diff --git a/EduNetworkBuilder/NetworkCard.cs b/EduNetworkBuilder/NetworkCard.cs
index 09ab966..5a38f09 100644
--- a/EduNetworkBuilder/NetworkCard.cs
+++ b/EduNetworkBuilder/NetworkCard.cs
@@ -476,6 +476,8 @@ namespace EduNetworkBuilder
                         if (tPacket.MyType == PacketType.arp_request && !nf.isLocal(tPacket.destIP))
                             continue;  //only send out arp requests on local networks
                         nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
+                        nPacket.OutboundIF = nf;
+                        nPacket.InboundInterface = tPacket.InboundInterface;
                         nf.ProcessOutboundPacket(nPacket);
                         if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
                             continue; //If the packet cannot be sent out (VLAN stuff)
@@ -528,6 +530,9 @@ namespace EduNetworkBuilder
                     foreach (NetworkInterface nf in interfaces.ToList())
                     {
                         nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
+                        nPacket.OutboundIF = nf;
+                        nPacket.InboundInterface = tPacket.InboundInterface;
+
                         nf.ProcessOutboundPacket(nPacket);
                         if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
                             continue; //If the packet cannot be sent out (VLAN stuff)
@@ -608,6 +613,8 @@ namespace EduNetworkBuilder
                     foreach (NetworkInterface nf in interfaces.ToList())
                     {
                         nPacket = new Packet(tPacket);
+                        nPacket.OutboundIF = nf;
+                        nPacket.InboundInterface = tPacket.InboundInterface;
 
                         nf.ProcessOutboundPacket(nPacket);
                         if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
diff --git a/EduNetworkBuilder/NetworkDevice.cs b/EduNetworkBuilder/NetworkDevice.cs
index 9b9e5d3..0d9eba9 100644
--- a/EduNetworkBuilder/NetworkDevice.cs
+++ b/EduNetworkBuilder/NetworkDevice.cs
@@ -413,7 +413,7 @@ namespace EduNetworkBuilder
             }
             foreach (FirewallRule fwr in FirewallRules)
             {
-                fwr.Save(writer, "firewallrule");
+                fwr.Save(writer, "firwallrule");
             }
 
             writer.WriteEndElement();
@@ -1235,6 +1235,9 @@ namespace EduNetworkBuilder
             {
                 NICs.Add(NetworkCard.Clone(nic));
             }
+
+            FirewallRules.Clear();
+            FirewallRules.AddRange(ndCopyFrom.FirewallRules);
             RouteTable.Clear();
             RouteTable.AddRange(ndCopyFrom.RouteTable);
             DHCPRanges.Clear();
@@ -2825,5 +2828,18 @@ namespace EduNetworkBuilder
             }
             return false;
         }
+
+        public bool FirewallAllows(string inIF, string outIF)
+        {
+            foreach(FirewallRule fwr in FirewallRules)
+            {
+                if(fwr.Source == inIF && fwr.Destination == outIF)
+                {
+                    if (fwr.Action == FirewallRuleType.Allow) return true;
+                    if (fwr.Action == FirewallRuleType.Drop) return false;
+                }
+            }
+            return true;
+        }
      }   
 }
diff --git a/EduNetworkBuilder/Packet.cs b/EduNetworkBuilder/Packet.cs
index 1bb0c78..c3e999d 100644
--- a/EduNetworkBuilder/Packet.cs
+++ b/EduNetworkBuilder/Packet.cs
@@ -364,6 +364,28 @@ namespace EduNetworkBuilder
         {
             if (theLink == null) return;
             //Console.WriteLine("Starting on link: " + theLink.GetUniqueIdentifier + "  vlanID = " + VLANID.ToString());
+
+            //We are just about to go out.  Verify we are not getting blocked by the firewall.
+            if (start_device.FirewallRules.Count > 0)
+            {
+                if (InboundInterface != null && OutboundIF != null)
+                {
+                    if (!start_device.FirewallAllows(InboundInterface.nic_name, OutboundIF.nic_name))
+                    {
+                        ResponseToPacket rtp = start_device.HowToRespondToPacket(this);
+                        if (rtp != ResponseToPacket.accept)
+                        {
+                            //If we are here, the packet is rejected.
+                            string message = string.Format(NB.Translate("P_FirewallDropped"), start_device.hostname);
+                            AddMessage(DebugLevel.filtering, message);
+                            Tracking.Status = message;
+                            AddMessage(DebugLevel.filtering, message);
+                            MyStatus = PacketStatus.finished_failed;
+                            return;
+                        }
+                    }
+                }
+            }
             InboundNic = null;
             InboundInterface = null;
             WhereAmI = theLink;
diff --git a/EduNetworkBuilder/Resources/languages/edustrings.resx b/EduNetworkBuilder/Resources/languages/edustrings.resx
index 651ee14..6635b5b 100644
--- a/EduNetworkBuilder/Resources/languages/edustrings.resx
+++ b/EduNetworkBuilder/Resources/languages/edustrings.resx
@@ -1633,4 +1633,8 @@
     <value>Adv. Firewall Enabled</value>
     <comment>OW_cbFirewallEnabled  = Adv. Firewall Enabled</comment>
   </data>
+  <data name="P_FirewallDropped" xml:space="preserve">
+    <value>Firewall Dropped Packet: Device {0}</value>
+    <comment>P_FirewallDropped = Firewall Dropped Packet: Device {0}</comment>
+  </data>
 </root>
\ No newline at end of file