diff --git a/haskell_tool/lib/Network/IPTables/ParserHelper.hs b/haskell_tool/lib/Network/IPTables/ParserHelper.hs
index c9f36220..149a72f5 100644
--- a/haskell_tool/lib/Network/IPTables/ParserHelper.hs
+++ b/haskell_tool/lib/Network/IPTables/ParserHelper.hs
@@ -105,6 +105,7 @@ protocol = choice (map make ps)
                , ("esp",       Isabelle.esp)
                , ("ah",        Isabelle.ah)
                , ("gre",       Isabelle.gre)
+               , ("sctp",      Isabelle.sctp)
                ]
 
 iface :: Parsec String s Isabelle.Iface
diff --git a/haskell_tool/test/Suites/GoldenFiles/i8_iptables-save-2015-05-15_15-23-41_cheating b/haskell_tool/test/Suites/GoldenFiles/i8_iptables-save-2015-05-15_15-23-41_cheating
index 8ccc70ef..50a3b94e 100644
--- a/haskell_tool/test/Suites/GoldenFiles/i8_iptables-save-2015-05-15_15-23-41_cheating
+++ b/haskell_tool/test/Suites/GoldenFiles/i8_iptables-save-2015-05-15_15-23-41_cheating
@@ -1694,8 +1694,8 @@ Table `raw' caught exception: `Reading ruleset failed! sanity_wf_ruleset check f
 (-o eth1.116 -p udp -m udp --dpts [1:65535] -d 224.0.0.0/4 -s 131.159.20.38/32 -m state --state NEW, -j ACCEPT)
 (-o eth1.116 -p icmp -d 224.0.0.0/4, -j ACCEPT)
 (-o eth1.116 -d 224.0.0.0/4, -j DROP)
-(-o eth1.152 -d 131.159.15.247/32, -j ACCEPT)
-(-o eth1.152 -d 131.159.15.248/32, -j ACCEPT)
+(-o eth1.152 -p sctp -d 131.159.15.247/32, -j ACCEPT)
+(-o eth1.152 -p sctp -d 131.159.15.248/32, -j ACCEPT)
 (-o eth1.152 -p tcp -m tcp --dpts [5060] -d 131.159.15.248/32 -m state --state NEW --tcp-flags [TCP_SYN, TCP_ACK, TCP_FIN, TCP_RST] [TCP_SYN], -j ACCEPT)
 (-o eth1.152 -p tcp -m tcp --dpts [20001:26001] -d 131.159.15.248/32 -m state --state NEW --tcp-flags [TCP_SYN, TCP_ACK, TCP_FIN, TCP_RST] [TCP_SYN], -j ACCEPT)
 (-o eth1.152 -p udp -m udp --dpts [5060] -d 131.159.15.248/32 -m state --state NEW, -j ACCEPT)
@@ -5489,8 +5489,8 @@ ACCEPT     tcp  --  131.159.20.38/32            224.0.0.0/4  out: eth1.116  dpor
 ACCEPT     udp  --  131.159.20.38/32            224.0.0.0/4  out: eth1.116  dports: 1:65535
 ACCEPT     icmp  --  0.0.0.0/0            224.0.0.0/4  out: eth1.116  
 DROP     all  --  0.0.0.0/0            224.0.0.0/4  out: eth1.116  
-ACCEPT     all  --  0.0.0.0/0            131.159.15.247/32  out: eth1.152  
-ACCEPT     all  --  0.0.0.0/0            131.159.15.248/32  out: eth1.152  
+ACCEPT     sctp  --  0.0.0.0/0            131.159.15.247/32  out: eth1.152  
+ACCEPT     sctp  --  0.0.0.0/0            131.159.15.248/32  out: eth1.152  
 ACCEPT     tcp  --  0.0.0.0/0            131.159.15.248/32  out: eth1.152  dports: 5060
 ACCEPT     tcp  --  0.0.0.0/0            131.159.15.248/32  out: eth1.152  dports: 20001:26001
 ACCEPT     udp  --  0.0.0.0/0            131.159.15.248/32  out: eth1.152  dports: 5060
@@ -8966,8 +8966,8 @@ ACCEPT     udp  --  131.159.20.72/32            131.159.15.128/26    dports: 1:6
 ACCEPT     tcp  --  131.159.20.38/32            131.159.15.128/26    dports: 1:65535
 ACCEPT     udp  --  131.159.20.38/32            131.159.15.128/26    dports: 1:65535
 ACCEPT     icmp  --  0.0.0.0/0            131.159.15.128/26    
-ACCEPT     all  --  0.0.0.0/0            131.159.15.247/32    
-ACCEPT     all  --  0.0.0.0/0            131.159.15.248/32    
+ACCEPT     sctp  --  0.0.0.0/0            131.159.15.247/32    
+ACCEPT     sctp  --  0.0.0.0/0            131.159.15.248/32    
 ACCEPT     tcp  --  0.0.0.0/0            131.159.15.248/32    dports: 5060
 ACCEPT     tcp  --  0.0.0.0/0            131.159.15.248/32    dports: 20001:26001
 ACCEPT     udp  --  0.0.0.0/0            131.159.15.248/32    dports: 5060
@@ -10773,28 +10773,25 @@ Spoofing certification results:
 == calculating service matrices ==
 =========== TCP port 10000->22 =========
 a |-> {224.0.0.0 .. 239.255.255.255}
-b |-> {0.0.0.0 .. 126.255.255.255} u {128.0.0.0 .. 131.158.255.255} u {131.160.0.0 .. 138.246.253.4} u {138.246.253.6 .. 185.86.231.255} u {185.86.236.0 .. 188.1.239.85} u {188.1.239.87 .. 188.95.232.63} u {188.95.232.224 .. 188.95.232.255} u {188.95.240.0 .. 192.48.106.255} u {192.48.108.0 .. 223.255.255.255} u {240.0.0.0 .. 255.255.255.255}
-c |-> {131.159.14.0 .. 131.159.14.7} u {131.159.14.12 .. 131.159.14.21} u {131.159.14.23 .. 131.159.14.25} u 131.159.14.27 u {131.159.14.29 .. 131.159.14.33} u {131.159.14.38 .. 131.159.14.39} u 131.159.14.41 u {131.159.14.43 .. 131.159.14.51} u {131.159.14.53 .. 131.159.14.55} u 131.159.14.57 u {131.159.14.59 .. 131.159.14.68} u {131.159.14.70 .. 131.159.14.82} u {131.159.14.84 .. 131.159.14.90} u {131.159.14.92 .. 131.159.14.103} u {131.159.14.105 .. 131.159.14.110} u {131.159.14.112 .. 131.159.14.121} u {131.159.14.123 .. 131.159.14.124} u {131.159.14.126 .. 131.159.14.136} u {131.159.14.138 .. 131.159.14.139} u {131.159.14.141 .. 131.159.14.144} u {131.159.14.147 .. 131.159.14.154} u {131.159.14.157 .. 131.159.14.162} u {131.159.14.164 .. 131.159.14.168} u {131.159.14.170 .. 131.159.14.200} u {131.159.14.202 .. 131.159.14.213} u {131.159.14.215 .. 131.159.15.3} u 131.159.15.6 u 131.159.15.10 u {131.159.15.14 .. 131.159.15.15} u {131.159.15.21 .. 131.159.15.22} u 131.159.15.24 u 131.159.15.26 u 131.159.15.28 u {131.159.15.30 .. 131.159.15.31} u {131.159.15.33 .. 131.159.15.35} u {131.159.15.37 .. 131.159.15.38} u {131.159.15.40 .. 131.159.15.41} u 131.159.15.46 u {131.159.15.49 .. 131.159.15.53} u 131.159.15.55 u 131.159.15.57 u 131.159.15.59 u {131.159.15.61 .. 131.159.15.68} u {131.159.15.70 .. 131.159.15.196} u {131.159.15.198 .. 131.159.15.227} u {131.159.15.229 .. 131.159.15.233} u {131.159.15.235 .. 131.159.15.246} u {131.159.15.250 .. 131.159.15.255} u {131.159.20.0 .. 131.159.20.20} u {131.159.20.22 .. 131.159.20.28} u {131.159.20.31 .. 131.159.20.35} u {131.159.20.37 .. 131.159.20.44} u {131.159.20.46 .. 131.159.20.51} u {131.159.20.53 .. 131.159.20.58} u {131.159.20.60 .. 131.159.20.62} u {131.159.20.64 .. 131.159.20.70} u {131.159.20.72 .. 131.159.20.73} u {131.159.20.75 .. 131.159.20.84} u 131.159.20.86 u {131.159.20.88 .. 131.159.20.96} u {131.159.20.98 .. 131.159.20.117} u 131.159.20.119 u {131.159.20.121 .. 131.159.20.123} u {131.159.20.125 .. 131.159.20.138} u {131.159.20.140 .. 131.159.20.149} u {131.159.20.152 .. 131.159.20.154} u {131.159.20.156 .. 131.159.20.158} u {131.159.20.161 .. 131.159.20.164} u {131.159.20.167 .. 131.159.20.179} u {131.159.20.181 .. 131.159.20.184} u {131.159.20.186 .. 131.159.20.232} u {131.159.20.234 .. 131.159.20.255} u {185.86.232.0 .. 185.86.235.255} u {188.95.233.0 .. 188.95.233.3} u {188.95.233.5 .. 188.95.233.8} u {188.95.233.10 .. 188.95.233.255} u {192.48.107.0 .. 192.48.107.255}
-d |-> {131.159.14.8 .. 131.159.14.11} u 131.159.14.22 u 131.159.14.26 u 131.159.14.28 u {131.159.14.34 .. 131.159.14.37} u 131.159.14.40 u 131.159.14.42 u 131.159.14.52 u 131.159.14.56 u 131.159.14.58 u 131.159.14.69 u 131.159.14.83 u 131.159.14.91 u 131.159.14.104 u 131.159.14.111 u 131.159.14.122 u 131.159.14.125 u 131.159.14.137 u 131.159.14.140 u {131.159.14.145 .. 131.159.14.146} u {131.159.14.155 .. 131.159.14.156} u 131.159.14.163 u 131.159.14.169 u 131.159.14.201 u 131.159.14.214 u {131.159.15.4 .. 131.159.15.5} u {131.159.15.7 .. 131.159.15.9} u {131.159.15.11 .. 131.159.15.13} u {131.159.15.16 .. 131.159.15.20} u 131.159.15.23 u 131.159.15.25 u 131.159.15.27 u 131.159.15.29 u 131.159.15.32 u 131.159.15.36 u 131.159.15.39 u {131.159.15.42 .. 131.159.15.45} u {131.159.15.47 .. 131.159.15.48} u 131.159.15.56 u 131.159.15.58 u 131.159.15.60 u 131.159.15.69 u 131.159.15.197 u 131.159.15.228 u 131.159.15.234 u {131.159.15.247 .. 131.159.15.249} u 131.159.20.21 u {131.159.20.29 .. 131.159.20.30} u 131.159.20.36 u 131.159.20.45 u 131.159.20.52 u 131.159.20.59 u 131.159.20.63 u 131.159.20.71 u 131.159.20.74 u 131.159.20.85 u 131.159.20.87 u 131.159.20.97 u 131.159.20.118 u 131.159.20.120 u 131.159.20.124 u 131.159.20.139 u {131.159.20.150 .. 131.159.20.151} u 131.159.20.155 u {131.159.20.159 .. 131.159.20.160} u {131.159.20.165 .. 131.159.20.166} u 131.159.20.180 u 131.159.20.185 u 131.159.20.233 u {131.159.21.0 .. 131.159.21.255} u {188.95.232.192 .. 188.95.232.223} u 188.95.233.4 u 188.95.233.9 u {188.95.234.0 .. 188.95.239.255}
-e |-> 188.1.239.86 u {188.95.232.64 .. 188.95.232.191}
-f |-> 138.246.253.5
-g |-> {131.159.0.0 .. 131.159.13.255} u {131.159.16.0 .. 131.159.19.255} u {131.159.22.0 .. 131.159.255.255}
-h |-> 131.159.15.54
-i |-> {127.0.0.0 .. 127.255.255.255}
+b |-> {0.0.0.0 .. 126.255.255.255} u {128.0.0.0 .. 131.158.255.255} u {131.160.0.0 .. 138.246.253.4} u {138.246.253.6 .. 185.86.231.255} u {185.86.236.0 .. 188.1.239.85} u {188.1.239.87 .. 188.95.232.63} u {188.95.232.224 .. 188.95.232.255} u {188.95.240.0 .. 192.48.106.255} u {192.48.108.0 .. 192.168.211.255} u {192.168.214.0 .. 223.255.255.255} u {240.0.0.0 .. 255.255.255.255}
+c |-> {192.168.212.0 .. 192.168.213.255}
+d |-> {131.159.14.0 .. 131.159.14.7} u {131.159.14.12 .. 131.159.14.21} u {131.159.14.23 .. 131.159.14.25} u 131.159.14.27 u {131.159.14.29 .. 131.159.14.33} u {131.159.14.38 .. 131.159.14.39} u 131.159.14.41 u {131.159.14.43 .. 131.159.14.51} u {131.159.14.53 .. 131.159.14.55} u 131.159.14.57 u {131.159.14.59 .. 131.159.14.68} u {131.159.14.70 .. 131.159.14.82} u {131.159.14.84 .. 131.159.14.90} u {131.159.14.92 .. 131.159.14.103} u {131.159.14.105 .. 131.159.14.110} u {131.159.14.112 .. 131.159.14.121} u {131.159.14.123 .. 131.159.14.124} u {131.159.14.126 .. 131.159.14.136} u {131.159.14.138 .. 131.159.14.139} u {131.159.14.141 .. 131.159.14.144} u {131.159.14.147 .. 131.159.14.154} u {131.159.14.157 .. 131.159.14.162} u {131.159.14.164 .. 131.159.14.168} u {131.159.14.170 .. 131.159.14.200} u {131.159.14.202 .. 131.159.14.213} u {131.159.14.215 .. 131.159.15.3} u 131.159.15.6 u 131.159.15.10 u {131.159.15.14 .. 131.159.15.15} u {131.159.15.21 .. 131.159.15.22} u 131.159.15.24 u 131.159.15.26 u 131.159.15.28 u {131.159.15.30 .. 131.159.15.31} u {131.159.15.33 .. 131.159.15.35} u {131.159.15.37 .. 131.159.15.38} u {131.159.15.40 .. 131.159.15.41} u 131.159.15.46 u {131.159.15.49 .. 131.159.15.53} u 131.159.15.55 u 131.159.15.57 u 131.159.15.59 u {131.159.15.61 .. 131.159.15.68} u {131.159.15.70 .. 131.159.15.196} u {131.159.15.198 .. 131.159.15.227} u {131.159.15.229 .. 131.159.15.233} u {131.159.15.235 .. 131.159.15.246} u {131.159.15.250 .. 131.159.15.255} u {131.159.20.0 .. 131.159.20.20} u {131.159.20.22 .. 131.159.20.28} u {131.159.20.31 .. 131.159.20.35} u {131.159.20.37 .. 131.159.20.44} u {131.159.20.46 .. 131.159.20.51} u {131.159.20.53 .. 131.159.20.58} u {131.159.20.60 .. 131.159.20.62} u {131.159.20.64 .. 131.159.20.70} u {131.159.20.72 .. 131.159.20.73} u {131.159.20.75 .. 131.159.20.84} u 131.159.20.86 u {131.159.20.88 .. 131.159.20.96} u {131.159.20.98 .. 131.159.20.117} u 131.159.20.119 u {131.159.20.121 .. 131.159.20.123} u {131.159.20.125 .. 131.159.20.138} u {131.159.20.140 .. 131.159.20.149} u {131.159.20.152 .. 131.159.20.154} u {131.159.20.156 .. 131.159.20.158} u {131.159.20.161 .. 131.159.20.164} u {131.159.20.167 .. 131.159.20.179} u {131.159.20.181 .. 131.159.20.184} u {131.159.20.186 .. 131.159.20.232} u {131.159.20.234 .. 131.159.20.255} u {185.86.232.0 .. 185.86.235.255} u {188.95.233.0 .. 188.95.233.3} u {188.95.233.5 .. 188.95.233.8} u {188.95.233.10 .. 188.95.233.255} u {192.48.107.0 .. 192.48.107.255}
+e |-> {131.159.14.8 .. 131.159.14.11} u 131.159.14.22 u 131.159.14.26 u 131.159.14.28 u {131.159.14.34 .. 131.159.14.37} u 131.159.14.40 u 131.159.14.42 u 131.159.14.52 u 131.159.14.56 u 131.159.14.58 u 131.159.14.69 u 131.159.14.83 u 131.159.14.91 u 131.159.14.104 u 131.159.14.111 u 131.159.14.122 u 131.159.14.125 u 131.159.14.137 u 131.159.14.140 u {131.159.14.145 .. 131.159.14.146} u {131.159.14.155 .. 131.159.14.156} u 131.159.14.163 u 131.159.14.169 u 131.159.14.201 u 131.159.14.214 u {131.159.15.4 .. 131.159.15.5} u {131.159.15.7 .. 131.159.15.9} u {131.159.15.11 .. 131.159.15.13} u {131.159.15.16 .. 131.159.15.20} u 131.159.15.23 u 131.159.15.25 u 131.159.15.27 u 131.159.15.29 u 131.159.15.32 u 131.159.15.36 u 131.159.15.39 u {131.159.15.42 .. 131.159.15.45} u {131.159.15.47 .. 131.159.15.48} u 131.159.15.56 u 131.159.15.58 u 131.159.15.60 u 131.159.15.69 u 131.159.15.197 u 131.159.15.228 u 131.159.15.234 u 131.159.15.249 u 131.159.20.21 u {131.159.20.29 .. 131.159.20.30} u 131.159.20.36 u 131.159.20.45 u 131.159.20.52 u 131.159.20.59 u 131.159.20.63 u 131.159.20.71 u 131.159.20.74 u 131.159.20.85 u 131.159.20.87 u 131.159.20.97 u 131.159.20.118 u 131.159.20.120 u 131.159.20.124 u 131.159.20.139 u {131.159.20.150 .. 131.159.20.151} u 131.159.20.155 u {131.159.20.159 .. 131.159.20.160} u {131.159.20.165 .. 131.159.20.166} u 131.159.20.180 u 131.159.20.185 u 131.159.20.233 u {131.159.21.0 .. 131.159.21.255} u {188.95.232.192 .. 188.95.232.223} u 188.95.233.4 u 188.95.233.9 u {188.95.234.0 .. 188.95.239.255}
+f |-> 188.1.239.86 u {188.95.232.64 .. 188.95.232.191}
+g |-> 138.246.253.5
+h |-> {131.159.0.0 .. 131.159.13.255} u {131.159.16.0 .. 131.159.19.255} u {131.159.22.0 .. 131.159.255.255}
+i |-> {131.159.15.247 .. 131.159.15.248}
+j |-> 131.159.15.54
+k |-> {127.0.0.0 .. 127.255.255.255}
 
 (a,a)
-(a,d)
+(a,e)
+(a,i)
 (b,a)
-(b,d)
+(b,e)
+(b,i)
 (c,a)
-(c,b)
-(c,c)
-(c,d)
 (c,e)
-(c,f)
-(c,g)
-(c,h)
-(c,i)
 (d,a)
 (d,b)
 (d,c)
@@ -10804,6 +10801,8 @@ i |-> {127.0.0.0 .. 127.255.255.255}
 (d,g)
 (d,h)
 (d,i)
+(d,j)
+(d,k)
 (e,a)
 (e,b)
 (e,c)
@@ -10813,22 +10812,50 @@ i |-> {127.0.0.0 .. 127.255.255.255}
 (e,g)
 (e,h)
 (e,i)
+(e,j)
+(e,k)
 (f,a)
+(f,b)
 (f,c)
 (f,d)
+(f,e)
+(f,f)
+(f,g)
 (f,h)
+(f,i)
+(f,j)
+(f,k)
 (g,a)
 (g,d)
-(g,h)
+(g,e)
+(g,i)
+(g,j)
 (h,a)
-(h,b)
-(h,c)
-(h,d)
 (h,e)
-(h,f)
-(h,g)
-(h,h)
 (h,i)
+(h,j)
+(i,a)
+(i,b)
+(i,c)
+(i,d)
+(i,e)
+(i,f)
+(i,g)
+(i,h)
+(i,i)
+(i,j)
+(i,k)
+(j,a)
+(j,b)
+(j,c)
+(j,d)
+(j,e)
+(j,f)
+(j,g)
+(j,h)
+(j,i)
+(j,j)
+(j,k)
 
 =========== TCP port 10000->80 =========
 a |-> {224.0.0.0 .. 239.255.255.255}