diff --git a/Makefile.user b/Makefile.user
index da810cd..cc7a7f4 100644
--- a/Makefile.user
+++ b/Makefile.user
@@ -5,3 +5,8 @@ tar: build
 	touch _build/mirage-firewall/modules.img
 	cat /dev/null | gzip -n > _build/mirage-firewall/initramfs
 	tar cjf mirage-firewall.tar.bz2 -C _build --mtime=./build-with-docker.sh mirage-firewall
+
+fetchmotron: qubes_firewall.xen
+	test-mirage qubes_firewall.xen mirage-fw-test &
+	sleep 1
+	boot-mirage fetchmotron
diff --git a/packet.ml b/packet.ml
index d9b49bb..2f3ed7d 100644
--- a/packet.ml
+++ b/packet.ml
@@ -13,11 +13,14 @@ type ports = {
 type host = 
   [ `Client of client_link | `Client_gateway | `Firewall_uplink | `NetVM | `External of Ipaddr.t ]
 
-type ('src, 'dst) info = {
-  packet : Nat_packet.t;
+type ('src, 'dst) packet = {
+  ipv4_header : Ipv4_packet.t;
+  transport_header : [`TCP of Tcp.Tcp_packet.t
+                     |`UDP of Udp_packet.t
+                     |`ICMP of Icmpv4_packet.t];
+  transport_payload : Cstruct.t; 
   src : 'src;
   dst : 'dst;
-  proto : [ `UDP of ports | `TCP of ports | `ICMP | `Unknown ];
 }
 
 (* The first message in a TCP connection has SYN set and ACK clear. *)
diff --git a/rules.ml b/rules.ml
index 098dea0..4e08a06 100644
--- a/rules.ml
+++ b/rules.ml
@@ -42,12 +42,13 @@ let classify_client_packet (info : ([`Client of _], _) Packet.info) rules : Pack
   let matches_port dstports (port : int) =
     List.exists (fun (Q.Range_inclusive (min, max)) -> (min <= port && port <= max)) dstports
   in
-  let matches_proto rule info = match rule.Pf_qubes.Parse_qubes.proto with
+  let matches_proto rule packet = match rule.Pf_qubes.Parse_qubes.proto with
     | None -> true
-    | Some p -> match p, info.proto with
-      | `tcp, `TCP ports -> matches_port rule.Q.dstports ports.dport 
-      | `udp, `UDP ports -> matches_port rule.Q.dstports ports.dport 
-      | `icmp, `ICMP -> true (* TODO *)
+    | Some p ->
+      match p, packet.transport_header with
+      | `tcp, `TCP header -> matches_port rule.Q.dstports header.dst_port
+      | `udp, `UDP header -> matches_port rule.Q.dstports header.dst_port
+      | `icmp, `ICMP header -> true (* TODO *)
       | _, _ -> false 
   in
   let matches_dest rule info = match rule.Pf_qubes.Parse_qubes.dst with