diff --git a/scripts/base/frameworks/pacf/__load__.bro b/scripts/base/frameworks/pacf/__load__.bro
index e2c97f6959..033c30f9a0 100644
--- a/scripts/base/frameworks/pacf/__load__.bro
+++ b/scripts/base/frameworks/pacf/__load__.bro
@@ -1,3 +1,12 @@
 @load ./types
 @load ./main
 @load ./plugins
+
+# The cluster framework must be loaded first.
+@load base/frameworks/cluster
+
+@if ( Cluster::is_enabled() )
+@load ./cluster
+@else
+@load ./non-cluster
+@endif
diff --git a/scripts/base/frameworks/pacf/cluster.bro b/scripts/base/frameworks/pacf/cluster.bro
new file mode 100644
index 0000000000..aea6e832e8
--- /dev/null
+++ b/scripts/base/frameworks/pacf/cluster.bro
@@ -0,0 +1,66 @@
+@load ./main
+@load base/frameworks/cluster
+
+module Pacf;
+
+export {
+	## This is the event used to transport add_rule calls to the manager.
+	global cluster_pacf_add_rule: event(r: Rule);
+
+	## This is the event used to transport remove_rule calls to the manager.
+	global cluster_pacf_remove_rule: event(id: string);
+}
+
+## Workers need ability to forward commands to manager.
+redef Cluster::worker2manager_events += /Pacf::cluster_pacf_(add|remove)_rule/;
+## Workers need to see the result events from the manager.
+redef Cluster::manager2worker_events += /Pacf::rule_(added|removed|timeout|error)/;
+
+
+function activate(p: PluginState, priority: int)
+	{
+	# we only run the activate function on the manager.
+	if ( Cluster::local_node_type() != Cluster::MANAGER )
+		return;
+
+	activate_impl(p, priority);
+	}
+
+global local_rule_count: count = 1;
+
+function add_rule(r: Rule) : string
+	{
+	if ( Cluster::local_node_type() == Cluster::MANAGER )
+		return add_rule_impl(r);
+	else
+		{
+		if ( r$id == "" )
+			r$id = cat(Cluster::node, ":", ++local_rule_count);
+
+		event Pacf::cluster_pacf_add_rule(r);
+		return r$id;
+		}
+	}
+
+function remove_rule(id: string) : bool
+	{
+	if ( Cluster::local_node_type() == Cluster::MANAGER )
+		return remove_rule_impl(id);
+	else
+		{
+		event Pacf::cluster_pacf_remove_rule(id);
+		return T; # well, we can't know here. So - just hope...
+		}
+	}
+
+@if ( Cluster::local_node_type() == Cluster::MANAGER )
+event Pacf::cluster_pacf_add_rule(r: Rule)
+	{
+	add_rule_impl(r);
+	}
+
+event Pacf::cluster_pacf_remove_rule(id: string)
+	{
+	remove_rule_impl(id);
+	}
+@endif
diff --git a/scripts/base/frameworks/pacf/main.bro b/scripts/base/frameworks/pacf/main.bro
index 362a9a1ca8..2fa04c6b24 100644
--- a/scripts/base/frameworks/pacf/main.bro
+++ b/scripts/base/frameworks/pacf/main.bro
@@ -44,7 +44,7 @@ export {
 	## location: An optional string describing where the drop was triggered.
 	##
 	## Returns: The id of the inserted rule on succes and zero on failure.
-	global drop_address: function(a: addr, t: interval, location: string &default="") : count;
+	global drop_address: function(a: addr, t: interval, location: string &default="") : string;
 
 	## Stops forwarding a uni-directional flow's packets to Bro.
 	##
@@ -55,7 +55,7 @@ export {
 	## location: An optional string describing where the shunt was triggered.
 	##
 	## Returns: The id of the inserted rule on succes and zero on failure.
-	global shunt_flow: function(f: flow_id, t: interval, location: string &default="") : count;
+	global shunt_flow: function(f: flow_id, t: interval, location: string &default="") : string;
 
 	## Removes all rules for an entity.
 	##
@@ -81,7 +81,7 @@ export {
 	## assigned to ``r$id``. Note that "successful" means "a plugin knew how to handle
 	## the rule", it doesn't necessarily mean that it was indeed successfully put in
 	## place, because that might happen asynchronously and thus fail only later.
-	global add_rule: function(r: Rule) : count;
+	global add_rule: function(r: Rule) : string;
 
 	## Removes a rule.
 	##
@@ -91,7 +91,7 @@ export {
 	## to handle the removal. Note that again "success" means the plugin accepted the
 	## removal. They might still fail to put it into effect, as that  might happen
 	## asynchronously and thus go wrong at that point.
-	global remove_rule: function(id: count) : bool;
+	global remove_rule: function(id: string) : bool;
 
 	###### Asynchronous feedback on rules.
 
@@ -194,7 +194,7 @@ global plugins: vector of PluginState;
 global plugin_ids: table[count] of PluginState;
 global rule_counter: count = 1;
 global plugin_counter: count = 1;
-global rules: table[count] of Rule;
+global rules: table[string] of Rule;
 
 event bro_init() &priority=5
 	{
@@ -285,20 +285,7 @@ function log_rule_no_plugin(r: Rule, state: InfoState, msg: string)
 	Log::write(LOG, info);
 	}
 
-function activate(p: PluginState, priority: int)
-	{
-	p$_priority = priority;
-	plugins[|plugins|] = p;
-	sort(plugins, function(p1: PluginState, p2: PluginState) : int { return p2$_priority - p1$_priority; });
-
-	plugin_ids[plugin_counter] = p;
-	p$_id = plugin_counter;
-	++plugin_counter;
-
-	log_msg(fmt("activated plugin with priority %d", priority), p);
-	}
-
-function drop_address(a: addr, t: interval, location: string &default="") : count
+function drop_address(a: addr, t: interval, location: string &default="") : string
 	{
 	local e: Entity = [$ty=ADDRESS, $ip=addr_to_subnet(a)];
 	local r: Rule = [$ty=DROP, $target=FORWARD, $entity=e, $expire=t, $location=location];
@@ -306,7 +293,7 @@ function drop_address(a: addr, t: interval, location: string &default="") : coun
 	return add_rule(r);
 	}
 
-function shunt_flow(f: flow_id, t: interval, location: string &default="") : count
+function shunt_flow(f: flow_id, t: interval, location: string &default="") : string
 	{
 	local flow = Pacf::Flow(
 		$src_h=addr_to_subnet(f$src_h),
@@ -330,9 +317,31 @@ function clear()
 	print "Pacf::clear not implemented yet";
 	}
 
-function add_rule(r: Rule) : count
+# Low-level functions that only runs on the manager (or standalone) Bro node.
+
+function activate_impl(p: PluginState, priority: int)
 	{
-	r$id = ++rule_counter;
+	p$_priority = priority;
+	plugins[|plugins|] = p;
+	sort(plugins, function(p1: PluginState, p2: PluginState) : int { return p2$_priority - p1$_priority; });
+
+	plugin_ids[plugin_counter] = p;
+	p$_id = plugin_counter;
+	++plugin_counter;
+
+	# perform one-timi initialization
+	if ( p$plugin?$init )
+		p$plugin$init(p);
+
+	log_msg(fmt("activated plugin with priority %d", priority), p);
+	}
+
+function add_rule_impl(r: Rule) : string
+	{
+	r$cid = ++rule_counter; # numeric id that can be used by plugins for their rules.
+
+	if ( ! r?$id )
+		r$id = cat(r$cid);
 
 	for ( i in plugins )
 		{
@@ -349,14 +358,14 @@ function add_rule(r: Rule) : count
 		}
 
 	log_rule_no_plugin(r, FAILED, "not supported");
-	return 0;
+	return "";
 	}
 
-function remove_rule(id: count) : bool
+function remove_rule_impl(id: string) : bool
 	{
 	if ( id !in rules )
 		{
-		Reporter::error(fmt("Rule %d does not exist in Pacf::remove_rule", id));
+		Reporter::error(fmt("Rule %s does not exist in Pacf::remove_rule", id));
 		return F;
 		}
 
diff --git a/scripts/base/frameworks/pacf/non-cluster.bro b/scripts/base/frameworks/pacf/non-cluster.bro
new file mode 100644
index 0000000000..aa642ca20f
--- /dev/null
+++ b/scripts/base/frameworks/pacf/non-cluster.bro
@@ -0,0 +1,18 @@
+module Pacf;
+
+@load ./main
+
+function activate(p: PluginState, priority: int)
+	{
+	activate_impl(p, priority);
+	}
+
+function add_rule(r: Rule) : string
+	{
+	return add_rule_impl(r);
+	}
+
+function remove_rule(id: string) : bool
+	{
+	return remove_rule_impl(id);
+	}
diff --git a/scripts/base/frameworks/pacf/plugins/broker.bro b/scripts/base/frameworks/pacf/plugins/broker.bro
index 386d1d2373..0f47641018 100644
--- a/scripts/base/frameworks/pacf/plugins/broker.bro
+++ b/scripts/base/frameworks/pacf/plugins/broker.bro
@@ -104,18 +104,27 @@ function broker_remove_rule_fun(p: PluginState, r: Rule) : bool
 	return T;
 	}
 
+function broker_init(p: PluginState)
+	{
+	BrokerComm::enable();
+	BrokerComm::connect(cat(p$broker_host), p$broker_port, 1sec);
+	BrokerComm::subscribe_to_events(p$broker_topic);
+	}
+
 global broker_plugin = Plugin(
 	$name=broker_name,
 	$can_expire = F,
 	$add_rule = broker_add_rule_fun,
-	$remove_rule = broker_remove_rule_fun
+	$remove_rule = broker_remove_rule_fun,
+	$init = broker_init
 	);
 
 global broker_plugin_can_expire = Plugin(
 	$name=broker_name,
 	$can_expire = T,
 	$add_rule = broker_add_rule_fun,
-	$remove_rule = broker_remove_rule_fun
+	$remove_rule = broker_remove_rule_fun,
+	$init = broker_init
 	);
 
 function create_broker(host: addr, host_port: port, topic: string, can_expire: bool &default=F) : PluginState
@@ -134,9 +143,5 @@ function create_broker(host: addr, host_port: port, topic: string, can_expire: b
 	pacf_broker_id[pacf_broker_current_id] = p;
 	++pacf_broker_current_id;
 
-	BrokerComm::enable();
-	BrokerComm::connect(cat(host), host_port, 1sec);
-	BrokerComm::subscribe_to_events(topic);
-
 	return p;
 	}
diff --git a/scripts/base/frameworks/pacf/plugins/openflow.bro b/scripts/base/frameworks/pacf/plugins/openflow.bro
index ba77af7922..1bfd001c00 100644
--- a/scripts/base/frameworks/pacf/plugins/openflow.bro
+++ b/scripts/base/frameworks/pacf/plugins/openflow.bro
@@ -210,7 +210,7 @@ function openflow_rule_to_flow_mod(p: PluginState, r: Rule) : OpenFlow::ofp_flow
 	local c = p$of_config;
 
 	local flow_mod = OpenFlow::ofp_flow_mod(
-		$cookie=OpenFlow::generate_cookie(r$id*2), # leave one space for the cases in which we need two rules.
+		$cookie=OpenFlow::generate_cookie(r$cid*2), # leave one space for the cases in which we need two rules.
 		$command=OpenFlow::OFPFC_ADD,
 		$idle_timeout=c$idle_timeout,
 		$priority=int_to_count(r$priority + c$priority_offset),
@@ -278,7 +278,7 @@ function openflow_add_rule(p: PluginState, r: Rule) : bool
 		{
 		if ( OpenFlow::flow_mod(p$of_controller, matches[i], flow_mod) )
 			{
-			of_messages[r$id, flow_mod$command] = OfTable($p=p, $r=r);
+			of_messages[r$cid, flow_mod$command] = OfTable($p=p, $r=r);
 			flow_mod = copy(flow_mod);
 			++flow_mod$cookie;
 			}
@@ -295,12 +295,12 @@ function openflow_remove_rule(p: PluginState, r: Rule) : bool
 		return F;
 
 	local flow_mod: OpenFlow::ofp_flow_mod = [
-		$cookie=OpenFlow::generate_cookie(r$id),
+		$cookie=OpenFlow::generate_cookie(r$cid),
 		$command=OpenFlow::OFPFC_DELETE
 	];
 
 	if ( OpenFlow::flow_mod(p$of_controller, [], flow_mod) )
-			of_messages[r$id, flow_mod$command] = OfTable($p=p, $r=r);
+			of_messages[r$cid, flow_mod$command] = OfTable($p=p, $r=r);
 	else
 			{
 			event rule_error(r, p, "Error while executing OpenFlow::flow_mod");
diff --git a/scripts/base/frameworks/pacf/types.bro b/scripts/base/frameworks/pacf/types.bro
index b76ab06d3c..9b186b5af2 100644
--- a/scripts/base/frameworks/pacf/types.bro
+++ b/scripts/base/frameworks/pacf/types.bro
@@ -102,7 +102,8 @@ export {
 		s: string &optional;		##< Argument for rule types requiring a string argument.
 		mod: FlowMod &optional; ##< Argument for :bro:id:`MODIFY` rules.
 
-		id: count &default=0;		##< Internally determined unique ID for this rule. Will be set when added.
+		id: string &default="";		##< Internally determined unique ID for this rule. Will be set when added.
+		cid: count &default=0;		##< Internally determined unique numeric ID for this rule. Set when added.
 	};
 
 	## Information of a flow that can be provided by switches when the flow times out.
diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/manager-1.pacf.log b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/manager-1.pacf.log
new file mode 100644
index 0000000000..81fecc2fd3
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/manager-1.pacf.log
@@ -0,0 +1,32 @@
+#separator \x09
+#set_separator	,
+#empty_field	(empty)
+#unset_field	-
+#path	pacf
+#open	2015-05-28-00-59-14
+#fields	ts	category	cmd	state	action	target	entity_type	entity	msg	location	plugin
+#types	time	enum	string	enum	string	enum	string	string	string	string	string
+1432774754.087659	Pacf::MESSAGE	-	-	-	-	-	-	activated plugin with priority 0	-	Debug-All
+1432774756.519062	Pacf::RULE	ADD	Pacf::REQUESTED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774756.519062	Pacf::RULE	ADD	Pacf::REQUESTED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774756.519062	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774756.519062	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774758.581184	Pacf::RULE	ADD	Pacf::REQUESTED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774758.581184	Pacf::RULE	ADD	Pacf::REQUESTED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774758.581184	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774758.581184	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774756.036263	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774756.036263	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774757.774649	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774757.774649	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774758.070948	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774758.070948	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::REQUESTED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::REQUESTED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::REQUESTED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::REQUESTED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1432774766.388890	Pacf::RULE	REMOVE	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+#close	2015-05-28-00-59-26
diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/worker-1..stdout b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/worker-1..stdout
new file mode 100644
index 0000000000..52871d66f0
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/worker-1..stdout
@@ -0,0 +1,4 @@
+Rule added, worker-1:2, 2
+Rule added, worker-1:3, 3
+Rule added, worker-2:2, 4
+Rule added, worker-2:3, 5
diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/worker-2..stdout b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/worker-2..stdout
new file mode 100644
index 0000000000..938eac9557
--- /dev/null
+++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic-cluster/worker-2..stdout
@@ -0,0 +1,2 @@
+Rule added, worker-2:2, 4
+Rule added, worker-2:3, 5
diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout
index f9a3a61220..d107b8c09c 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout
+++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/.stdout
@@ -1,4 +1,5 @@
-pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, _plugin_id=1]
-pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, _plugin_id=1]
-pacf debug (Debug-All): remove_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, _plugin_id=1]
-pacf debug (Debug-All): remove_rule: [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, _plugin_id=1]
+pacf debug (Debug-All): init
+pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=30.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=2, _plugin_id=1]
+pacf debug (Debug-All): add_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1]
+pacf debug (Debug-All): remove_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1]
+pacf debug (Debug-All): remove_rule: [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=15.0 secs, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1]
diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/pacf.log b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/pacf.log
index 11ca981be1..7544264219 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/pacf.log
+++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.basic/pacf.log
@@ -3,7 +3,7 @@
 #empty_field	(empty)
 #unset_field	-
 #path	pacf
-#open	2015-05-12-20-36-36
+#open	2015-05-28-00-27-54
 #fields	ts	category	cmd	state	action	target	entity_type	entity	msg	location	plugin
 #types	time	enum	string	enum	string	enum	string	string	string	string	string
 0.000000	Pacf::MESSAGE	-	-	-	-	-	-	activated plugin with priority 0	-	Debug-All
@@ -12,7 +12,7 @@
 1254722767.875996	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
 1254722767.875996	Pacf::RULE	ADD	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
 1254722776.690444	Pacf::RULE	REMOVE	Pacf::REQUESTED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
-1254722776.690444	Pacf::RULE	REMOVE	Pacf::REQUESTED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
+1254722776.690444	Pacf::RULE	REMOVE	Pacf::REQUESTED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
 1254722776.690444	Pacf::RULE	REMOVE	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
-1254722776.690444	Pacf::RULE	REMOVE	Pacf::SUCCEEDED	Pacf::DROP	Pacf::MONITOR	Pacf::FLOW	10.10.1.4/32/1470->74.53.140.153/32/25	-	(empty)	Debug-All
-#close	2015-05-12-20-36-36
+1254722776.690444	Pacf::RULE	REMOVE	Pacf::SUCCEEDED	Pacf::DROP	Pacf::FORWARD	Pacf::ADDRESS	10.10.1.4/32	-	(empty)	Debug-All
+#close	2015-05-28-00-27-54
diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/recv.recv.out b/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/recv.recv.out
index 922b649a98..927e9e101a 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/recv.recv.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/recv.recv.out
@@ -1,5 +1,5 @@
 BrokerComm::incoming_connection_established
-add_rule, 0, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, _plugin_id=1]
-add_rule, 0, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, _plugin_id=1]
-remove_rule, 0, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, _plugin_id=1]
-remove_rule, 0, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, _plugin_id=1]
+add_rule, 0, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=2, _plugin_id=1]
+add_rule, 0, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1]
+remove_rule, 0, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=2, _plugin_id=1]
+remove_rule, 0, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1]
diff --git a/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/send.send.out b/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/send.send.out
index dab0129d5d..9b4e35e2be 100644
--- a/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/send.send.out
+++ b/testing/btest/Baseline/scripts.base.frameworks.pacf.broker/send.send.out
@@ -1,7 +1,7 @@
 BrokerComm::outgoing_connection_established, 127.0.0.1, 9999/tcp
-rule added, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, _plugin_id=1]
-rule added, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, _plugin_id=1]
-ruke timeout, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, _plugin_id=1], [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
-rule removed, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=2, _plugin_id=1]
-ruke timeout, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, _plugin_id=1], [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
-rule removed, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=3, _plugin_id=1]
+rule added, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=2, _plugin_id=1]
+rule added, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1]
+rule timeout, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=2, _plugin_id=1], [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
+rule removed, [ty=Pacf::DROP, target=Pacf::MONITOR, entity=[ty=Pacf::FLOW, conn=<uninitialized>, flow=[src_h=10.10.1.4/32, src_p=1470/tcp, dst_h=74.53.140.153/32, dst_p=25/tcp, src_m=<uninitialized>, dst_m=<uninitialized>], ip=<uninitialized>, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=2, _plugin_id=1]
+rule timeout, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1], [duration=<uninitialized>, packet_count=<uninitialized>, byte_count=<uninitialized>]
+rule removed, [ty=Pacf::DROP, target=Pacf::FORWARD, entity=[ty=Pacf::ADDRESS, conn=<uninitialized>, flow=<uninitialized>, ip=10.10.1.4/32, mac=<uninitialized>], expire=36000.0, priority=0, location=, c=<uninitialized>, i=<uninitialized>, d=<uninitialized>, s=<uninitialized>, mod=<uninitialized>, id=, cid=3, _plugin_id=1]
diff --git a/testing/btest/scripts/base/frameworks/pacf/basic-cluster.bro b/testing/btest/scripts/base/frameworks/pacf/basic-cluster.bro
new file mode 100644
index 0000000000..73be268394
--- /dev/null
+++ b/testing/btest/scripts/base/frameworks/pacf/basic-cluster.bro
@@ -0,0 +1,50 @@
+# @TEST-SERIALIZE: comm
+#
+# @TEST-EXEC: btest-bg-run manager-1 "cp ../cluster-layout.bro . && CLUSTER_NODE=manager-1 bro %INPUT"
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-1  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-1 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT"
+# @TEST-EXEC: sleep 1
+# @TEST-EXEC: btest-bg-run worker-2  "cp ../cluster-layout.bro . && CLUSTER_NODE=worker-2 bro --pseudo-realtime -C -r $TRACES/smtp.trace %INPUT"
+# @TEST-EXEC: btest-bg-wait 20
+# @TEST-EXEC: btest-diff manager-1/pacf.log
+# @TEST-EXEC: btest-diff worker-1/.stdout
+# @TEST-EXEC: btest-diff worker-2/.stdout
+
+@TEST-START-FILE cluster-layout.bro
+redef Cluster::nodes = {
+	["manager-1"] = [$node_type=Cluster::MANAGER, $ip=127.0.0.1, $p=37757/tcp, $workers=set("worker-1", "worker-2")],
+	["worker-1"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37760/tcp, $manager="manager-1", $interface="eth0"],
+	["worker-2"]  = [$node_type=Cluster::WORKER,  $ip=127.0.0.1, $p=37761/tcp, $manager="manager-1", $interface="eth0"],
+};
+@TEST-END-FILE
+
+redef Log::default_rotation_interval = 0secs;
+#redef exit_only_after_terminate = T;
+
+@load base/frameworks/pacf
+
+event bro_init()
+	{
+	local pacf_debug = Pacf::create_debug(T);
+	Pacf::activate(pacf_debug, 0);
+	}
+
+event connection_established(c: connection)
+	{
+	local id = c$id;
+	Pacf::shunt_flow([$src_h=id$orig_h, $src_p=id$orig_p, $dst_h=id$resp_h, $dst_p=id$resp_p], 30sec);
+	Pacf::drop_address(id$orig_h, 15sec);
+	}
+
+event terminate_me() {
+	terminate();
+}
+
+event remote_connection_closed(p: event_peer) {
+	schedule 1sec { terminate_me() };
+}
+
+event Pacf::rule_added(r: Pacf::Rule, p: Pacf::PluginState, msg: string &default="")
+	{
+	print "Rule added", r$id, r$cid;
+	}
diff --git a/testing/btest/scripts/base/frameworks/pacf/broker.bro b/testing/btest/scripts/base/frameworks/pacf/broker.bro
index a3a59e5acb..9e5caa8864 100644
--- a/testing/btest/scripts/base/frameworks/pacf/broker.bro
+++ b/testing/btest/scripts/base/frameworks/pacf/broker.bro
@@ -55,7 +55,7 @@ event Pacf::rule_removed(r: Pacf::Rule, p: Pacf::PluginState, msg: string)
 
 event Pacf::rule_timeout(r: Pacf::Rule, i: Pacf::FlowInfo, p: Pacf::PluginState)
 	{
-	print "ruke timeout", r, i;
+	print "rule timeout", r, i;
 	}
 
 @TEST-END-FILE
@@ -94,7 +94,7 @@ event Pacf::broker_remove_rule(id: count, r: Pacf::Rule)
 	BrokerComm::event("bro/event/pacftest", BrokerComm::event_args(Pacf::broker_rule_timeout, id, r, Pacf::FlowInfo()));
 	BrokerComm::event("bro/event/pacftest", BrokerComm::event_args(Pacf::broker_rule_removed, id, r, ""));
 
-	if ( r$id == 3 )
+	if ( r$cid == 3 )
 		terminate();
 	}