-25 10:37:36.000000000 -0400
-+++ serefpolicy-3.0.6/policy/modules/kernel/domain.te	2007-08-22 08:03:53.000000000 -0400
-@@ -6,6 +6,29 @@
++++ serefpolicy-3.0.6/policy/modules/kernel/domain.te	2007-08-23 09:30:52.000000000 -0400
+@@ -6,6 +6,15 @@
  # Declarations
  #
  
@@ -2530,26 +2530,12 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +## </p>
 +## </desc>
 +gen_tunable(allow_netlabel,true)
-+
-+## <desc>
-+## <p>
-+## Allow all domains to use ipsec labeled packets
-+## </p>
-+## </desc>
-+gen_tunable(allow_ipsec_label,true)
 +')
 +
-+## <desc>
-+## <p>
-+## Allow unlabeled packets to work on system
-+## </p>
-+## </desc>
-+gen_tunable(allow_unlabeled_packets,true)
-+
  # Mark process types as domains
  attribute domain;
  
-@@ -134,3 +157,25 @@
+@@ -134,3 +143,22 @@
  
  # act on all domains keys
  allow unconfined_domain_type domain:key *;
@@ -2571,9 +2557,6 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/domain
 +		kernel_tcp_recvfrom_unlabeled(domain)
 +		kernel_udp_recvfrom_unlabeled(domain)
 +	')
-+	tunable_policy(`allow_ipsec_label',`
-+		ipsec_labeled(domain)
-+	')
 +')
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/kernel/files.if serefpolicy-3.0.6/policy/modules/kernel/files.if
 --- nsaserefpolicy/policy/modules/kernel/files.if	2007-07-03 07:05:38.000000000 -0400
@@ -4063,7 +4046,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
 +/var/named/chroot/var/log/named.*	--	gen_context(system_u:object_r:named_log_t,s0)
 diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind.te serefpolicy-3.0.6/policy/modules/services/bind.te
 --- nsaserefpolicy/policy/modules/services/bind.te	2007-07-25 10:37:42.000000000 -0400
-+++ serefpolicy-3.0.6/policy/modules/services/bind.te	2007-08-22 08:03:53.000000000 -0400
++++ serefpolicy-3.0.6/policy/modules/services/bind.te	2007-08-22 17:35:04.000000000 -0400
 @@ -66,7 +66,6 @@
  allow named_t self:unix_dgram_socket create_socket_perms;
  allow named_t self:tcp_socket create_stream_socket_perms;
@@ -4081,19 +4064,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  # read zone files
  allow named_t named_zone_t:dir list_dir_perms;
  read_files_pattern(named_t,named_zone_t,named_zone_t)
-@@ -119,6 +120,11 @@
- corenet_sendrecv_dns_client_packets(named_t)
- corenet_sendrecv_rndc_server_packets(named_t)
- corenet_sendrecv_rndc_client_packets(named_t)
-+corenet_udp_bind_all_unreserved_ports(named_t)
-+
-+#dnsmasq 
-+corenet_tcp_bind_dhcpd_port(named_t)
-+corenet_udp_bind_dhcpd_port(named_t)
- 
- dev_read_sysfs(named_t)
- dev_read_rand(named_t)
-@@ -175,6 +181,10 @@
+@@ -175,6 +176,10 @@
  ')
  
  optional_policy(`
@@ -4104,7 +4075,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  	# this seems like fds that arent being
  	# closed.  these should probably be
  	# dontaudits instead.
-@@ -184,14 +194,6 @@
+@@ -184,14 +189,6 @@
  ')
  
  optional_policy(`
@@ -4119,7 +4090,7 @@ diff --exclude-from=exclude -N -u -r nsaserefpolicy/policy/modules/services/bind
  	seutil_sigchld_newrole(named_t)
  ')
  
-@@ -232,6 +234,7 @@
+@@ -232,6 +229,7 @@
  corenet_tcp_sendrecv_all_nodes(ndc_t)
  corenet_tcp_sendrecv_all_ports(ndc_t)
  corenet_tcp_connect_rndc_port(ndc_t)