diff --git a/app/services/rules.py b/app/services/rules.py
index 3441058..4cbde0b 100644
--- a/app/services/rules.py
+++ b/app/services/rules.py
@@ -38,6 +38,16 @@ def load_rule_payload(path: Path) -> list[str]:
     return lines
 
 
+def _render_payload_line(payload_line: str, behavior: str) -> str:
+    if "," in payload_line or behavior == "classical":
+        return payload_line
+    if behavior == "ipcidr":
+        return f"IP-CIDR,{payload_line}"
+    if behavior == "domain":
+        return f"DOMAIN-SUFFIX,{payload_line}"
+    return payload_line
+
+
 def _resolve_rule_lines(rule_name: str, app_config: AppConfig, client: ClientConfig) -> list[str]:
     rule = app_config.rules[rule_name]
     target = resolve_policy(rule.policy, client)
@@ -97,7 +107,8 @@ def build_inline_rules(app_config: AppConfig, client: ClientConfig) -> list[str]
             raise FileNotFoundError(f"Rule file missing: {rule.file}")
         target = resolve_policy(rule.policy, client)
         for payload_line in load_rule_payload(path):
-            line = f"{payload_line},{target}"
+            rendered = _render_payload_line(payload_line, rule.behavior)
+            line = f"{rendered},{target}"
             if rule.no_resolve:
                 line += ",no-resolve"
             lines.append(line)