From dc7cbdfa65fd814b3b9aa3c56257da201109e807 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Fri, 5 Apr 2019 21:17:31 +0100
Subject: gentoo resync : 05.04.2019

---
 net-firewall/Manifest.gz                           | Bin 5548 -> 5549 bytes
 net-firewall/conntrack-tools/Manifest              |   5 -
 .../conntrack-tools/conntrack-tools-1.4.2.ebuild   |  82 ----
 .../conntrack-tools/conntrack-tools-1.4.3.ebuild   |  82 ----
 .../conntrack-tools/conntrack-tools-1.4.4.ebuild   |  85 ----
 net-firewall/firehol/Manifest                      |   2 +-
 net-firewall/firehol/firehol-3.1.6.ebuild          |   4 +-
 net-firewall/shorewall/Manifest                    |  16 +-
 net-firewall/shorewall/shorewall-5.2.3.1.ebuild    | 482 ---------------------
 net-firewall/shorewall/shorewall-5.2.3.2.ebuild    | 482 +++++++++++++++++++++
 net-firewall/ufw/Manifest                          |   8 +-
 .../ufw/files/ufw-0.36-bash-completion.patch       |  16 +
 .../ufw/files/ufw-0.36-dont-check-iptables.patch   |  45 ++
 net-firewall/ufw/files/ufw-0.36-move-path.patch    | 174 ++++++++
 net-firewall/ufw/files/ufw-0.36-shebang.patch      |  15 +
 net-firewall/ufw/metadata.xml                      |  15 +-
 net-firewall/ufw/ufw-0.36.ebuild                   | 199 +++++++++
 17 files changed, 962 insertions(+), 750 deletions(-)
 delete mode 100644 net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild
 delete mode 100644 net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild
 delete mode 100644 net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild
 delete mode 100644 net-firewall/shorewall/shorewall-5.2.3.1.ebuild
 create mode 100644 net-firewall/shorewall/shorewall-5.2.3.2.ebuild
 create mode 100644 net-firewall/ufw/files/ufw-0.36-bash-completion.patch
 create mode 100644 net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
 create mode 100644 net-firewall/ufw/files/ufw-0.36-move-path.patch
 create mode 100644 net-firewall/ufw/files/ufw-0.36-shebang.patch
 create mode 100644 net-firewall/ufw/ufw-0.36.ebuild

(limited to 'net-firewall')

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 906f8eb5500f..ab984538f05d 100644
Binary files a/net-firewall/Manifest.gz and b/net-firewall/Manifest.gz differ
diff --git a/net-firewall/conntrack-tools/Manifest b/net-firewall/conntrack-tools/Manifest
index 2ed98c408027..0a8ea6acb033 100644
--- a/net-firewall/conntrack-tools/Manifest
+++ b/net-firewall/conntrack-tools/Manifest
@@ -2,13 +2,8 @@ AUX conntrack-tools-1.4.4-rpc.patch 1749 BLAKE2B 25b23da8f1aa491de037621977ca40e
 AUX conntrack-tools-1.4.5-rpc.patch 1555 BLAKE2B d92009c2bc4de820956ad2d7459a19cde970356aff4e960e3c17808a28a76483a104df7beaf437dfa30b124d5a2b90bd41db27b4b3b76ab57c3dd2e8bf6bad5f SHA512 55cf7451c3e36e414c8bdc43c46b235259f259b0f7c0b5a11d6543438308ed74621b363ae157160634d00bf45d6115e06badc06848951157facec6b8d496026c
 AUX conntrackd.confd-r2 441 BLAKE2B 5898c470f1d99beb47d01c9215c8e3da2e624455f65c3c41e77dbf26db3ebfa4624ac6556098f303c4f4588e093b7f94ae29921b1a6cdc4a881060eaf0dc425c SHA512 3d72d56d44094593f6ff1eac421fe6a4f0d20450ce698c175adf1b18a859b1a24c7120fa60431b2a00da62ae3749c4619106c8e93fb8fc763ceefc26a82d2ed2
 AUX conntrackd.initd-r3 2238 BLAKE2B 711bf4ab403f61d5d528e0dc504d272a7e410be70c529d8f7a624f742ca66f4692b683f3283b79f000589bdab7f83598130e4ca1a0ae2bed9afce80ec78d00c8 SHA512 445c19ad42e92136e9dfd6b7885334075e72971b73ff7178c6bf16a31e0c037f17d9d039394fa8002f0ad5182a353f7c803d3f900e8873b671eecca94ced78fe
-DIST conntrack-tools-1.4.2.tar.bz2 472074 BLAKE2B 9e3a90b80ea5d47737d5d5bbecd922110f2abc50e922fa2236a61f02e72c8cd4626d51fa31801f6f8b1be26b4ff71f216bd89d3599eebfc12b0f7a69bff3ec4e SHA512 1fed742593caf8bbac96a58df8f7e806d1c0f1dfea8fc601d65aa89b4243b1022949a2bf03ab0ca25994a13e50b3b1ee43a31827e0dc4da1399801ddac623d56
-DIST conntrack-tools-1.4.3.tar.bz2 487111 BLAKE2B 9b8f43129898bdc0c2475a4081333864fb4145a89ced96f7c88d8c8b52bbc9ceb55254b7f9c9776cccc3b89ba6b2aacfb91790ca052defe1a0290a10e85bbb3a SHA512 be76a0ddb7470249c58ceab72cb94ffc05f5cc6d740a0755c9c782e948b4234eb1da4f7c7df1f14e4125cca9f12f3b4d2dcd444fe011941952aa3eeb13cb72c3
 DIST conntrack-tools-1.4.4.tar.bz2 1010504 BLAKE2B 4190672f017f434b6b4a1841022d64256eac1953c6f62aecb087e2ef0f5c83ad57809c9170de816eb7e0f934c41de0a541328bab7e064243e48e9f18ade3f5fb SHA512 f53bd620bfd4e854e792416527a3090d883c5f00d1d8365e52ce3ba204218dc431490703985d3fdae44decbcddb24ed610bf81a6a99bd7ea01482f95f71df0f5
 DIST conntrack-tools-1.4.5.tar.bz2 479562 BLAKE2B 229531d1c6c237e539df5b83525dca5ce0b009a76a2a5f873282eabc73cc00095c15c686bc68f9364e81efc846bfa8eac8b08f7fd476199d10d0c25190ca2456 SHA512 480fe2cc4420bc8477a2ba67b3d052bcb39c6b3ec000cff27fc12db70b42ec94fa3b5fe12ee35d439e88d9a631a33cd12ae470b69dde6d371d4e53af62a2eed1
-EBUILD conntrack-tools-1.4.2.ebuild 1938 BLAKE2B 8d5f16ddce1d4e49e61f0715d0948869878b424838fb6039cd37729d9cf51cbec51ee743a3d81fa71c4711234a563b83f46a3bae83f87cece59033c0cbee8a3f SHA512 b7bc4438561d199cba668ebc1ef691ea0a7d737cee8beeeed1c703d479d9161da68f6b2125b9555decda6dd9271955f4c146ff002a3c53a5263db9f7a5a95695
-EBUILD conntrack-tools-1.4.3.ebuild 1935 BLAKE2B fa4fd76d7c3ba12748c215971c146c36eaae42e564f2185b99f67181f9cef7da3f5c604a694105987c7ff6e613dced5c26a185c41855e378e93dc670077301f5 SHA512 80fa97972a0dce17a5c08bae77123ac0931115cc3d36414c3cb959fbe9edba6ee33a659fdf5c83a6f4c8dfeef94584059adce56955040c56ae958c00a31ef448
 EBUILD conntrack-tools-1.4.4-r1.ebuild 2087 BLAKE2B f30c6468219e9020d40f73f5a2977d04825da1a7d2e6a9765c90a6b3104c8f4bfe7b49c9d4b234ca076f02ac252b72c27faab601dac06ab12e9a5f9bfe04adcc SHA512 6a0cc74bc6bd2e6fe30ecf4c54309d57ec4dd82d3189a890f2ce600ee9c73ffdb1c06eba081cf0ccb1bf39797a5676d7cc12d7317fea4633c0ffe157abc42e79
-EBUILD conntrack-tools-1.4.4.ebuild 1900 BLAKE2B dac0ee63aa964380b8c7866509a8f456abf92593ebe8742fb449199f91a1c02a927a3b027604a7bc1d0ab2977556d57f7184337ad444c451159cb102f7a2751b SHA512 1b009478cd4a93a1aedaab452c947c6c76e0d18cbdbdccef72e995bc7217066883c98c7232fe76a9946b87f8dbb595eef33aba5e21230d22a1c9268171896d83
 EBUILD conntrack-tools-1.4.5.ebuild 2195 BLAKE2B 2e3e6340ef8e79f0a5335c1b88e6e95f1cda785ed72c934dae2e36ec88090ebde4b9d01218969f2bb1e96fdeec7b7f653e9c4be4eee5c11c2f6349982b70dbe8 SHA512 ff4197793e82372c6e16546390a26c970be22eb5b889eb26fa8f9a8cc04d5961e9614fc677ef677a011fe0f8ac0e95d5a27201fe3880f0467e789217f6fa3e74
 MISC metadata.xml 958 BLAKE2B 61cf89e7c192b663fd573ba7be767cd359786ba0fff20e72212fbc24e07c0c69e3bc2ee2226d39ac1744620cb1f5c63a480fc073860af665064853f5b780332d SHA512 19c68ca3bc373de0b9d533c7a36cdbe1da52871fb985641fa725c6208ffc09536696b02cce37e836300a2809bab117be2f0046ef329d2a739de5827cf0ee189a
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild
deleted file mode 100644
index 0e602a00e305..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit autotools eutils linux-info
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa x86"
-IUSE="doc"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3
-	>=net-libs/libnetfilter_conntrack-1.0.4
-	>=net-libs/libnetfilter_cthelper-1.0.0
-	>=net-libs/libnetfilter_cttimeout-1.0.0
-	>=net-libs/libnetfilter_queue-1.0.2
-	>=net-libs/libnfnetlink-1.0.1
-"
-DEPEND="${RDEPEND}
-	doc? (
-		app-text/docbook-xml-dtd:4.1.2
-		app-text/xmlto
-	)
-	virtual/pkgconfig
-	sys-devel/bison
-	sys-devel/flex"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if kernel_is lt 2 6 18 ; then
-		die "${PN} requires at least 2.6.18 kernel version"
-	fi
-
-	#netfilter core team has changed some option names with kernel 2.6.20
-	if kernel_is lt 2 6 20 ; then
-		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
-	else
-		CONFIG_CHECK="~NF_CT_NETLINK"
-	fi
-	CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
-		~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
-	check_extra_config
-
-	linux_config_exists || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
-		ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
-			"are not set when one at least should be."
-}
-
-src_prepare() {
-	# bug #474858
-	sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed'
-
-	epatch_user
-	eautoreconf
-}
-
-src_compile() {
-	default
-	use doc && emake -C doc/manual
-}
-
-src_install() {
-	default
-
-	newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
-	newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
-	insinto /etc/conntrackd
-	doins doc/stats/conntrackd.conf
-
-	dodoc -r doc/sync doc/stats AUTHORS TODO
-	use doc && dohtml doc/manual/${PN}.html
-}
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild
deleted file mode 100644
index fccdde6b3e3c..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit autotools eutils linux-info
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~hppa ~x86"
-IUSE="doc"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3
-	>=net-libs/libnetfilter_conntrack-1.0.4
-	>=net-libs/libnetfilter_cthelper-1.0.0
-	>=net-libs/libnetfilter_cttimeout-1.0.0
-	>=net-libs/libnetfilter_queue-1.0.2
-	>=net-libs/libnfnetlink-1.0.1
-"
-DEPEND="${RDEPEND}
-	doc? (
-		app-text/docbook-xml-dtd:4.1.2
-		app-text/xmlto
-	)
-	virtual/pkgconfig
-	sys-devel/bison
-	sys-devel/flex"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if kernel_is lt 2 6 18 ; then
-		die "${PN} requires at least 2.6.18 kernel version"
-	fi
-
-	#netfilter core team has changed some option names with kernel 2.6.20
-	if kernel_is lt 2 6 20 ; then
-		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
-	else
-		CONFIG_CHECK="~NF_CT_NETLINK"
-	fi
-	CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
-		~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
-	check_extra_config
-
-	linux_config_exists || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
-		ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
-			"are not set when one at least should be."
-}
-
-src_prepare() {
-	# bug #474858
-	sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed'
-
-	epatch_user
-	eautoreconf
-}
-
-src_compile() {
-	default
-	use doc && emake -C doc/manual
-}
-
-src_install() {
-	default
-
-	newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
-	newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
-	insinto /etc/conntrackd
-	doins doc/stats/conntrackd.conf
-
-	dodoc -r doc/sync doc/stats AUTHORS TODO
-	use doc && dohtml doc/manual/${PN}.html
-}
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild
deleted file mode 100644
index c004861ea7cb..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild
+++ /dev/null
@@ -1,85 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit autotools eutils linux-info
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~hppa ~x86"
-IUSE="doc"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3
-	>=net-libs/libnetfilter_conntrack-1.0.6
-	>=net-libs/libnetfilter_cthelper-1.0.0
-	>=net-libs/libnetfilter_cttimeout-1.0.0
-	>=net-libs/libnetfilter_queue-1.0.2
-	>=net-libs/libnfnetlink-1.0.1
-"
-DEPEND="
-	${RDEPEND}
-	doc? (
-		app-text/docbook-xml-dtd:4.1.2
-		app-text/xmlto
-	)
-	virtual/pkgconfig
-	sys-devel/bison
-	sys-devel/flex
-"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if kernel_is lt 2 6 18 ; then
-		die "${PN} requires at least 2.6.18 kernel version"
-	fi
-
-	#netfilter core team has changed some option names with kernel 2.6.20
-	if kernel_is lt 2 6 20 ; then
-		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
-	else
-		CONFIG_CHECK="~NF_CT_NETLINK"
-	fi
-	CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
-		~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
-	check_extra_config
-
-	linux_config_exists || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
-		ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
-			"are not set when one at least should be."
-}
-
-src_prepare() {
-	default
-
-	# bug #474858
-	sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die
-
-	eautoreconf
-}
-
-src_compile() {
-	default
-	use doc && emake -C doc/manual
-}
-
-src_install() {
-	default
-
-	newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
-	newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
-	insinto /etc/conntrackd
-	doins doc/stats/conntrackd.conf
-
-	dodoc -r doc/sync doc/stats AUTHORS TODO
-	use doc && dodoc doc/manual/${PN}.html
-}
diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest
index 57e697c5c29a..65467c1fdbea 100644
--- a/net-firewall/firehol/Manifest
+++ b/net-firewall/firehol/Manifest
@@ -8,5 +8,5 @@ DIST firehol-3.1.6.tar.xz 1484424 BLAKE2B aea45aa424b7b43ed0576916f52a785601a214
 EBUILD firehol-3.1.3-r1.ebuild 1374 BLAKE2B 5d4bb0400ffd486fea5302bd4288fdfdbf3839f5e6c30aa967afe7d5a613e42eaeada633e5c913e4eeed6123c4bd671f041769c2e424c9ef902c693c6229078b SHA512 17c008ecb04c267b5568360d1f89d6809a9aec17ccf3beb98979df91d5c5df568cca4b3c5df91e5ee6644dbb76cc7644de3fd22cbfd8c35bb5aae84d7d2ca919
 EBUILD firehol-3.1.3.ebuild 1321 BLAKE2B 5160111e2939d25a8cca9d4479d88facd80ae7c5dcd93a0e278481edaf1c912266d76157ab3db0d7908782946d6632d3abae71f0b64033cb7bceaec30b21f45e SHA512 6be61cbef86add228244d129e7ff9060cd90d74edc563f568aa55a1f17bd2a483c5c035d396feefefe6a5f92aca9fd63e1c9b0eec1aefd0f76721aa3a606deed
 EBUILD firehol-3.1.4.ebuild 1372 BLAKE2B f3249920863d8736d21da864e390828f05a368e58f8ab3d857151410a840c6c84a18d455b344a9a2ccc5516cb27a7b86a18d22cd67156b13a33e121e7a6e3fec SHA512 b9f5c95333e0f287eef761ae036bface8ec9e549786c1937f695fd37199cbcb3cd3d70a46fb56cb7224a1badf0e43ab4ad2cfacb171ed81c696bcdf2e2d374c1
-EBUILD firehol-3.1.6.ebuild 1433 BLAKE2B 00c0cd01a1a8addd0b6352ef9ce46e06fd33509e134ae637bd3701ffaedc0437c9670f593501f0fd8830237a1d047a899e20df7ecb24dccf408e0f14472400b0 SHA512 1f4e79dcc4dc6d567350979211feff43728951f4a6152e14a216b3bd3ed18a49d9b64747627a0221f1191ac8706012c96072bc503f6021465ca2b417eb25ee68
+EBUILD firehol-3.1.6.ebuild 1431 BLAKE2B 914416fa6cc1a66da86a6e984d73296279bb7457bd39b1714e2a3633d123d734d52eb3367fa5b07f318d2ffa5714879fbec530b1268ee2b233985154651b94ce SHA512 c20b6f70f9c290acc2412cdeaeb6a69012558435bb52e1d6ec3c9aadc3017a6c06c1dd91a9d0bc7c1fed08155b88ba67c726691811a285215d8ddc86097aea6a
 MISC metadata.xml 434 BLAKE2B 43111da215ea3d6d6af807ee1b629a3ff72dfefe15fa429a6ea5b112cbfb881d1bf848b50a266c32b820a7aec3e14e419c64657cc0a205c1e759c77b64a17b52 SHA512 9ab3275ada67cf2da92f07d9a332f098330caa81b0a7f5d17a321a03cf6b441e029efab9a8f3eaaff7d7181eb503721aa954c14e0a7982e4f35e16c8eaa57898
diff --git a/net-firewall/firehol/firehol-3.1.6.ebuild b/net-firewall/firehol/firehol-3.1.6.ebuild
index 8bddf14115b7..c17a7cde2bf0 100644
--- a/net-firewall/firehol/firehol-3.1.6.ebuild
+++ b/net-firewall/firehol/firehol-3.1.6.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -12,7 +12,7 @@ SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz
 LICENSE="GPL-2"
 SLOT="0"
 IUSE="doc ipv6 ipset"
-KEYWORDS="~amd64 ~arm ~ppc ~x86"
+KEYWORDS="amd64 arm ~ppc ~x86"
 
 RDEPEND="net-firewall/iptables
 	sys-apps/iproute2[-minimal,ipv6?]
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest
index 0cb246904f10..26dcaf02e48d 100644
--- a/net-firewall/shorewall/Manifest
+++ b/net-firewall/shorewall/Manifest
@@ -15,12 +15,12 @@ AUX shorewall.systemd 568 BLAKE2B 385edad8857f029f691481483cc3e5e5981836254b7b39
 AUX shorewall6-lite.systemd 612 BLAKE2B e658af2b6d399fe527a58201b80997651954df67a18be2465a1099b81f7ed89cc3c63d4ef550521d3b9e3cc995915439e21e1142f46f8df1e44e22b5c29009d5 SHA512 0bd832d4f8857bf9b1c9c776a53739d8666f002d1caab29c976a248916cf1eb5806d6b59dbf7ee8a120a3158b10e6fa6e179e34fe9fa6077a794ffa7d1e06cec
 AUX shorewall6.systemd 577 BLAKE2B 5c755c0105954a34e39e077af0e012d9d6e647715a4b12fbae4fc47f4ae19afd6a63266b3684ddead689b2d4f7450b7a12906258fc86ef33fc36a4dac3771274 SHA512 96b69df246a18e8b7dbfdbe78959da1baa8f2a97eb290853d4040a895f2ae91b97addd2ab4e4e19345960ffe8f1b099442f40ce319b27f0d4d8d7d4780d2e78d
 AUX shorewallrc-r3 2035 BLAKE2B 6f4e4c93cee1f25405cc3ac76958064f1241a325c8b530c30f6dbd94423577d592e88613f463c4b41c1af1db22c7e53512fd8509931bb6527a8da669f2dbe773 SHA512 eaa32bf6baca0d3555db918d6221c7678f5ba67e78bf9dcdc1bf96deded8f64838d3a332226fa6605f0c1ae82e51e0f2c1540fa6188fd9bced22460a631f48a8
-DIST shorewall-5.2.3.1.tar.bz2 555568 BLAKE2B a6d1a32d0b3a8858fed6c920b5988ddb27b090ce3a455298ed0f75eb29eb274befebc9509245878a5b9d32574dc8d64d01420eba0e091d9bffde0138296eb7f8 SHA512 bc8bc7f35c9e259ca7a38f6cf38bac60dd04d4c73f7366d33213a9279809f58ef816f8767c81105b8b391b753f9acae7e6313172dacae38f9ad7a5dc02bb890c
-DIST shorewall-core-5.2.3.1.tar.bz2 68870 BLAKE2B 50fe40b119c7778687cef5ac2728c55dff2c70f16174f03d229507ae9db1e505976dbf85df002a234f01a8c07843e889e963c3776dd647c32d202f161cb0f0d2 SHA512 3b44c5cc4dd6e0ffa2f2ed6ce4783fc2f934966eff405671931c2c150794de0e6645f7e4fdb35e93bcaee74e2df53ce41641ea7d9093f20399761ceb90191faf
-DIST shorewall-docs-html-5.2.3.1.tar.bz2 4302429 BLAKE2B dbd36a313ae3a637450ebcb1b5147c2a43f688e21d312ad7ccd79101ad1b046975fb6cf20ea46afb3f1383f427ac1bbcb1ce3fa4715338ed46827da17429e6be SHA512 31f840d9522331266149ac24898618ea172ae89c1b35b5abf4db6d5a15dc9199b6385999a7dff9445c0a319d18e2d47c1b718b6daa07155f28c0f0aa18dba767
-DIST shorewall-init-5.2.3.1.tar.bz2 34221 BLAKE2B 79607fa498eef4adb657009031dd2fc81c53f891d170fc9cb1f6d8432772319194770894d7cb5b95bcd3e41eabd3d6885edde13317b04c92c05c9106a925747a SHA512 fdbe504659c4c0436e3992288aa8868df60bcbccf2ba89e014d4927b82046354f47a54794020199b741de15f38fa4c04a012e595288828715e87fb2ce2bd4d60
-DIST shorewall-lite-5.2.3.1.tar.bz2 38993 BLAKE2B d8c230c9abef51ce4b1a02584c903b5c39080aa9d0398f104c36481eb28d29079fa0b6cb9c20f2d78e2bf8dc09535a643ee318c734ff1358f574f6b12ffc8bf2 SHA512 7ba0cb4ddc863448237c60dec3300dc04b8e509b7df5f650cbc5517badf59af35a5bc651a58bb5e2fed47fb16d633772a385c54bb929c7ac12222191deaab7ba
-DIST shorewall6-5.2.3.1.tar.bz2 190299 BLAKE2B 71745734cda4359da9213478bed680dca595775dca82e937f3a57cce9af0a3f0910989570461d5507bb88e5ebbad5176ed515ab1f8dcef072c78c42a96ff0d11 SHA512 4d2f688e1ecdde239f271c660820faec4db1d7c936c4579e9c5b087125fdfd14e14b72dc590ca59de050155ce91815a49b7b30125ebe97e7be8323aa0f662136
-DIST shorewall6-lite-5.2.3.1.tar.bz2 38966 BLAKE2B c7c6158b1d1dd1aa58bdba35b2606286d01de885e7e35c825d41bcadb651357c62188dd4d7af81979ac8dc18b2f24a6d37c6d2486159796fcccdb9b656178f60 SHA512 cbe82e7a25ea0e0d7cd6a0ceaefe80413a2d07be92433c9932a4b0e1aaa6ff93e6150fd221b43fd056c088390d42b9bb9d8540e8d70dde315f7a53057e6f2f1c
-EBUILD shorewall-5.2.3.1.ebuild 17106 BLAKE2B aa979e5dec0e76a93db5bb2a4671158e792bb76e23e0fc05460f3ddcda9d2638c5608eacd18822aaf8e0dd5ff314925494ead63b39060b131be5ab454b3bb2ce SHA512 8c881b26cb893c6f1660481334440225b7cbce5012f2fcf20e8cce8403baab12fa21ee489b287eb1604b0d85a05d05c1120fc51617a6001cd35fcaab61e09b43
+DIST shorewall-5.2.3.2.tar.bz2 556260 BLAKE2B 4a210acea452c93bc3161ae4386e3f9337ba759bbddde6fc4dfca712d26bf8b99d48b4395b08f351e095155d71a9c0fb014ee16880224ec9d52e88743ca789ef SHA512 187af5eadf1b7717ec02c2532aa65f89a93a4ec6a7dbff11eceabc92309179297f748accf9bd0e35a6c6b8f5f99fa045550c9eb19b08885dd1ecb8206b97de89
+DIST shorewall-core-5.2.3.2.tar.bz2 69128 BLAKE2B 6a5caf31f415094071584d740c56551214326c8b6376cbd770fb4a7b72607bbdb1e53dfe863e40c1b65e874915fdcb0364779efe22c807fa5c8ed810c6cc4d2d SHA512 1de38fb74282a67d4596bc6ddb3b73b88d9d9d31ef4d40555199cba923a600fdfcf19b922d29fa47e9e3f25048404299dadced27ffa0c0ca93368bb80694c17b
+DIST shorewall-docs-html-5.2.3.2.tar.bz2 4302686 BLAKE2B 73d20e4a6a28771963e2fb79b251d42b7c7c7e47df446e5f400f299cbc334567505bb50d2bc5c9c834baf6d8d6208283b86ea0e873c194e9dfbd3d1da2720c2f SHA512 ede1eeb8444832839bdd0642809fbb960300f289c0a9e8c979d92fa376a3ba28648b7c89d4ff8caca4bc4d6ce15d4205e4d4679628b9080e3f41919105850aaa
+DIST shorewall-init-5.2.3.2.tar.bz2 34418 BLAKE2B 1657bf055f2f5aa9206392a4cdf4a2a03185d964e01edc93455b587e5004aab146f6da65d8b70c72414a74887696ad9dbaca729ab063fe4016f3e45a8bb732d9 SHA512 ed46184535a0cc7197f4c7513604574b0ba862a99ac3cd1d0437f12dca17e9b1d249df77ac0152d4cfd257a1de1310af07c1bd70e763e4d663e7114dd26c617c
+DIST shorewall-lite-5.2.3.2.tar.bz2 39201 BLAKE2B a50fdfe8498e745daed93166c5bd3d4cabebcc13f54bf3c00360f6e2fbaaa4327f0b40496308ca00915d35abdff2e37b3e85b29a77828d1bdacd0b36cdcac2f5 SHA512 2ce235153546c35a4fe440ec4b0dc66f6d0807b50dc3a7f148296e341f6a264bf63da36cac1ed9cbb4b857df7843209f818101ff6d342c5673d8b1134de67073
+DIST shorewall6-5.2.3.2.tar.bz2 190178 BLAKE2B 587902f4d0ac799f499520964e33db5251d1e5e3022a2cb2413a1349893bea13a7f1995fe3a70ae0b23d4ab3936e55233f208e9162bd51877d01b3eec4f7137e SHA512 3dc5bb4996ea251aef323241a855a2efaf4db3772e94050403faf040cf8f18fa4e38d7b2cae8733f0557b79c6330b10cf545d51338d4df1ebea19ba20bd66b05
+DIST shorewall6-lite-5.2.3.2.tar.bz2 39069 BLAKE2B 3647156f673cfce29a1bebddeef81de911146d707e5c917ce01a93ed807bc67ee7f9107c9010a396f000fd76286ef167f43b2432954c17bc2a3a5cf085acc073 SHA512 1d47bb005655bf863ec41601b7e49c91508d330f80f0b9b5a546ed366d06fe04a4005598fc5b34b271ccf7f5f4798ccee83917b0988b03fd36cb53e12c44334d
+EBUILD shorewall-5.2.3.2.ebuild 17106 BLAKE2B aa979e5dec0e76a93db5bb2a4671158e792bb76e23e0fc05460f3ddcda9d2638c5608eacd18822aaf8e0dd5ff314925494ead63b39060b131be5ab454b3bb2ce SHA512 8c881b26cb893c6f1660481334440225b7cbce5012f2fcf20e8cce8403baab12fa21ee489b287eb1604b0d85a05d05c1120fc51617a6001cd35fcaab61e09b43
 MISC metadata.xml 2254 BLAKE2B e9d48407a0f055415070f5b0266ed9f534768f6d17d52b7070de30a037b89dbd08daac40b0ec313b8dfc65ba40ff38dae96c9758b78ec66d100ac8fa6b870d5f SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33
diff --git a/net-firewall/shorewall/shorewall-5.2.3.1.ebuild b/net-firewall/shorewall/shorewall-5.2.3.1.ebuild
deleted file mode 100644
index 14bfe9b234c5..000000000000
--- a/net-firewall/shorewall/shorewall-5.2.3.1.ebuild
+++ /dev/null
@@ -1,482 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="6"
-
-inherit linux-info prefix systemd versionator
-
-DESCRIPTION='A high-level tool for configuring Netfilter'
-HOMEPAGE="http://www.shorewall.net/"
-LICENSE="GPL-2"
-SLOT="0"
-IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
-
-MY_PV=${PV/_rc/-RC}
-MY_PV=${MY_PV/_beta/-Beta}
-MY_P=${PN}-${MY_PV}
-
-MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
-MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
-
-# shorewall
-MY_PN_IPV4=Shorewall
-MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
-
-# shorewall6
-MY_PN_IPV6=Shorewall6
-MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
-
-# shorewall-lite
-MY_PN_LITE4=Shorewall-lite
-MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
-
-# shorewall6-lite
-MY_PN_LITE6=Shorewall6-lite
-MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
-
-# shorewall-init
-MY_PN_INIT=Shorewall-init
-MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
-
-# shorewall-core
-MY_PN_CORE=Shorewall-core
-MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
-
-# shorewall-docs-html
-MY_PN_DOCS=Shorewall-docs-html
-MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
-
-# Upstream URL schema:
-# Beta:    $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
-# RC:      $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
-# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
-
-MY_URL_PREFIX=
-MY_URL_SUFFIX=
-if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
-	MY_URL_PREFIX='development/'
-
-	_tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
-	_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
-	if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
-		MY_URL_SUFFIX="-${_tmp_suffix}"
-	fi
-
-	# Cleaning up temporary variables
-	unset _tmp_last_index
-	unset _tmp_suffix
-else
-	KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
-fi
-
-SRC_URI="
-	http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
-	ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
-	ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
-	lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
-	lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
-	init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
-	doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
-"
-
-# - Shorewall6 requires Shorewall
-# - Installing Shorewall-init or just the documentation doesn't make any sense,
-#   that's why we force the user to select at least one "real" Shorewall product
-#
-# See http://shorewall.net/download.htm#Which
-REQUIRED_USE="
-	ipv6? ( ipv4 )
-	|| ( ipv4 lite4 lite6 )
-"
-
-# No build dependencies! Just plain shell scripts...
-DEPEND=""
-
-RDEPEND="
-	>=net-firewall/iptables-1.4.20
-	>=sys-apps/iproute2-3.8.0[-minimal]
-	>=sys-devel/bc-1.06.95
-	ipv4? (
-		>=dev-lang/perl-5.16
-		virtual/perl-Digest-SHA
-	)
-	ipv6? (
-		>=dev-perl/Socket6-0.230.0
-		>=net-firewall/iptables-1.4.20[ipv6]
-		>=sys-apps/iproute2-3.8.0[ipv6]
-	)
-	lite6? (
-		>=net-firewall/iptables-1.4.20[ipv6]
-		>=sys-apps/iproute2-3.8.0[ipv6]
-	)
-	init? ( >=sys-apps/coreutils-8.20 )
-	selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
-	!net-firewall/shorewall-core
-	!net-firewall/shorewall6
-	!net-firewall/shorewall-lite
-	!net-firewall/shorewall6-lite
-	!net-firewall/shorewall-init
-	!<sys-apps/systemd-214
-"
-
-S=${WORKDIR}
-
-pkg_pretend() {
-	local CONFIG_CHECK="~NF_CONNTRACK"
-
-	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
-	local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
-
-	# kernel >=4.19 has unified NF_CONNTRACK module, bug 671176
-	if kernel_is -lt 4 19; then
-		if use ipv4 || use lite4; then
-			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
-
-			local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
-			local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
-		fi
-
-		if use ipv6 || use lite6; then
-			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
-
-			local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
-			local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
-		fi
-	fi
-
-	check_extra_config
-}
-
-pkg_setup() {
-	if [[ -n "${DIGEST}" ]]; then
-		einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
-		unset DIGEST
-	fi
-}
-
-src_prepare() {
-	# We are moving each unpacked source from MY_P_* to MY_PN_*.
-	# This allows us to use patches from upstream and keeps epatch_user working
-
-	einfo "Preparing shorewallrc ..."
-	cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
-	eprefixify "${S}"/shorewallrc.gentoo
-	sed -i \
-		-e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \
-		"${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc"
-
-	# shorewall-core
-	mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
-	ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
-	ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
-	eend 0
-
-	pushd "${S}"/${MY_PN_CORE} &>/dev/null || die
-	eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch
-	popd &>/dev/null || die
-
-	# shorewall
-	if use ipv4; then
-		mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
-		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
-		ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
-		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
-		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
-		cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
-		eend 0
-
-		pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die
-		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
-		popd &>/dev/null || die
-	fi
-
-	# shorewall6
-	if use ipv6; then
-		mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
-		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
-		ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
-		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
-		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
-		cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
-		eend 0
-
-		pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die
-		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
-		popd &>/dev/null || die
-	fi
-
-	# shorewall-lite
-	if use lite4; then
-		mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
-		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
-		ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
-		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
-		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
-		cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
-		eend 0
-
-		pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die
-		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
-		popd &>/dev/null || die
-	fi
-
-	# shorewall6-lite
-	if use lite6; then
-		mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
-		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
-		ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
-		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
-		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
-		cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
-		eend 0
-
-		pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die
-		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
-		popd &>/dev/null || die
-	fi
-
-	# shorewall-init
-	if use init; then
-		mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
-		ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
-		ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
-		cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
-		cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
-		cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
-		cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
-		eend 0
-
-		eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
-
-		pushd "${S}"/${MY_PN_INIT} &>/dev/null || die
-		eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch
-		popd &>/dev/null || die
-	fi
-
-	# shorewall-docs-html
-	if use doc; then
-		mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
-	fi
-
-	eapply_user
-}
-
-src_configure() {
-	:;
-}
-
-src_compile() {
-	:;
-}
-
-src_install() {
-	# shorewall-core
-	einfo "Installing ${MY_P_CORE} ..."
-	DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
-	dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
-
-	# shorewall
-	if use ipv4; then
-		einfo "Installing ${MY_P_IPV4} ..."
-		DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
-		keepdir /var/lib/shorewall
-
-		if use doc; then
-			dodoc -r "${S}"/${MY_PN_IPV4}/Samples
-		fi
-	fi
-
-	# shorewall6
-	if use ipv6; then
-		einfo "Installing ${MY_P_IPV6} ..."
-		DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
-		keepdir /var/lib/shorewall6
-
-		if use doc; then
-			dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
-		fi
-	fi
-
-	# shorewall-lite
-	if use lite4; then
-		einfo "Installing ${MY_P_LITE4} ..."
-		DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
-		keepdir /var/lib/shorewall-lite
-	fi
-
-	# shorewall6-lite
-	if use lite6; then
-		einfo "Installing ${MY_P_LITE6} ..."
-		DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
-		keepdir /var/lib/shorewall6-lite
-	fi
-
-	# shorewall-init
-	if use init; then
-		einfo "Installing ${MY_P_INIT} ..."
-		DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
-		dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
-
-		if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
-			# On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
-			# so we don't need a logrotate configuration file for shorewall-init
-			einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
-			rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
-		fi
-
-		if [[ -d "${D}etc/NetworkManager" ]]; then
-			# On Gentoo, we don't support NetworkManager
-			# so we don't need this folder at all
-			einfo "Removing unused \"${D}etc/NetworkManager\" ..."
-			rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
-		fi
-
-		if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
-			# This script isn't supported on Gentoo
-			rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
-		fi
-	fi
-
-	if use doc; then
-		einfo "Installing ${MY_P_DOCS} ..."
-		docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
-	fi
-}
-
-pkg_postinst() {
-	if [[ -z "${REPLACING_VERSIONS}" ]]; then
-		# This is a new installation
-
-		# Show first steps for shorewall/shorewall6
-		local _PRODUCTS=""
-		if use ipv4; then
-			_PRODUCTS="shorewall"
-
-			if use ipv6; then
-				_PRODUCTS="${_PRODUCTS}/shorewall6"
-			fi
-		fi
-
-		if [[ -n "${_PRODUCTS}" ]]; then
-			elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
-			elog ""
-			elog "  /etc/shorewall/shorewall.conf"
-
-			if use ipv6; then
-				elog "  /etc/shorewall6/shorewall6.conf"
-			fi
-
-			elog ""
-			elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
-			elog ""
-			elog "  # rc-update add shorewall default"
-
-			if use ipv6; then
-				elog "  # rc-update add shorewall6 default"
-			fi
-		fi
-
-		# Show first steps for shorewall-lite/shorewall6-lite
-		_PRODUCTS=""
-		if use lite4; then
-			_PRODUCTS="shorewall-lite"
-		fi
-
-		if use lite6; then
-			if [[ -z "${_PRODUCTS}" ]]; then
-				_PRODUCTS="shorewall6-lite"
-			else
-				_PRODUCTS="${_PRODUCTS}/shorewall6-lite"
-			fi
-		fi
-
-		if [[ -n "${_PRODUCTS}" ]]; then
-			if use ipv4; then
-				elog ""
-			fi
-
-			elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
-			elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
-			elog ""
-			elog "To read more about ${_PRODUCTS}, please visit"
-			elog "  http://shorewall.net/CompiledPrograms.html"
-			elog ""
-			elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
-			elog ""
-
-			if use lite4; then
-				elog "  # rc-update add shorewall-lite default"
-			fi
-
-			if use lite6; then
-				elog "  # rc-update add shorewall6-lite default"
-			fi
-		fi
-
-		if use init; then
-			elog ""
-			elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
-			elog ""
-			elog "  # rc-update add shorewall-init boot"
-			elog ""
-			elog "and review \$PRODUCTS in"
-			elog ""
-			elog "  /etc/conf.d/shorewall-init"
-		fi
-
-	fi
-
-	local v
-	for v in ${REPLACING_VERSIONS}; do
-		if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
-			# This is an upgrade
-
-			elog "You are upgrading from a previous major version. It is highly recommended that you read"
-			elog ""
-			elog "  - /usr/share/doc/shorewall*/releasenotes.tx*"
-			elog "  - http://shorewall.net/Shorewall-5.html#idm214"
-
-			if use ipv4; then
-				elog ""
-				elog "You can auto-migrate your configuration using"
-				elog ""
-				elog "  # shorewall update -A"
-
-				if use ipv6; then
-					elog "  # shorewall6 update -A"
-				fi
-
-				elog ""
-				elog "*after* you have merged the changed files using one of the configuration"
-				elog "files update tools of your choice (dispatch-conf, etc-update...)."
-
-				elog ""
-				elog "But if you are not familiar with the \"shorewall[6] update\" command,"
-				elog "please read the shorewall[6] man page first."
-			fi
-
-			# Show this elog only once
-			break
-		fi
-	done
-
-	if ! use init; then
-		elog ""
-		elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
-		elog "before your shorewall-based firewall is ready to start."
-		elog ""
-		elog "To read more about shorewall-init, please visit"
-		elog "  http://www.shorewall.net/Shorewall-init.html"
-	fi
-
-	if ! has_version "net-firewall/conntrack-tools"; then
-		elog ""
-		elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
-		elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
-	fi
-
-	if ! has_version "dev-perl/Devel-NYTProf"; then
-		elog ""
-		elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
-	fi
-}
diff --git a/net-firewall/shorewall/shorewall-5.2.3.2.ebuild b/net-firewall/shorewall/shorewall-5.2.3.2.ebuild
new file mode 100644
index 000000000000..14bfe9b234c5
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.2.3.2.ebuild
@@ -0,0 +1,482 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit linux-info prefix systemd versionator
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="http://www.shorewall.net/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(get_version_component_range 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(get_version_component_range 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta:    $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC:      $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+	MY_URL_PREFIX='development/'
+
+	_tmp_last_index=$(($(get_last_version_component_index ${MY_PV})+1))
+	_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${MY_PV})
+	if [[ ${_tmp_suffix} = *Beta* ]] || [[ ${_tmp_suffix} = *RC* ]]; then
+		MY_URL_SUFFIX="-${_tmp_suffix}"
+	fi
+
+	# Cleaning up temporary variables
+	unset _tmp_last_index
+	unset _tmp_suffix
+else
+	KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86"
+fi
+
+SRC_URI="
+	http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+	ipv4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+	ipv6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+	lite4? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+	lite6? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+	init? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+	doc? ( http://www.shorewall.net/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+#   that's why we force the user to select at least one "real" Shorewall product
+#
+# See http://shorewall.net/download.htm#Which
+REQUIRED_USE="
+	ipv6? ( ipv4 )
+	|| ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+	>=net-firewall/iptables-1.4.20
+	>=sys-apps/iproute2-3.8.0[-minimal]
+	>=sys-devel/bc-1.06.95
+	ipv4? (
+		>=dev-lang/perl-5.16
+		virtual/perl-Digest-SHA
+	)
+	ipv6? (
+		>=dev-perl/Socket6-0.230.0
+		>=net-firewall/iptables-1.4.20[ipv6]
+		>=sys-apps/iproute2-3.8.0[ipv6]
+	)
+	lite6? (
+		>=net-firewall/iptables-1.4.20[ipv6]
+		>=sys-apps/iproute2-3.8.0[ipv6]
+	)
+	init? ( >=sys-apps/coreutils-8.20 )
+	selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+	!net-firewall/shorewall-core
+	!net-firewall/shorewall6
+	!net-firewall/shorewall-lite
+	!net-firewall/shorewall6-lite
+	!net-firewall/shorewall-init
+	!<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+	local CONFIG_CHECK="~NF_CONNTRACK"
+
+	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+	local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+	# kernel >=4.19 has unified NF_CONNTRACK module, bug 671176
+	if kernel_is -lt 4 19; then
+		if use ipv4 || use lite4; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+			local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+			local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+		fi
+
+		if use ipv6 || use lite6; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+			local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+			local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+		fi
+	fi
+
+	check_extra_config
+}
+
+pkg_setup() {
+	if [[ -n "${DIGEST}" ]]; then
+		einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+		unset DIGEST
+	fi
+}
+
+src_prepare() {
+	# We are moving each unpacked source from MY_P_* to MY_PN_*.
+	# This allows us to use patches from upstream and keeps epatch_user working
+
+	einfo "Preparing shorewallrc ..."
+	cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+	eprefixify "${S}"/shorewallrc.gentoo
+	sed -i \
+		-e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \
+		"${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc"
+
+	# shorewall-core
+	mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+	ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+	ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+	eend 0
+
+	pushd "${S}"/${MY_PN_CORE} &>/dev/null || die
+	eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch
+	popd &>/dev/null || die
+
+	# shorewall
+	if use ipv4; then
+		mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall6
+	if use ipv6; then
+		mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-lite
+	if use lite4; then
+		mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall6-lite
+	if use lite6; then
+		mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-init
+	if use init; then
+		mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+		cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+		cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+		cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+		eend 0
+
+		eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+		pushd "${S}"/${MY_PN_INIT} &>/dev/null || die
+		eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r1.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-docs-html
+	if use doc; then
+		mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+	fi
+
+	eapply_user
+}
+
+src_configure() {
+	:;
+}
+
+src_compile() {
+	:;
+}
+
+src_install() {
+	# shorewall-core
+	einfo "Installing ${MY_P_CORE} ..."
+	DESTDIR="${D%/}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+	dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+	# shorewall
+	if use ipv4; then
+		einfo "Installing ${MY_P_IPV4} ..."
+		DESTDIR="${D%/}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+		keepdir /var/lib/shorewall
+
+		if use doc; then
+			dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+		fi
+	fi
+
+	# shorewall6
+	if use ipv6; then
+		einfo "Installing ${MY_P_IPV6} ..."
+		DESTDIR="${D%/}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+		keepdir /var/lib/shorewall6
+
+		if use doc; then
+			dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+		fi
+	fi
+
+	# shorewall-lite
+	if use lite4; then
+		einfo "Installing ${MY_P_LITE4} ..."
+		DESTDIR="${D%/}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+		keepdir /var/lib/shorewall-lite
+	fi
+
+	# shorewall6-lite
+	if use lite6; then
+		einfo "Installing ${MY_P_LITE6} ..."
+		DESTDIR="${D%/}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+		keepdir /var/lib/shorewall6-lite
+	fi
+
+	# shorewall-init
+	if use init; then
+		einfo "Installing ${MY_P_INIT} ..."
+		DESTDIR="${D%/}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+		dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+		if [[ -f "${D}etc/logrotate.d/shorewall-init" ]]; then
+			# On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+			# so we don't need a logrotate configuration file for shorewall-init
+			einfo "Removing unused \"${D}etc/logrotate.d/shorewall-init\" ..."
+			rm -rf "${D}"etc/logrotate.d/shorewall-init || die "Removing \"${D}etc/logrotate.d/shorewall-init\" failed"
+		fi
+
+		if [[ -d "${D}etc/NetworkManager" ]]; then
+			# On Gentoo, we don't support NetworkManager
+			# so we don't need this folder at all
+			einfo "Removing unused \"${D}etc/NetworkManager\" ..."
+			rm -rf "${D}"etc/NetworkManager || die "Removing \"${D}etc/NetworkManager\" failed"
+		fi
+
+		if [[ -f "${D}usr/share/shorewall-init/ifupdown" ]]; then
+			# This script isn't supported on Gentoo
+			rm -rf "${D}"usr/share/shorewall-init/ifupdown || die "Removing \"${D}usr/share/shorewall-init/ifupdown\" failed"
+		fi
+	fi
+
+	if use doc; then
+		einfo "Installing ${MY_P_DOCS} ..."
+		docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+	fi
+}
+
+pkg_postinst() {
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		# Show first steps for shorewall/shorewall6
+		local _PRODUCTS=""
+		if use ipv4; then
+			_PRODUCTS="shorewall"
+
+			if use ipv6; then
+				_PRODUCTS="${_PRODUCTS}/shorewall6"
+			fi
+		fi
+
+		if [[ -n "${_PRODUCTS}" ]]; then
+			elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+			elog ""
+			elog "  /etc/shorewall/shorewall.conf"
+
+			if use ipv6; then
+				elog "  /etc/shorewall6/shorewall6.conf"
+			fi
+
+			elog ""
+			elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+			elog ""
+			elog "  # rc-update add shorewall default"
+
+			if use ipv6; then
+				elog "  # rc-update add shorewall6 default"
+			fi
+		fi
+
+		# Show first steps for shorewall-lite/shorewall6-lite
+		_PRODUCTS=""
+		if use lite4; then
+			_PRODUCTS="shorewall-lite"
+		fi
+
+		if use lite6; then
+			if [[ -z "${_PRODUCTS}" ]]; then
+				_PRODUCTS="shorewall6-lite"
+			else
+				_PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+			fi
+		fi
+
+		if [[ -n "${_PRODUCTS}" ]]; then
+			if use ipv4; then
+				elog ""
+			fi
+
+			elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+			elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+			elog ""
+			elog "To read more about ${_PRODUCTS}, please visit"
+			elog "  http://shorewall.net/CompiledPrograms.html"
+			elog ""
+			elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+			elog ""
+
+			if use lite4; then
+				elog "  # rc-update add shorewall-lite default"
+			fi
+
+			if use lite6; then
+				elog "  # rc-update add shorewall6-lite default"
+			fi
+		fi
+
+		if use init; then
+			elog ""
+			elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+			elog ""
+			elog "  # rc-update add shorewall-init boot"
+			elog ""
+			elog "and review \$PRODUCTS in"
+			elog ""
+			elog "  /etc/conf.d/shorewall-init"
+		fi
+
+	fi
+
+	local v
+	for v in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+			# This is an upgrade
+
+			elog "You are upgrading from a previous major version. It is highly recommended that you read"
+			elog ""
+			elog "  - /usr/share/doc/shorewall*/releasenotes.tx*"
+			elog "  - http://shorewall.net/Shorewall-5.html#idm214"
+
+			if use ipv4; then
+				elog ""
+				elog "You can auto-migrate your configuration using"
+				elog ""
+				elog "  # shorewall update -A"
+
+				if use ipv6; then
+					elog "  # shorewall6 update -A"
+				fi
+
+				elog ""
+				elog "*after* you have merged the changed files using one of the configuration"
+				elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+				elog ""
+				elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+				elog "please read the shorewall[6] man page first."
+			fi
+
+			# Show this elog only once
+			break
+		fi
+	done
+
+	if ! use init; then
+		elog ""
+		elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+		elog "before your shorewall-based firewall is ready to start."
+		elog ""
+		elog "To read more about shorewall-init, please visit"
+		elog "  http://www.shorewall.net/Shorewall-init.html"
+	fi
+
+	if ! has_version "net-firewall/conntrack-tools"; then
+		elog ""
+		elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+		elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+	fi
+
+	if ! has_version "dev-perl/Devel-NYTProf"; then
+		elog ""
+		elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+	fi
+}
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 165613d07bd2..fc1c46642c93 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -7,11 +7,17 @@ AUX ufw-0.34_pre805-bash-completion.patch 255 BLAKE2B 7d4f916a30b893997e5b9f27ea
 AUX ufw-0.34_pre805-shebang.patch 675 BLAKE2B b6197588687ab9ecea071be057adf14d47dac994415894a6cc4a9943f2f8dceae77a429a0ebbbfc49bf4a4eba2aa5a63cb153e290bdea33626939f054bdb9a4c SHA512 8954f679a993d65cb880ffce09b448626fd64dea93257f0faa97b8bec76dcbbda4fb0d19408655d6db387066a0ac94b962dca2e5febcc5b5685e9b16b97b4cad
 AUX ufw-0.35-bash-completion.patch 259 BLAKE2B bb20b7af317c2e36023e28b85d51cdccde43354db39d26e65a721983478c7d39e1e3c71c36f2c8c5c2515db929f50a1edc1c84d9c4294662d8601e0136a98019 SHA512 9a59ff192e6fb3365c8585b984f4743a05f7cb18ae581a8b79c4afe39e43f12d993febf1319e1ee810483d610d970649e75c4b9dde891be728869b69c80b4709
 AUX ufw-0.35-move-path.patch 7386 BLAKE2B 022c734deaa24316e3e72cf83110a7cff5f9f763f713a61c17ee74ba57724cd94c1dbb6741904d68ad7f3874c21015b87fae239811b84928b35aa4c4019ac430 SHA512 eac6e0c96e7b0e501b3792671a21306049f40869fafc1d9c579c2424fb32b91987a846b3562c30513326433031ff46bc4df2bbb5706f7af18e6216f8f2b7546f
+AUX ufw-0.36-bash-completion.patch 328 BLAKE2B 7f88afa8f4ccc12aba70dce1ca82e6992497819cfd7dc005b13c9d17212adb74134115d83907ec2b8c916d40213ab2acea170e649e438744b854f11fd22815bd SHA512 11a9cf4906fa0bd677e745615b3c4d663512a1d05f9c21149d09624237a88938b9ed83b8ca876dbcf9bbac41a4bf7155eba76ec32778e025f013e1ffb07e4abb
+AUX ufw-0.36-dont-check-iptables.patch 1592 BLAKE2B 7b8bb33a04a455fd05bf62b19ec35ff209eb54f7adc77a6296d4a5bbb80996ec11691e48b3ba1f4cffd11c53775545e537319852b0a9a3e27e4799d79c34a655 SHA512 a0c8c7331d46b917cec86763414ce2c70ef120bd069bd8ba67ef4ab2ab5212e7263f01d3d5072c7c8e4301ee36b280c8f464fc21cc19b3805c6d391437df0438
+AUX ufw-0.36-move-path.patch 6985 BLAKE2B 1f5ed4b0265fb812acffd1bb756a60a2a1e31b013054c40dae532966fd42449ba7bdde644c181a2f6e0c20103d9ef37a0400d217f7ec843bc10e3528b95eb8bc SHA512 228ed40f800b8ed4bbc217df9478c1c0be5eb1ec154abd2d3a3cd6c92902632f07ef70c3ca3f2478bfe501735a0f6f0b7fa8d8f4991fdaead4332e4c65bad0c9
+AUX ufw-0.36-shebang.patch 714 BLAKE2B adfbc135b1ec2e51a6df59c7caf4b081568eb77fc2b4c3518e4cb875aa75cc51122f09557c1bcaea9a06ca18891c897a3bba546027a9e1a2998c342948713676 SHA512 de3750d2e4361315e43df0ee4ed3da90631d66b148e8b93fabf3607d7d3dae9dca53f60edd94c1dc0315435c1a6c5d05816873782fc310ad15b347b2ba743612
 AUX ufw-2.initd 2611 BLAKE2B b6a75e023ad0efeeef168e7e074c716ec66f40d3bde9f99cf1a02e63800b4a42c3ff7d35fe9503e51859f98cdf500db4c1900a9436f642c0af7350c9d1256692 SHA512 f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80
 AUX ufw.confd 219 BLAKE2B 8ed5dec5dd9acc84715918240e31398268ff36f73bb2cfc10e64e0593e59cc7f5b988f8545ddea37f19d9b40e870d743bea66edd7da1e3d2753b6edda8afa352 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7
 AUX ufw.service 329 BLAKE2B e817fc85b3bdb21b47a3089c6f2204292a019eaeae510832530f0e09f8784a312dd636fa3cf90610bb3159d52b4bdaadf803699ac4bff31576b566a3e977b2d2 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7
 DIST ufw-0.34_pre805.tar.gz 335875 BLAKE2B a2b654fe35a299ffd9978ef14a8d5667f799b654b6285bc81756c8081d9f4417b2fa9c05a234351d42709c2c57ff624b4fe7bca8ffe4d13cd12436feead6e4da SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263
 DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
+DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3
 EBUILD ufw-0.34_pre805-r2.ebuild 5375 BLAKE2B 8f58b7a30d61112af687860824cca03eb9a692aadd14ed94c166da6f3f00482bb9d978c58d7dec3c606fa6cf0c85a93743f2038a9a63f9ca91adb763440e56cd SHA512 63d693768d88d6503cd50ce18bbdd048ed94f44d943e5d36e4523c0ee4918db37ba14616ecbd57df018d6144396285e1c34495813f456035c3a1bb42a6472951
 EBUILD ufw-0.35-r1.ebuild 5637 BLAKE2B 510db5eac08e6ebf38ed2226e9be799cd474929d91ffd39b99ec91a88be9c5bfded0699b7970c51a8558aa76362e1016500812bfb06b7b50c1e0bad7d42bf2cf SHA512 63b5f8bb520c1a509aefb282fab119aa6325d18c46d4b9ad681c91cdc2dddf340f05f93d48212766acb96fd86161ffa2e932d1fb2ba07cc36b35b400b4bc5c4a
-MISC metadata.xml 537 BLAKE2B df149a361c11a14c166588434c1ed7dcc264f51374d2088cdf24feb67c08f10f0f002e28482befa34bdd6f0202300194ac91913d7f49bb3f0d8d16e7777ac13b SHA512 0fa137bf55e1506664168d3e56387c989ce0c7d5a8a0f8c36ce596e5f95a449e3bc35114188b786ebe5fc60d750c4240fafb4ca761f2e29000c23f9c01b5addc
+EBUILD ufw-0.36.ebuild 5728 BLAKE2B 6d4b07dca183774f306a78a517737806790cc0bc52e05354cfd78a490eb44898b61495774848789d816df9be65eae277cf2c1a61a655bff9576a7d6c7a971fac SHA512 0d152a10f11d8a93ef4cf5d85cc79d41d677c523c7bdbe1f2701e04bc290c95ae53fd1ca813aefecf583976acf40f020f6a65140be86e2991ce4295a31ce93ca
+MISC metadata.xml 867 BLAKE2B 803f1809161a81c013989270661d5e17bc74c9f02dd7c2cf9e7847b86072ea56fc5ad980a6f2d285ee1d806902621ff1100ac20bbc27465e828aec4537e846c6 SHA512 e11ddde14aa8fb8aa187537f3cfeb01b26b4421489d69223fc77ab4400b002105d2b8161ebf489748eb42b615899f87c1abc65d10d7ef40b2f107f0d85c17c77
diff --git a/net-firewall/ufw/files/ufw-0.36-bash-completion.patch b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
new file mode 100644
index 000000000000..927af244eef1
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
@@ -0,0 +1,16 @@
+--- a/shell-completion/bash	2018-12-14 21:25:55.000000000 +0300
++++ b/shell-completion/bash	2019-03-21 01:26:46.152181981 +0300
+@@ -57,7 +57,6 @@
+     echo "numbered verbose"
+ }
+ 
+-_have ufw &&
+ _ufw()
+ {
+     cur=${COMP_WORDS[COMP_CWORD]}
+@@ -91,4 +90,4 @@
+     fi
+ }
+ 
+-_have ufw && complete -F _ufw ufw
++complete -F _ufw ufw
diff --git a/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
new file mode 100644
index 000000000000..11eb1748dd1d
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
@@ -0,0 +1,45 @@
+--- a/setup.py	2019-03-21 01:32:28.500245586 +0300
++++ b/setup.py	2019-03-21 01:39:17.166095026 +0300
+@@ -257,41 +257,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+ 
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+-    for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
+-                '/usr/local/bin']:
+-        if e == "iptables":
+-            if os.path.exists(os.path.join(dir, e)):
+-                iptables_dir = dir
+-                iptables_exe = os.path.join(iptables_dir, "iptables")
+-                print("Found '%s'" % iptables_exe)
+-            else:
+-                continue
+-
+-        if iptables_exe != "":
+-            break
+-
+-
+-if iptables_exe == '':
+-    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+-    sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+-    if not os.path.exists(os.path.join(iptables_dir, e)):
+-        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
+-        sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+-    raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+-                  (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', str(out))[1])
+-print("Found '%s' version '%s'" % (iptables_exe, version))
+-if version < "1.4":
+-    print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
++iptables_dir = '/sbin'
+ 
+ setup (name='ufw',
+       version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-0.36-move-path.patch b/net-firewall/ufw/files/ufw-0.36-move-path.patch
new file mode 100644
index 000000000000..1ba9d117be50
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-move-path.patch
@@ -0,0 +1,174 @@
+--- a/doc/ufw-framework.8	2018-12-14 21:25:55.000000000 +0300
++++ b/doc/ufw-framework.8	2019-03-21 00:12:37.852104313 +0300
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before.init
+@@ -47,7 +47,7 @@
+ 
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
+ scripts may be used to perform any additional firewall configuration that is
+--- a/README	2018-07-24 16:42:38.000000000 +0300
++++ b/README	2019-03-21 00:18:18.253205303 +0300
+@@ -60,7 +60,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+ 
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+ 
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example and
+@@ -74,10 +74,9 @@
+ /etc/defaults/ufw 		high level configuration
+ /etc/ufw/before[6].rules 	rules evaluated before UI added rules
+ /etc/ufw/after[6].rules 	rules evaluated after UI added rules
+-/lib/ufw/user[6].rules		UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules	UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf 		kernel network tunables
+-/lib/ufw/ufw-init		start script
+-
++/usr/share/ufw/ufw-init		start script
+ 
+ Usage
+ -----
+@@ -152,7 +151,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+ 
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+ 
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -260,7 +259,7 @@
+ 
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -303,7 +302,7 @@
+ 
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+--- a/setup.py	2018-12-14 21:25:55.000000000 +0300
++++ b/setup.py	2019-03-21 00:44:49.603002503 +0300
+@@ -55,7 +55,7 @@
+             return
+ 
+         real_confdir = os.path.join('/etc')
+-        real_statedir = os.path.join('/lib', 'ufw')
++        real_statedir = os.path.join('/etc', 'ufw', 'user')
+         real_prefix = self.prefix
+         if self.home != None:
+             real_confdir = self.home + real_confdir
+@@ -132,14 +132,20 @@
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
+ 
+-        # Install state files and helper scripts
++        # Install state files
+         statedir = real_statedir
+         if self.root != None:
+             statedir = self.root + real_statedir
+         self.mkpath(statedir)
+ 
+-        init_helper = os.path.join(statedir, 'ufw-init')
+-        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++        # Install helper scripts
++        sharedir = real_sharedir
++        if self.root != None:
++            sharedir = self.root + real_sharedir
++        self.mkpath(sharedir)
++
++        init_helper = os.path.join(sharedir, 'ufw-init')
++        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+         self.copy_file('src/ufw-init', init_helper)
+         self.copy_file('src/ufw-init-functions', init_helper_functions)
+ 
+@@ -220,14 +226,19 @@
+                              f])
+ 
+             subprocess.call(["sed",
++                              "-i",
++                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
++                             f])
++
++            subprocess.call(["sed",
+                              "-i",
+                              "s%#VERSION#%" + ufw_version + "%g",
+                              f])
+ 
+         # Install pristine copies of rules files
+-        sharedir = real_sharedir
+-        if self.root != None:
+-            sharedir = self.root + real_sharedir
++        #sharedir = real_sharedir
++        #if self.root != None:
++        #    sharedir = self.root + real_sharedir
+         rulesdir = os.path.join(sharedir, 'iptables')
+         self.mkpath(rulesdir)
+         for f in [ before_rules, after_rules, \
+--- a/src/backend_iptables.py	2018-12-14 21:25:55.000000000 +0300
++++ b/src/backend_iptables.py	2019-03-21 00:52:10.416829220 +0300
+@@ -38,6 +38,7 @@
+         files = {}
+         config_dir = _findpath(ufw.common.config_dir, datadir)
+         state_dir = _findpath(ufw.common.state_dir, datadir)
++        share_dir = _findpath(ufw.common.share_dir, datadir)
+ 
+         files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+         files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
+@@ -45,7 +46,7 @@
+         files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules')
+         files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+         files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+-        files['init'] = os.path.join(state_dir, 'ufw-init')
++        files['init'] = os.path.join(share_dir, 'ufw-init')
+ 
+         ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
+                                         rootdir=rootdir, datadir=datadir)
+--- a/src/ufw-init	2018-03-30 22:45:52.000000000 +0300
++++ b/src/ufw-init	2019-03-21 01:06:32.720483789 +0300
+@@ -31,10 +31,11 @@
+ fi
+ export DATA_DIR="$datadir"
+ 
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+-    . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++    . "${rootdir}#SHARE_DIR#/ufw-init-functions"
++
+ else
+-    echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
++    echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+     exit 1
+ fi
+ 
+@@ -83,7 +84,7 @@
+     fi
+     ;;
+ *)
+-    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+     exit 1
+     ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw-0.36-shebang.patch b/net-firewall/ufw/files/ufw-0.36-shebang.patch
new file mode 100644
index 000000000000..8c2b8fe2392e
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-shebang.patch
@@ -0,0 +1,15 @@
+--- a/setup.py	2019-03-21 01:51:55.751971770 +0300
++++ b/setup.py	2019-03-21 01:54:40.142513567 +0300
+@@ -122,12 +122,6 @@
+         for f in [ script, manpage, manpage_f ]:
+             self.mkpath(os.path.dirname(f))
+ 
+-        # update the interpreter to that of the one the user specified for setup
+-        print("Updating staging/ufw to use %s" % (sys.executable))
+-        subprocess.call(["sed",
+-                         "-i",
+-                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+-                         'staging/ufw'])
+         self.copy_file('staging/ufw', script)
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
index b8103d2da1af..a35eb64d103a 100644
--- a/net-firewall/ufw/metadata.xml
+++ b/net-firewall/ufw/metadata.xml
@@ -1,13 +1,24 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<!-- maintainer-needed -->	
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="examples">Example ufw config files</flag>
+		<flag name="ipv6">IPv6 support for iptables</flag>
+	</use>
 	<longdescription lang="en">
 	The Uncomplicated Firewall (ufw) is a frontend for iptables and is
 	particularly well-suited for host-based firewalls. It provides a framework
 	for managing netfilter, as well as an easy to use command-line interface for
 	manipulating the firewall.
-</longdescription>
+	</longdescription>
 	<upstream>
 		<remote-id type="launchpad">ufw</remote-id>
 	</upstream>
diff --git a/net-firewall/ufw/ufw-0.36.ebuild b/net-firewall/ufw/ufw-0.36.ebuild
new file mode 100644
index 000000000000..3afeac0ab6dd
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.36.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 distutils-r1 eutils linux-info systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw"
+SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="examples ipv6"
+
+DEPEND=""
+
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+	!<kde-misc/kcm-ufw-0.4.2
+	!<net-firewall/ufw-frontends-0.3.2"
+
+BDEPEND="sys-devel/gettext"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+	# Move files away from /lib/ufw.
+	"${FILESDIR}/${P}-move-path.patch"
+	# Remove unnecessary build time dependency on net-firewall/iptables.
+	"${FILESDIR}/${P}-dont-check-iptables.patch"
+	# Remove shebang modification.
+	"${FILESDIR}/${P}-shebang.patch"
+	# Fix bash completions, bug #526300
+	"${FILESDIR}/${P}-bash-completion.patch"
+)
+
+pkg_pretend() {
+	local CONFIG_CHECK="~PROC_FS
+		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+	if kernel_is -ge 2 6 39; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+	else
+		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+	fi
+
+	# https://bugs.launchpad.net/ufw/+bug/1076050
+	if kernel_is -ge 3 4; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+	else
+		CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+		use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+	fi
+
+	CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+	use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+	check_extra_config
+
+	# Check for default, useful optional features.
+	if ! linux_config_exists; then
+		ewarn "Cannot determine configuration of your kernel."
+		return
+	fi
+
+	local nf_nat_ftp_ok="yes"
+	local nf_conntrack_ftp_ok="yes"
+	local nf_conntrack_netbios_ns_ok="yes"
+
+	linux_chkconfig_present \
+		NF_NAT_FTP || nf_nat_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+	# This is better than an essay for each unset option...
+	if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+		echo
+		local mod_msg="Kernel options listed below are not set. They are not"
+		mod_msg+=" mandatory, but they are often useful."
+		mod_msg+=" If you don't need some of them, please remove relevant"
+		mod_msg+=" module name(s) from IPT_MODULES in"
+		mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+		mod_msg+=" Otherwise ufw may fail to start!"
+		ewarn "${mod_msg}"
+		if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
+			ewarn "NF_NAT_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+		fi
+	fi
+}
+
+python_prepare_all() {
+	# Set as enabled by default. User can enable or disable
+	# the service by adding or removing it to/from a runlevel.
+	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+		|| die "sed failed (ufw.conf)"
+
+	sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+	# If LINGUAS is set install selected translations only.
+	if [[ -n ${LINGUAS+set} ]]; then
+		_EMPTY_LOCALE_LIST="yes"
+		pushd locales/po > /dev/null || die
+
+		local lang
+		for lang in *.po; do
+			if ! has "${lang%.po}" ${LINGUAS}; then
+				rm "${lang}" || die
+			else
+				_EMPTY_LOCALE_LIST="no"
+			fi
+		done
+
+		popd > /dev/null || die
+	else
+		_EMPTY_LOCALE_LIST="no"
+	fi
+
+	distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+	newconfd "${FILESDIR}"/ufw.confd ufw
+	newinitd "${FILESDIR}"/ufw-2.initd ufw
+	systemd_dounit "${FILESDIR}/ufw.service"
+
+	exeinto /usr/share/${PN}
+	doexe tests/check-requirements
+
+	# users normally would want it
+	insinto "/usr/share/doc/${PF}/logging/syslog-ng"
+	doins -r "${FILESDIR}"/syslog-ng/*
+
+	insinto "/usr/share/doc/${PF}/logging/rsyslog"
+	doins -r "${FILESDIR}"/rsyslog/*
+	doins doc/rsyslog.example
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r examples/*
+	fi
+	newbashcomp shell-completion/bash "${PN}"
+
+	[[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo
+
+	distutils-r1_python_install_all
+	python_replicate_script "${D}/usr/sbin/ufw"
+}
+
+pkg_postinst() {
+	local print_check_req_warn
+	print_check_req_warn=false
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		echo
+		elog "To enable ufw, add it to boot sequence and activate it:"
+		elog "-- # rc-update add ufw boot"
+		elog "-- # /etc/init.d/ufw start"
+		echo
+		elog "If you want to keep ufw logs in a separate file, take a look at"
+		elog "/usr/share/doc/${PF}/logging."
+		print_check_req_warn=true
+	else
+		local rv
+		for rv in "${REPLACING_VERSIONS}"; do
+			local major=${rv%%.*}
+			local minor=${rv#${major}.}
+			if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then
+				print_check_req_warn=true
+			fi
+		done
+	fi
+	if [[ "${print_check_req_warn}" == "true" ]]; then
+		echo
+		elog "/usr/share/ufw/check-requirements script is installed."
+		elog "It is useful for debugging problems with ufw. However one"
+		elog "should keep in mind that the script assumes IPv6 is enabled"
+		elog "on kernel and net-firewall/iptables, and fails when it's not."
+	fi
+	echo
+	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+	ewarn "default. See README, Remote Management section for more information."
+}
-- 
cgit v1.2.3