Evaluating lines of network policies across different network devices is complicated, particularly when trying to assign access rules to policy classifications. For example, a firewall determines whether to permit or deny traffic based upon the list of rules contained within its configuration file. An individual rule specifies the type of traffic that the firewall permits or denies, based on attributes such as protocol, source network, source port, destination port, destination network, interface used, etc. A user would like to work with sets of these rules that have been combined into logical units referred to herein as “policies”.