Abstract: Various exemplary embodiments relate to a method of processing a packet at a firewall. The method includes: receiving a packet having a source address, destination address, source port, and destination port; comparing the packet to match criteria of a rule, wherein the match criteria includes at least one service group having a plurality of port combinations; matching both the source port and destination port with one of the plurality of port combinations; determining an index into the service group of the matching port combination; and translating a port of the packet based on the index into the service group and a NAT service group defined for the rule.