One embodiment of the present invention provides a system that resolves conflicts between network service rules for network data traffic in a system where rule patterns with longer prefixes match before rule patterns with shorter prefixes. The system operates by receiving a set of network service rules for network data traffic from multiple network services, wherein network service rules from different network services can possibly conflict. Each of these network service rules specifies: a filter that defines a prefix for a set of packets in the packet flow, and an action list that specifies one or more actions to be applied to the set of packets. Next, the system identifies a conflict between a higher priority rule and a lower priority rule in the set of network service rules. The system resolves this conflict by prepending an action list of the higher priority rule to an action list of a rule with a filter that defines a longer prefix.