Looks good, I just have a couple of comments, I think most of which are actually against the original implementation.
64 - Guard debug logging
77 - public setOperation, setObjectType, setProperties could be private and members final
107 - comment re compareTo seems spurious
112 - the refactoring means we now always evaluate operation, objectType and properties rather than potentially short circuiting earlier. Also could properties ever end up being null?
75 - load should be closing the underlying reader
68 - Add the IP that failed to lookup to the text of the AccessControlFirewallException
100 - I think we should be logging at warn the case where rDNS lookups are failing/timing out. I worry that a sporadic DNS failure might lead to mysterious Java Broker defect reports.
public String call()
boolean success = false;
String hn = remote.getCanonicalHostName();
success = true;
log.warn("Failed to get canonical for " + ip + ", DNS timeout or error.");.
100 - confusing braces
177 - seemingly unnecessary use of reflection. InetAddress.getByAddress has been part of the API since 1.4
code style (brace positions)