diff --git a/spec/system/params_spec.rb b/spec/system/params_spec.rb
@@ -1,9 +1,11 @@
 require 'spec_helper_system'
 
 describe "param based tests:" do
+  # Takes a hash and converts it into a firewall resource
   def pp(params)
+    name = params.delete('name') || '100 test'
     pm = <<-EOS
-firewall { '100 test':
+firewall { '#{name}':
     EOS
 
     params.each do |k,v| 
@@ -18,31 +20,108 @@ def pp(params)
     pm
   end
 
-  it 'test socket param' do
-    facts = system_node.facts
+  it 'test various params' do
+    iptables_flush_all_tables
+
+    facts = node.facts
 
     unless (facts['operatingsystem'] == 'CentOS') && \
       facts['operatingsystemrelease'] =~ /^5\./ then
 
-      iptables_flush_all_tables
-
-      param = {
+      ppm = pp({
         'table' => "'raw'",
         'socket' => 'true',
         'chain' => "'PREROUTING'",
-      }
-      ppm = pp(param)
-      puppet_apply(ppm) do |r|
-        r[:stderr].should == ''
-        r[:exit_code].should == 2
-      end
+        'jump' => 'LOG',
+        'log_level' => 'debug',
+      })
 
-      # check idempotency
       puppet_apply(ppm) do |r|
-        r[:stderr].should == ''
-        r[:exit_code].should == 0
+        r.exit_code.should == 2
+        r.stderr.should be_empty
+        r.refresh
+        r.stderr.should be_empty
+        r.exit_code.should be_zero
       end
     end
   end
 
+  it 'test log rule' do
+    iptables_flush_all_tables
+
+    ppm = pp({
+      'name' => '998 log all',
+      'proto' => 'all',
+      'jump' => 'LOG',
+      'log_level' => 'debug',
+    })
+    puppet_apply(ppm) do |r|
+      r.exit_code.should == 2
+      r.stderr.should be_empty
+      r.refresh
+      r.stderr.should be_empty
+      r.exit_code.should be_zero
+    end
+  end
+
+  it 'test log rule - changing names' do
+    iptables_flush_all_tables
+
+    ppm1 = pp({
+      'name' => '004 log all INVALID packets',
+      'chain' => 'INPUT',
+      'proto' => 'all',
+      'state' => 'INVALID',
+      'jump' => 'LOG',
+      'log_level' => '3',
+      'log_prefix' => '"IPTABLES dropped invalid: "',
+    })
+
+    ppm2 = pp({
+      'name' => '003 log all INVALID packets',
+      'chain' => 'INPUT',
+      'proto' => 'all',
+      'state' => 'INVALID',
+      'jump' => 'LOG',
+      'log_level' => '3',
+      'log_prefix' => '"IPTABLES dropped invalid: "',
+    })
+
+    puppet_apply(ppm1) do |r|
+      r.stderr.should be_empty
+      r.exit_code.should == 2
+    end
+
+    ppm = <<-EOS + "\n" + ppm2
+      resources { 'firewall':
+        purge => true,
+      }
+    EOS
+    puppet_apply(ppm) do |r|
+      r.stderr.should be_empty
+      r.exit_code.should == 2
+    end
+  end
+
+  it 'test log rule - idempotent' do
+    iptables_flush_all_tables
+
+    ppm1 = pp({
+      'name' => '004 log all INVALID packets',
+      'chain' => 'INPUT',
+      'proto' => 'all',
+      'state' => 'INVALID',
+      'jump' => 'LOG',
+      'log_level' => '3',
+      'log_prefix' => '"IPTABLES dropped invalid: "',
+    })
+
+    puppet_apply(ppm1) do |r|
+      r.exit_code.should == 2
+      r.stderr.should be_empty
+      r.refresh
+      r.stderr.should be_empty
+      r.exit_code.should be_zero
+    end
+  end
 end
diff --git a/spec/system/purge_spec.rb b/spec/system/purge_spec.rb
@@ -1,25 +1,29 @@
 require 'spec_helper_system'
 
 describe "purge tests:" do
-  it 'make sure duplicate existing rules get purged' do
-    iptables_flush_all_tables
+  context 'make sure duplicate existing rules get purged' do
+    before :all do
+      iptables_flush_all_tables
+
+      shell('/sbin/iptables -A INPUT -s 1.2.1.2')
+      shell('/sbin/iptables -A INPUT -s 1.2.1.2')
+    end
 
-    system_run('/sbin/iptables -A INPUT -s 1.2.1.2')
-    system_run('/sbin/iptables -A INPUT -s 1.2.1.2')
     pp = <<-EOS
 class { 'firewall': }
 resources { 'firewall':
   purge => true,
 }
     EOS
-    puppet_apply(pp) do |r|
-      r[:stderr].should == ''
-      r[:exit_code].should == 2
+
+    context puppet_apply(pp) do
+      its(:stderr) { should be_empty }
+      its(:exit_code) { should == 2 }
     end
 
-    system_run('/sbin/iptables-save') do |r|
-      r[:stdout].should_not =~ /1\.2\.1\.2/
-      r[:stderr].should == ''
+    context shell('/sbin/iptables-save') do
+      its(:stdout) { should_not =~ /1\.2\.1\.2/ }
+      its(:stderr) { should be_empty }
     end
   end
 end
diff --git a/spec/system/resource_cmd_spec.rb b/spec/system/resource_cmd_spec.rb
@@ -4,22 +4,50 @@
 # existing ruleset scenarios. This will give the parsing capabilities of the
 # code a good work out.
 describe 'puppet resource firewall command:' do
-  it 'make sure it returns no errors when executed on a clean machine' do
-    puppet_resource('firewall') do |r|
-      r[:exit_code].should == 0
+  context 'make sure it returns no errors when executed on a clean machine' do
+    context puppet_resource('firewall') do
+      its(:exit_code) { should be_zero }
       # don't check stdout, some boxes come with rules, that is normal
-      r[:stderr].should == ''
+      its(:stderr) { should be_empty }
     end
   end
 
-  it 'flush iptables and make sure it returns nothing afterwards' do
-    iptables_flush_all_tables
+  context 'flush iptables and make sure it returns nothing afterwards' do
+    before :all do
+      iptables_flush_all_tables
+    end
 
     # No rules, means no output thanks. And no errors as well.
-    puppet_resource('firewall') do |r|
-      r[:exit_code].should == 0
-      r[:stderr].should == ''
-      r[:stdout].should == "\n"
+    context puppet_resource('firewall') do
+      its(:exit_code) { should be_zero }
+      its(:stderr) { should be_empty }
+      its(:stdout) { should == "\n" }
+    end
+  end
+
+  context 'accepts rules without comments' do
+    before :all do
+      iptables_flush_all_tables
+      shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80')
+    end
+
+    context puppet_resource('firewall') do |r|
+      its(:exit_code) { should be_zero }
+      # don't check stdout, testing preexisting rules, output is normal
+      its(:stderr) { should be_empty }
+    end
+  end
+
+  context 'accepts rules with invalid comments' do
+    before :all do
+      iptables_flush_all_tables
+      shell('/sbin/iptables -A INPUT -j ACCEPT -p tcp --dport 80 -m comment --comment "http"')
+    end
+
+    context puppet_resource('firewall') do
+      its(:exit_code) { should be_zero }
+      # don't check stdout, testing preexisting rules, output is normal
+      its(:stderr) { should be_empty }
     end
   end
 end
diff --git a/spec/system/stanard_usage_spec.rb b/spec/system/stanard_usage_spec.rb
diff --git a/spec/system/standard_usage_spec.rb b/spec/system/standard_usage_spec.rb
@@ -0,0 +1,59 @@
+require 'spec_helper_system'
+
+# Some tests for the standard recommended usage
+describe 'standard usage tests:' do
+  context 'standard 1' do
+    pp = <<-EOS
+      class my_fw::pre {
+        Firewall {
+          require => undef,
+        }
+
+        # Default firewall rules
+        firewall { '000 accept all icmp':
+          proto   => 'icmp',
+          action  => 'accept',
+        }->
+        firewall { '001 accept all to lo interface':
+          proto   => 'all',
+          iniface => 'lo',
+          action  => 'accept',
+        }->
+        firewall { '002 accept related established rules':
+          proto   => 'all',
+          state   => ['RELATED', 'ESTABLISHED'],
+          action  => 'accept',
+        }
+      }
+      class my_fw::post {
+        firewall { '999 drop all':
+          proto   => 'all',
+          action  => 'drop',
+          before  => undef,
+        }
+      }
+      resources { "firewall":
+        purge => true
+      }
+      Firewall {
+        before  => Class['my_fw::post'],
+        require => Class['my_fw::pre'],
+      }
+      class { ['my_fw::pre', 'my_fw::post']: }
+      class { 'firewall': }
+      firewall { '500 open up port 22':
+        action => 'accept',
+        proto => 'tcp',
+        dport => 22,
+      }
+    EOS
+
+    context puppet_apply(pp) do
+      its(:stderr) { should be_empty }
+      its(:exit_code) { should_not == 1 }
+      its(:refresh) { should be_nil }
+      its(:stderr) { should be_empty }
+      its(:exit_code) { should be_zero }
+    end
+  end
+end