gentoo auto-resync : 20:02:2024 - 11:40:01

16 files changed, 12 insertions, 1561 deletions

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 7a57335c55a8..687bb1be3ac1 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
diff --git a/net-firewall/iptables/Manifest b/net-firewall/iptables/Manifest
index c932b4c9516d..751f3164be40 100644
--- a/net-firewall/iptables/Manifest
+++ b/net-firewall/iptables/Manifest
@@ -1,10 +1,6 @@
 AUX ip6tables-r1.confd 899 BLAKE2B d8c72df359a35798d7a92958ba9a620ab580427a06765850928181d7b4cc25455c586daaad88bd20e61a9c9218dbc0895de38b006526bb04f4f2e998d8062fbe SHA512 553ddf83558edaccf891a366175e47aad950853be0de556581cfa08f614afa1f4139c94b8d8d2884ed69018513edeb966331d4d6a615829ada65fac2066840e5
 AUX iptables-1.8.2-link.patch 785 BLAKE2B 2ef5ac495260eef324f341d5d807e8c59afee8ac4853b46ef8c88765ed786396888d0bcd15822765da5584c25c6cdbbbc6b8b85eb0b8dbdd9b300662b1d59479 SHA512 10f6fdc4e4a37a0becb87f99c49888df366248f02b17037faf83068ef00824ecb61022a40b5551f9c8d2db22262ad738d554296bd6b78765dd5f8baf524b2388
 AUX iptables-1.8.4-no-symlinks.patch 800 BLAKE2B 721d2dcc881f781031d2be48659dcd54568b3e8c25ad19d0505699f0cf8276990b41f2ddf9d5eda5c2a77f66ae9a16ae542c42c6fc2d91b085cc5922121f9b00 SHA512 79601d8a8a352f82f0f3eaf85a7b1f830c9ddc400ae0fadaf08eb1848bb9a2801a886b2b0803bf498e353db1828c0976aa8d30c9ece5fdcf61a203070ed4d7cd
-AUX iptables-1.8.8-format-security.patch 639 BLAKE2B df5c843d0cd6634740b372300263dd19df3289466ad83d3a10ba9f270519d738d90152cdef273d07c94502166082d6fa5a8908b603289e6d4c9bc9d6987b8b16 SHA512 6e1da61b648259dac02662eee995f9b5117bc8b8c028f0e2afc3346d82a94b7e7faf8ae5cfd484b7dd1a6530973191c1f147579f11e57ebda945115b40134094
-AUX iptables-1.8.8-musl-headers.patch 2061 BLAKE2B 6876d083d179a055c60422397e67a24137ae5bb72cba02f732d4dd7313171c10717202a41f1256196d5b64bc29d22e98d8d0eb9861130fa93481b527d0117e96 SHA512 136f3c7dae7c88739ed1c2d2c14e9a8381013c8a376bee80a7f994098810bb61d76dd143dc65430f0ec7b44d542b64242dd947134936468155840a4a26e6ce79
-AUX iptables-1.8.8-out-of-tree-build.patch 1058 BLAKE2B 5a358632780b607533033dc3bf6b6e24ac1af49dbbc26afae05668187c2a4072dba1cdbf51647b6b5f7c5f68e5a3d64fa82b5b0477d3cd4e936d466b731707fb SHA512 453ed9a2b3b2dddb3ccc9a099386c28290416ea356884084fd4d9bd2b026e21732b91f020fbe55de12ba970b815993f2e3a18a52a6774ab7738383e2f144a973
-AUX iptables-1.8.8-uint-musl.patch 4607 BLAKE2B 8ca4ba2fec97e99e1f57d9d1f376dbdab53a698279534879163ad5dade629cda3ac232df54d57ae75e589c2327492953e0c30356bdc4367b9a1474afc259136c SHA512 01d3af7330334b5002ec9d50e4b469651148b911d9ab5d45d5a2cd08e72c3be5e770c047cbc337485e40cb622ee470faa9ed91b53ca59e09a1c197bf5df48a9a
 AUX iptables-1.8.9-fix-checking-existence-of-rule.patch 1239 BLAKE2B 664a47b1c0f2360493dce886c6dcf8cfbf165eb1a490cf7cf8d182073b0256bb140a547f9b8ce79d26424e9bb76047b41582a3a7b7f7f5e1301269a849d4389a SHA512 63e6dfba096c163995760a7a1a8881c90a61e7a247f1c87ef3f162597e2e1161e2c5438e1e467c6e600847e011430520556315d1aae72baac005dede1f69f7cc
 AUX iptables-1.8.9-format-security.patch 870 BLAKE2B fc33c16eae1c77a5714ecb3f7bbb859dfe64b9506ac82a6d8f91f206d24a5ebf66664e141b60e4580e59bd85314d27df5edf6bd11511ffa4dab7deaf833ccb93 SHA512 7551438de030506e4fe462a715f6a16637991f90cfaddc352a95c0341c72ae7d90728bc0a4e56da2cc108ff2c4e3f9e92451fb6dc65633d47973694550fd08b4
 AUX iptables-r1.confd 890 BLAKE2B 0aaca870e3c03f19a71cf1b210377dfda320faf118359e298bef419eaf280fd11c9726d200ae89602e863c9b48de0bb51ac05424b50c064afe948a980e300153 SHA512 10002da01ded6be0e9bca6041798ad0859fa2212fde077a048443e4f3012c95d86e4580ae426e87af5891368062af9af6f9fd35ed617d24cdd3c51702b816b13
@@ -14,10 +10,9 @@ AUX systemd/ip6tables-store.service 243 BLAKE2B 30a0d955998a2a664c6a95b8e559898a
 AUX systemd/iptables-restore.service 400 BLAKE2B cd7f700cf717a2efb6504770308f7dcb90a1968f64cca98ea5e7437cf3cf2a2e8f575e3743ac19eec8738c665f4243f537a101c00d5d1cc94648688d4e240a59 SHA512 8c005e321ad041068f243e4baa6588b24b0ffd69991f2129dfab0a34d0ebaf702ff2be8b7328126c84abdc3bbd300e1c387a690c5f6a002b50b2e9148feeb8ef
 AUX systemd/iptables-store.service 240 BLAKE2B 7ddb4425e63cd41f421767fab25a7b055087fddde5927291b3fce6e0e978f0cb3b734bcacf02f78257eec99274056b69058436a847dcb366f5fb70032e410355 SHA512 a720e92b5571a2c3427101105e95e555f3b72541a53c5daa43e361c99ca28830e9e8dd27dbd7cfed40fbbe289ed180f9be7e0f3b6b0cd19bba022a531815fd5e
 DIST iptables-1.8.10.tar.xz 641168 BLAKE2B 417b33fcfc7edeba169caef26ed0322798f6b82500840509f6c10b97b4ef3f11932c0393fc8dcc5946264442bf8ee959a594b6fbd5dc92012cfad30edf130520 SHA512 71e6ed2260859157d61981a4fe5039dc9e8d7da885a626a4b5dae8164c509a9d9f874286b9468bb6a462d6e259d4d32d5967777ecefdd8a293011ae80c00f153
-DIST iptables-1.8.8.tar.bz2 746985 BLAKE2B 0da021cc7313b86af331768904956dab3eee3de245a7b03965129f3d7f13097fc03fbb1390167dcd971eff216eabad9e59b261a9c0f54bfc48a77453aa40d164 SHA512 f21df23279a77531a23f3fcb1b8f0f8ec0c726bda236dd0e33af74b06753baff6ce3f26fb9fcceb6fada560656ba901e68fc6452eb840ac1b206bc4654950f59
 DIST iptables-1.8.9.tar.xz 637848 BLAKE2B 37ba80be0ee7049c4d3ee5689b273b4d2cc6e6fb9ebb297e86976b5750f987f2ae4536013fe1749ae79b6989c241eaece3202019fafd47d842c7a4fe3e5093b1 SHA512 e367bf286135e39b7401e852de25c1ed06d44befdffd92ed1566eb2ae9704b48ac9196cb971f43c6c83c6ad4d910443d32064bcdf618cfcef6bcab113e31ff70
+EBUILD iptables-1.8.10-r1.ebuild 4575 BLAKE2B 7462aae70105c7e17627352b40387981f737ca73bc4d90a79f844c7894392a0d6b2c16e89df4300f5f743077abfae52cfff54c070801cb29bab264012cd41eeb SHA512 4063436980926c496fed66ed98497b2a7ed6174fc2d9b5de1d8991fff08bdbd8e2b4e9cd66d3d84fd07aecb62c715d35234210b8148cf2c8378e4759522b0f06
 EBUILD iptables-1.8.10.ebuild 4672 BLAKE2B 08a99d7350339256feceb818ddff4c4ddb9c3a50595fed8f2f0fe2d6fdcbc05187f3245c8615288bb6768b9465279100371b067a39d64c8ba0a41591db169e73 SHA512 a774e1fc76a501748cb8151b2cae33f6a219d7b673f3d0426355d66a12ff9994650255e6cc43b55a61297a4af6e5d674773b23ece20a15ee3e671b735e7b3c8d
-EBUILD iptables-1.8.8-r5.ebuild 4739 BLAKE2B 4345d633b233c0640035f83799013fb14ca2e1aa993472adbc2d730556f10b435609e1950791a5f914958d0464db227473ef36b3f37f10c734697ba1f6ff5152 SHA512 0a1f812081ce8a6481e64582a5ee1b1a7e4693d7728fed7c3f265b71e43334261e9694a8b0ccb06ff354f67e9cda729f7b2ad25c82cfcea47b72f427dbd165dc
 EBUILD iptables-1.8.9-r2.ebuild 4681 BLAKE2B 7351c269b83c5cd41547e0bee5d5b55e0c1fe51ee316fb96b2db4c1689550db79970f3f8a2b20cba2fb4990157328f0115529a8fa467048cf1f6a03b648ee9fa SHA512 5003888f620e3fb68ba0b4bf482771607f0010274369ea25fed9cfe8ba8265c08421f099edb0b361f5f24fb95a408b9209e231336acda183b929c91f246d0d20
 EBUILD iptables-1.8.9.ebuild 4556 BLAKE2B 76c710543d3aaa744ea299126cb97ac793f7c7c382cadbaab6e378d4249901d65cc7eb0ab9bf95e0571fd6902c74f5b207b3a6b4297f67d22743d52eed5419a3 SHA512 73c363ceec2be0a032088a9ddcbf7b4c6abf0886f32d59fb20369f6a816f3e29025a938e5c9326d36e4032a8a2c2795c61e625556c7e4614021e3fec6378c258
 MISC metadata.xml 1466 BLAKE2B 7378fedb44c6e6d19e508a764ec997911f966beccd40b1f93096ad3343b7cd72f9ca129e67a666c54ca4382348a448597bd607197ffe6b94669d84306c81d127 SHA512 f89038980e81bfceaf872ff1938c47e8ad12060bbe9ff48e0e9ca9dd5acc0196b2261d2b22a156cbfd7be89d1d67448969d39ff9b28efb0896702760afa14842
diff --git a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch b/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
deleted file mode 100644
index fafc435379b5..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-format-security.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=b72eb12ea5a61df0655ad99d5048994e916be83a
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Fri, 13 May 2022 16:51:58 +0200
-Subject: xshared: Fix build for -Werror=format-security
-
-Gcc complains about the omitted format string.
-
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1307,7 +1307,7 @@ static void check_empty_interface(struct xtables_args *args, const char *arg)
- 		return;
- 
- 	if (args->family != NFPROTO_ARP)
--		xtables_error(PARAMETER_PROBLEM, msg);
-+		xtables_error(PARAMETER_PROBLEM, "%s", msg);
- 
- 	fprintf(stderr, "%s", msg);
- }
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch b/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
deleted file mode 100644
index 52e2c7019972..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-musl-headers.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0e7cf0ad306cdf95dc3c28d15a254532206a888e
-https://bugs.gentoo.org/846377
-
-From: Phil Sutter <phil@nwl.cc>
-Date: Wed, 18 May 2022 16:04:09 +0200
-Subject: Revert "fix build for missing ETH_ALEN definition"
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This reverts commit c5d9a723b5159a28f547b577711787295a14fd84 as it broke
-compiling against musl libc. Might be a bug in the latter, but for the
-time being try to please both by avoiding the include and instead
-defining ETH_ALEN if unset.
-
-While being at it, move netinet/ether.h include up.
-
-Fixes: 1bdb5535f561a ("libxtables: Extend MAC address printing/parsing support")
-Signed-off-by: Phil Sutter <phil@nwl.cc>
-Reviewed-by: Maciej Żenczykowski <maze@google.com>
---- a/libxtables/xtables.c
-+++ b/libxtables/xtables.c
-@@ -28,6 +28,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <netinet/ether.h>
- #include <sys/socket.h>
- #include <sys/stat.h>
- #include <sys/statfs.h>
-@@ -45,7 +46,6 @@
- 
- #include <xtables.h>
- #include <limits.h> /* INT_MAX in ip_tables.h/ip6_tables.h */
--#include <linux/if_ether.h> /* ETH_ALEN */
- #include <linux/netfilter_ipv4/ip_tables.h>
- #include <linux/netfilter_ipv6/ip6_tables.h>
- #include <libiptc/libxtc.h>
-@@ -72,6 +72,10 @@
- #define PROC_SYS_MODPROBE "/proc/sys/kernel/modprobe"
- #endif
- 
-+#ifndef ETH_ALEN
-+#define ETH_ALEN 6
-+#endif
-+
- /* we need this for ip6?tables-restore.  ip6?tables-restore.c sets line to the
-  * current line of the input file, in order  to give a more precise error
-  * message.  ip6?tables itself doesn't need this, so it is initialized to the
-@@ -2245,8 +2249,6 @@ void xtables_print_num(uint64_t number, unsigned int format)
- 	printf(FMT("%4lluT ","%lluT "), (unsigned long long)number);
- }
- 
--#include <netinet/ether.h>
--
- static const unsigned char mac_type_unicast[ETH_ALEN] =   {};
- static const unsigned char msk_type_unicast[ETH_ALEN] =   {1};
- static const unsigned char mac_type_multicast[ETH_ALEN] = {1};
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch b/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
deleted file mode 100644
index ee9e218b5dbd..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-out-of-tree-build.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=0ebf52fc951b2a4d98a166afb34af4f364bbeece
-
-From: Ben Brown <ben@demerara.io>
-Date: Wed, 25 May 2022 16:26:13 +0100
-Subject: build: Fix error during out of tree build
-
-Fixes the following error:
-
-    ../../libxtables/xtables.c:52:10: fatal error: libiptc/linux_list.h: No such file or directory
-       52 | #include <libiptc/linux_list.h>
-
-Fixes: f58b0d7406451 ("libxtables: Implement notargets hash table")
-Signed-off-by: Ben Brown <ben@demerara.io>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/libxtables/Makefile.am
-+++ b/libxtables/Makefile.am
-@@ -1,7 +1,7 @@
- # -*- Makefile -*-
- 
- AM_CFLAGS   = ${regular_CFLAGS}
--AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables ${kinclude_CPPFLAGS}
-+AM_CPPFLAGS = ${regular_CPPFLAGS} -I${top_builddir}/include -I${top_srcdir}/include -I${top_srcdir}/iptables -I${top_srcdir} ${kinclude_CPPFLAGS}
- 
- lib_LTLIBRARIES       = libxtables.la
- libxtables_la_SOURCES = xtables.c xtoptions.c getethertype.c
-cgit v1.2.3
diff --git a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch b/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
deleted file mode 100644
index 40302f624e23..000000000000
--- a/net-firewall/iptables/files/iptables-1.8.8-uint-musl.patch
+++ /dev/null
@@ -1,135 +0,0 @@
-https://git.netfilter.org/iptables/commit/?id=f319389525b066b7dc6d389c88f16a0df3b8f189
-
-From: Nick Hainke <vincent@systemli.org>
-Date: Mon, 16 May 2022 18:16:41 +0200
-Subject: treewide: use uint* instead of u_int*
-
-Gcc complains about missing types. Some commits introduced u_int* instead
-of uint*. Use uint treewide.
-
-Fixes errors in the form of:
-In file included from xtables-legacy-multi.c:5:
-xshared.h:83:56: error: unknown type name 'u_int16_t'; did you mean 'uint16_t'?
-    83 | set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-        |                                                        ^~~~~~~~~
-        |                                                        uint16_t
-make[6]: *** [Makefile:712: xtables_legacy_multi-xtables-legacy-multi.o] Error 1
-
-Avoid libipq API breakage by adjusting libipq.h include accordingly. For
-arpt_mangle.h kernel uAPI header, apply same change as in kernel commit
-e91ded8db5747 ("uapi: netfilter_arp: use __u8 instead of u_int8_t").
-
-Signed-off-by: Nick Hainke <vincent@systemli.org>
-Signed-off-by: Phil Sutter <phil@nwl.cc>
---- a/extensions/libxt_conntrack.c
-+++ b/extensions/libxt_conntrack.c
-@@ -778,7 +778,7 @@ matchinfo_print(const void *ip, const struct xt_entry_match *match, int numeric,
- 
- static void
- conntrack_dump_ports(const char *prefix, const char *opt,
--		     u_int16_t port_low, u_int16_t port_high)
-+		     uint16_t port_low, uint16_t port_high)
- {
- 	if (port_high == 0 || port_low == port_high)
- 		printf(" %s%s %u", prefix, opt, port_low);
---- a/include/libipq/libipq.h
-+++ b/include/libipq/libipq.h
-@@ -24,7 +24,7 @@
- #include <errno.h>
- #include <unistd.h>
- #include <fcntl.h>
--#include <sys/types.h>
-+#include <stdint.h>
- #include <sys/socket.h>
- #include <sys/uio.h>
- #include <asm/types.h>
-@@ -48,19 +48,19 @@ typedef unsigned long ipq_id_t;
- struct ipq_handle
- {
- 	int fd;
--	u_int8_t blocking;
-+	uint8_t blocking;
- 	struct sockaddr_nl local;
- 	struct sockaddr_nl peer;
- };
- 
--struct ipq_handle *ipq_create_handle(u_int32_t flags, u_int32_t protocol);
-+struct ipq_handle *ipq_create_handle(uint32_t flags, uint32_t protocol);
- 
- int ipq_destroy_handle(struct ipq_handle *h);
- 
- ssize_t ipq_read(const struct ipq_handle *h,
-                 unsigned char *buf, size_t len, int timeout);
- 
--int ipq_set_mode(const struct ipq_handle *h, u_int8_t mode, size_t len);
-+int ipq_set_mode(const struct ipq_handle *h, uint8_t mode, size_t len);
- 
- ipq_packet_msg_t *ipq_get_packet(const unsigned char *buf);
- 
---- a/include/libiptc/libxtc.h
-+++ b/include/libiptc/libxtc.h
-@@ -10,7 +10,7 @@ extern "C" {
- #endif
- 
- #ifndef XT_MIN_ALIGN
--/* xt_entry has pointers and u_int64_t's in it, so if you align to
-+/* xt_entry has pointers and uint64_t's in it, so if you align to
-    it, you'll also align to any crazy matches and targets someone
-    might write */
- #define XT_MIN_ALIGN (__alignof__(struct xt_entry))
---- a/include/linux/netfilter_arp/arpt_mangle.h
-+++ b/include/linux/netfilter_arp/arpt_mangle.h
-@@ -13,7 +13,7 @@ struct arpt_mangle
- 	union {
- 		struct in_addr tgt_ip;
- 	} u_t;
--	u_int8_t flags;
-+	__u8 flags;
- 	int target;
- };
- 
---- a/iptables/xshared.c
-+++ b/iptables/xshared.c
-@@ -1025,7 +1025,7 @@ static const int inverse_for_options[NUMBER_OF_OPT] =
- };
- 
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- 	   bool invert)
- {
- 	if (*options & option)
---- a/iptables/xshared.h
-+++ b/iptables/xshared.h
-@@ -80,7 +80,7 @@ struct xtables_target;
- #define IPT_INV_ARPHRD		0x0800
- 
- void
--set_option(unsigned int *options, unsigned int option, u_int16_t *invflg,
-+set_option(unsigned int *options, unsigned int option, uint16_t *invflg,
- 	   bool invert);
- 
- /**
---- a/libipq/ipq_create_handle.3
-+++ b/libipq/ipq_create_handle.3
-@@ -24,7 +24,7 @@ ipq_create_handle, ipq_destroy_handle \(em create and destroy libipq handles.
- .br
- .B #include <libipq.h>
- .sp
--.BI "struct ipq_handle *ipq_create_handle(u_int32_t " flags ", u_int32_t " protocol ");"
-+.BI "struct ipq_handle *ipq_create_handle(uint32_t " flags ", uint32_t " protocol ");"
- .br
- .BI "int ipq_destroy_handle(struct ipq_handle *" h );
- .SH DESCRIPTION
---- a/libipq/ipq_set_mode.3
-+++ b/libipq/ipq_set_mode.3
-@@ -24,7 +24,7 @@ ipq_set_mode \(em set the ip_queue queuing mode
- .br
- .B #include <libipq.h>
- .sp
--.BI "int ipq_set_mode(const struct ipq_handle *" h ", u_int8_t " mode ", size_t " range );
-+.BI "int ipq_set_mode(const struct ipq_handle *" h ", uint8_t " mode ", size_t " range );
- .SH DESCRIPTION
- The
- .B ipq_set_mode
-cgit v1.2.3
diff --git a/net-firewall/iptables/iptables-1.8.8-r5.ebuild b/net-firewall/iptables/iptables-1.8.10-r1.ebuild
index cf0ad131a044..4dc9d9c412ed 100644
--- a/net-firewall/iptables/iptables-1.8.8-r5.ebuild
+++ b/net-firewall/iptables/iptables-1.8.10-r1.ebuild
@@ -3,25 +3,28 @@
 
 EAPI=8
 
-inherit systemd toolchain-funcs autotools flag-o-matic usr-ldscript
+inherit systemd toolchain-funcs autotools flag-o-matic
 
 DESCRIPTION="Linux kernel (2.4+) firewall, NAT and packet mangling tools"
 HOMEPAGE="https://www.netfilter.org/projects/iptables/"
-SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.bz2"
+SRC_URI="https://www.netfilter.org/projects/iptables/files/${P}.tar.xz"
 
 LICENSE="GPL-2"
 # Subslot reflects PV when libxtables and/or libip*tc was changed
 # the last time.
 SLOT="0/1.8.3"
-KEYWORDS="~alpha amd64 arm arm64 hppa ~ia64 ~loong ~m68k ~mips ppc ppc64 ~riscv ~s390 sparc x86"
-IUSE="conntrack netlink nftables pcap static-libs"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~m68k ~mips ~ppc ~ppc64 ~riscv ~s390 ~sparc ~x86"
+IUSE="conntrack netlink nftables pcap static-libs test"
+RESTRICT="!test? ( test )"
+# TODO: skip tests needing nftables if no xtables-nft-multi (bug #890628)
+REQUIRED_USE="test? ( conntrack nftables )"
 
 COMMON_DEPEND="
 	conntrack? ( >=net-libs/libnetfilter_conntrack-1.0.6 )
 	netlink? ( net-libs/libnfnetlink )
 	nftables? (
 		>=net-libs/libmnl-1.0:=
-		>=net-libs/libnftnl-1.1.6:=
+		>=net-libs/libnftnl-1.2.6:=
 	)
 	pcap? ( net-libs/libpcap )
 "
@@ -46,13 +49,7 @@ RDEPEND="
 IDEPEND=">=app-eselect/eselect-iptables-20220320"
 
 PATCHES=(
-	"${FILESDIR}/iptables-1.8.4-no-symlinks.patch"
-	"${FILESDIR}/iptables-1.8.2-link.patch"
-
-	"${FILESDIR}/${P}-format-security.patch"
-	"${FILESDIR}/${P}-uint-musl.patch"
-	"${FILESDIR}/${P}-musl-headers.patch"
-	"${FILESDIR}/${P}-out-of-tree-build.patch"
+	"${FILESDIR}"/${PN}-1.8.4-no-symlinks.patch
 )
 
 src_prepare() {
@@ -102,7 +99,7 @@ src_install() {
 	# https://bugs.gentoo.org/881295
 	rm "${ED}/usr/bin/iptables-xml" || die
 
-	dodoc INCOMPATIBILITIES iptables/iptables.xslt
+	dodoc iptables/iptables.xslt
 
 	# All the iptables binaries are in /sbin, so might as well
 	# put these small files in with them
@@ -132,9 +129,6 @@ src_install() {
 
 	systemd_dounit "${FILESDIR}"/systemd/ip{,6}tables-{re,}store.service
 
-	# Move important libs to /lib, bug #332175
-	gen_usr_ldscript -a ip{4,6}tc xtables
-
 	find "${ED}" -type f -name "*.la" -delete || die
 }
 
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index 0dfa50c26bc2..980f347a01c7 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -1,21 +1,13 @@
 AUX libexec/nftables-mk.sh 1070 BLAKE2B 30d8109d74e7d8c4f51c753f676f91a1902ad42f6d68662f1191ff73d2a43a1bf49fb795f3763705f8aeb0a4f22cab0006a943e01adb188f1ef9eb05125dfdbd SHA512 a14e48f014f75c7e611bf2a653d9760804754febd1ae4543f78abbfbe60c79f5aa07c5fd53fe26bb74b48fcb8cb8aa78274771212e41c42db031e8c8ba7e81d2
 AUX libexec/nftables.sh 3665 BLAKE2B 74362a4425e974e74e7b895980002f0ded2ecbb4731bbf956edb56ffb9f1ad394802c4eeab3af3735eba4d8e71572a5663e564ce4e7fad76c9715043b90c1b43 SHA512 6cb1ac0928ae2da5c69764d45c52a661a6d72698bb9edd6a603580d2f9bd82b59f2a2661e7569ade3a3b729459d115004f251ad6a5eac8cdf1d38c65bfa9349e
 AUX man-pages/gen-manpages.bash 1797 BLAKE2B c93cc311570abd674a12eb88711cf01664f437b8dc0fb4de36194f36671d92c35e04fcff6c56adcb0e642f089169f63ef063736398584e5e7ce799bf55acf2ff SHA512 ea3291412ce13d9dd463403fcc11c665c9de63edaabdecaf55e051b52b0ff845c9c7d63a6c4c08e4d2d94428815fe11daf9b7390081b4e9de4774e188b9ea677
-AUX nftables-1.0.8-fix-regression-evaluate.patch 6903 BLAKE2B a211c8765e1d2181bce6dcd45ae5c9e9dc5b73daa00577ea9d192d92dd5546976dc42a64381ad37ddb9fe18ad330c68a5bd0faa49648a97f66444c7e8aacd97d SHA512 0072853d07c89bb0f5f92a224b761e3ce9724b4a8712024e3d0abf881ba4964f3e85e5680f660b5565a551aa9b5b4106eed3ba8affbe9db02358292127971daf
 AUX nftables-mk.confd 899 BLAKE2B f4c3d82fbae87fb0d755af786a98db591b6a667cf33660ba9275ada2e6417fad1899a7f29762f23c112fc5c9e178bc7590c3b2ba26617853c3577917bd7d3edf SHA512 505ed05674a04367f1a3d5cf6447596ad1c3b2e9c920697f12f58a20d94c2a39b0041bb4911678511c4548566a69d964661d4afc3e7e27997943b875f204c602
 AUX nftables-mk.init-r1 1970 BLAKE2B 9ece7da364eac76ef2ac401f4cc3ed558e926e8f07ab43f084de819098e9543bda0a9a8d40375e4e01dd6e53b92d744acf8f3caaeab1c3678ca84b1f48d59685 SHA512 9f1e491ba5fd8a1173eb055bfa5a0de3c040c158e7d54848fcd373a5f4c4041df6fb9ddc5b0e8fdfd78243665c627b8767816bcf94dd142b441b21227206fef3
 AUX nftables.confd 655 BLAKE2B 5512be1edd43e270941de3d9b66fda69e4afd7c7e6e970b232a044c2fd64f8e50b9b55a4fe670174c3eabf3d176ee0158c1043baec4b76b0802e7e97bc862fcf SHA512 8370abcdc89fcd9da5dc7d1620be6afb4633b8bcd0a8a120b464cc1a7e1fab6f34956c293da3f6d3cbe1f7a2e03038fd0c94a614137ae5657d29ffdb5f3fa144
 AUX nftables.init-r1 2279 BLAKE2B 1c4c28ea5b6a22905b3ec7de8e54726933b579352ecd799b7641384a138ffa2d4a2deb87d84ef5d75a43ae30759f1550d611c2560096bb5083cae9bb834be2bb SHA512 2165223bfd4f300b9cc01f604347fc5167f68515174b0d116b667bd05f4baf8c2f931e482f632975a8be371c2147951d9407f397ea4dbcbac79a6738cbd23015
 AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f11a8df6621c3c919e30a1ec1213f6db822c390609c01827fe9fc75c540effa3e3a7b6f93bd24e16ea19841bbfaab796ed SHA512 18da6a770bb3e94fd6b2c9e6f033450aaff9fe886c8846f780d08a21e2fc884ac078652743b50b3d4ea8c9500f92d272bdd27e2881e438c2b223d40816c100a0
-DIST nftables-1.0.7.tar.xz 857140 BLAKE2B 972adbb958f36b300618ce03fbbfc1fdb6fd55a3512227e4bc1fd71365be5cc8d3ee105424e8cc513588100bf00d5e69486310435efb2b0d3f5d464ed6999859 SHA512 063f3a42327fd4dca9214314c7e7bcc7310f2ccbbce4c36f86a291d61d443f94b0f91435ecd04eb757596df8be91a802daeef394ba422c3623a81b2917e01116
-DIST nftables-1.0.7.tar.xz.sig 566 BLAKE2B 53abe2598e9b362912d3e2e94ea6e04352d0484b9d1d645c8f18b6133be53d63a8d71d500e57528a57aededb84dedaf61010236afda560b16e7642db45e2f45c SHA512 b5821aa6939dc5b4d16065d9d7083e4ff40b9f99417354efbcbc95a8ccde43108b99a5b8a75a24086cd3df2291a049cad3adb7b06e2c098f0eb7861f85c5c768
-DIST nftables-1.0.8.tar.xz 882980 BLAKE2B cdf174846cbc3e581993cdee3a24e5ead3fdbb3d6b24d51473ed88affb7fcf70279a8374a4963b31044a9e64cb72ddb28ca1f1686bbaa3101eed4d623fb67d05 SHA512 06053c05a0d7c84a5cc4d22733836dadf9880c3552df3dace6d30aea95c7e1edb5528ea45df8576f282c15bf58f23407e26efb22257bd98a478849a8bdd4f8d5
-DIST nftables-1.0.8.tar.xz.sig 566 BLAKE2B 2f22b9467a55a46ec9e8caf13efe3cd59a6a1a867174602b583549ccaff54576b5f80b5ad9b1cefd208c3f49bc6ce07072626218f479628df369ed7294e1b83b SHA512 0ddd8f29dc5ba891069c63715719f11c0a4745f1e3cd9cd7f9e388ac35835cfbe8f34b371a2ce2a06cbda42384cc72d0bf57746fb02757d68a9b053bbbd67a77
 DIST nftables-1.0.9.tar.xz 971968 BLAKE2B 1dfd1e79d3a7b645fd0995dad10893d70dbd13c92805c5cf30825acbbeb45071b2095072cecbd14b4f66cf0c284d2937a996c6b8013213438f53b92731af039d SHA512 dc34099658e283d9fd4d06264b593710121074558305ea23ab298c5f6a6b564a826f186241b6e106fbaa4e11160cf77e68bb52b4ce401b28d8d2e403cd4b88e8
 DIST nftables-1.0.9.tar.xz.sig 566 BLAKE2B d4bb0a1f629d2950753799fba18f6c3ce50e5ff242816e392245a714bfeccb3408583added4362f1e0da47cc6e30b0b95f864cf8443a1872d59ae40b15b5f706 SHA512 9b96ce8539700713ff4802fb2deff5b2ea0dd3155c45f5a8f49a45f70226893c7449e0b79504833b2e63e5290290e693c962128a226ca8f6ca281185bdcd7b51
-EBUILD nftables-1.0.7-r1.ebuild 6835 BLAKE2B 4a6ab7443ed492eb1029c3f6a065101a85b92a87b8cfe872e7ed1d9a9fd44c3a56be38f7295bb5c881521a783cc55ad3fd8883fd6d76ccd8c96374a7eefabf11 SHA512 6e8c6a6e12a55bcb32c697658445d5e33453dc252fb2260187c0b513a0356663e0e491beb2901c0edc89ee0573499dc1dbb5342c3569031ccaf8cb95bddf2f21
-EBUILD nftables-1.0.8-r1.ebuild 6452 BLAKE2B 97ddb81c64df8e81900eb6c41818c484669cbd462c1b4f5a0360cc867637f30e4df4f31c34e680b12e0a5174988004887b61b2eead5d460c5a4b90b09ca911ec SHA512 edb90cfaf1474698b9a68be020627fbfacac7a275b8ebda497e958708019e3f0a357ea826ec654c9d774689716139295ace2b0cf0879f7bd6f8b9d82b46cf699
-EBUILD nftables-1.0.8-r2.ebuild 6512 BLAKE2B 809ade4a868b3307db5088208fbe3339864c977890fe9c6e2545df6c3426189106bcfc8d64ddd03e1344237902c9f64d8ffabf4106a8ce6b55f5be8c4911d1cf SHA512 10dd618102a51036105c2aa2eb2931a6c0c63142d540e3e124f098cb7299d65ee054eb87e134bcccb85cbc2f64102ebe8b25bca0367297933748b520f6cd1aef
 EBUILD nftables-1.0.9.ebuild 6478 BLAKE2B 6a2b1299a1f12d13a24021019b5134294b64f46e87dbbe3419127777f1959eb2b608aab5203a24e7efb5ea7f5fbc35eb9a361bc92d7abc8dd6de34c1be5f527b SHA512 26fce18a97ddca1eb163f22d304f04b70d765a39d36e8b2d9ddaa8233835bbb83fd76631bae5a2db0890947095136bccf45b75c0df414b0870a4756ebda26843
 EBUILD nftables-9999.ebuild 6486 BLAKE2B ff3058cc2be5b26e39f6669d587d56f53db08a31aae5a6149450c1b98554ce4895e34754c24b5423b5ce5be007ad81d581230c6b69f50660b515f5574e78f727 SHA512 ab875fbab2efb4c89116e26e2da961ba000c89057c930bf23be26f4d4a41eea833758e196cd0fa9a78402e5d01f89640fefab4822acce2f06012e970f8948525
-MISC metadata.xml 933 BLAKE2B 8e76ce489c41dcc01e222d77af40f2ba5cb7ddffc2bc818c6fc8c16e24dc308c125ce4d78db1647e77af96f32c85dd3391f7079e2cee26c129c56557e0c48c8a SHA512 058d38df1dbb2c1d0e611bd992f37498d3977561c3b34846fdf0d569573f2ef93a29a216ab491e583cfc2399c55c839d256dfcf8b1d7aaba63ed6ea90f22df25
+MISC metadata.xml 824 BLAKE2B 141fb69b52c99b995ae70254175a0e9d9547994b284bc5285e1c556b74c6b3cd0f4d65b34a67eff660baf2ab8dd9b353cc6e7494517ee59c8c153d9b805b3cbc SHA512 b76c748da850aaca6e62ce3fba6bb48066ec61195618b2222f8395e503b29d41ed41b054d8d40f06b06ba578ef13405e92e1ec90b20b8125aa261a63a7b83cab
diff --git a/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch b/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch
deleted file mode 100644
index 1b81ab0e6ef2..000000000000
--- a/net-firewall/nftables/files/nftables-1.0.8-fix-regression-evaluate.patch
+++ /dev/null
@@ -1,235 +0,0 @@
-https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719001444.154070-1-pablo@netfilter.org/
-https://git.netfilter.org/nftables/commit/?id=5f1676ac9f1aeb36d7695c3c354dade013a1e4f3
-
-From 5f1676ac9f1aeb36d7695c3c354dade013a1e4f3 Mon Sep 17 00:00:00 2001
-From: Pablo Neira Ayuso <pablo@netfilter.org>
-Date: Tue, 18 Jul 2023 23:10:01 +0200
-Subject: meta: stash context statement length when generating payload/meta
- dependency
-
-... meta mark set ip dscp
-
-generates an implicit dependency from the inet family to match on meta
-nfproto ip.
-
-The length of this implicit expression is incorrectly adjusted to the
-statement length, ie. relational to compare meta nfproto takes 4 bytes
-instead of 1 byte. The evaluation of 'ip dscp' under the meta mark
-statement triggers this implicit dependency which should not consider
-the context statement length since it is added before the statement
-itself.
-
-This problem shows when listing the ruleset, since netlink_parse_cmp()
-where left->len < right->len, hence handling the implicit dependency as
-a concatenation, but it is actually a bug in the evaluation step that
-leads to incorrect bytecode.
-
-Fixes: 3c64ea7995cb ("evaluate: honor statement length in integer evaluation")
-Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand")
-Tested-by: Brian Davidson <davidson.brian@gmail.com>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---- a/src/payload.c
-+++ b/src/payload.c
-@@ -409,6 +409,7 @@ static int payload_add_dependency(struct eval_ctx *ctx,
- 	const struct proto_hdr_template *tmpl;
- 	struct expr *dep, *left, *right;
- 	struct proto_ctx *pctx;
-+	unsigned int stmt_len;
- 	struct stmt *stmt;
- 	int protocol;
- 
-@@ -429,11 +430,16 @@ static int payload_add_dependency(struct eval_ctx *ctx,
- 				    constant_data_ptr(protocol, tmpl->len));
- 
- 	dep = relational_expr_alloc(&expr->location, OP_EQ, left, right);
-+
-+	stmt_len = ctx->stmt_len;
-+	ctx->stmt_len = 0;
-+
- 	stmt = expr_stmt_alloc(&dep->location, dep);
- 	if (stmt_evaluate(ctx, stmt) < 0) {
- 		return expr_error(ctx->msgs, expr,
- 					  "dependency statement is invalid");
- 	}
-+	ctx->stmt_len = stmt_len;
- 
- 	if (ctx->inner_desc) {
- 		if (tmpl->meta_key)
-@@ -543,6 +549,7 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
- 	const struct hook_proto_desc *h;
- 	const struct proto_desc *desc;
- 	struct proto_ctx *pctx;
-+	unsigned int stmt_len;
- 	struct stmt *stmt;
- 	uint16_t type;
- 
-@@ -559,12 +566,18 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
- 					  "protocol specification is invalid "
- 					  "for this family");
- 
-+		stmt_len = ctx->stmt_len;
-+		ctx->stmt_len = 0;
-+
- 		stmt = meta_stmt_meta_iiftype(&expr->location, type);
- 		if (stmt_evaluate(ctx, stmt) < 0) {
- 			return expr_error(ctx->msgs, expr,
- 					  "dependency statement is invalid");
- 		}
- 		*res = stmt;
-+
-+		ctx->stmt_len = stmt_len;
-+
- 		return 0;
- 	}
- 
---- a/tests/py/inet/meta.t
-+++ b/tests/py/inet/meta.t
-@@ -25,3 +25,8 @@ meta mark set ct mark >> 8;ok
- meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 };ok
- ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 };ok
- ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 };ok
-+
-+meta mark set ip dscp;ok
-+meta mark set ip dscp | 0x40;ok
-+meta mark set ip6 dscp;ok
-+meta mark set ip6 dscp | 0x40;ok
---- a/tests/py/inet/meta.t.json
-+++ b/tests/py/inet/meta.t.json
-@@ -440,3 +440,89 @@
-     }
- ]
- 
-+# meta mark set ip dscp
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "payload": {
-+                    "field": "dscp",
-+                    "protocol": "ip"
-+                }
-+            }
-+        }
-+    }
-+]
-+
-+# meta mark set ip dscp | 0x40
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "|": [
-+                    {
-+                        "payload": {
-+                            "field": "dscp",
-+                            "protocol": "ip"
-+                        }
-+                    },
-+                    64
-+                ]
-+            }
-+        }
-+    }
-+]
-+
-+# meta mark set ip6 dscp
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "payload": {
-+                    "field": "dscp",
-+                    "protocol": "ip6"
-+                }
-+            }
-+        }
-+    }
-+]
-+
-+# meta mark set ip6 dscp | 0x40
-+[
-+    {
-+        "mangle": {
-+            "key": {
-+                "meta": {
-+                    "key": "mark"
-+                }
-+            },
-+            "value": {
-+                "|": [
-+                    {
-+                        "payload": {
-+                            "field": "dscp",
-+                            "protocol": "ip6"
-+                        }
-+                    },
-+                    64
-+                ]
-+            }
-+        }
-+    }
-+]
-+
---- a/tests/py/inet/meta.t.payload
-+++ b/tests/py/inet/meta.t.payload
-@@ -133,3 +133,43 @@ inet test-inet input
-   [ meta load mark => reg 9 ]
-   [ lookup reg 1 set __set%d ]
- 
-+# meta mark set ip dscp
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x00000002 ]
-+  [ payload load 1b @ network header + 1 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
-+  [ meta set mark with reg 1 ]
-+
-+# meta mark set ip dscp | 0x40
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x00000002 ]
-+  [ payload load 1b @ network header + 1 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
-+  [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
-+  [ meta set mark with reg 1 ]
-+
-+# meta mark set ip6 dscp
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x0000000a ]
-+  [ payload load 2b @ network header + 0 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
-+  [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
-+  [ meta set mark with reg 1 ]
-+
-+# meta mark set ip6 dscp | 0x40
-+inet test-inet input
-+  [ meta load nfproto => reg 1 ]
-+  [ cmp eq reg 1 0x0000000a ]
-+  [ payload load 2b @ network header + 0 => reg 1 ]
-+  [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
-+  [ byteorder reg 1 = ntoh(reg 1, 2, 2) ]
-+  [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
-+  [ bitwise reg 1 = ( reg 1 & 0xffffffbf ) ^ 0x00000040 ]
-+  [ meta set mark with reg 1 ]
-+
--- 
-cgit v1.2.3
diff --git a/net-firewall/nftables/metadata.xml b/net-firewall/nftables/metadata.xml
index 9b4ce12e54e0..1fcc64724c1f 100644
--- a/net-firewall/nftables/metadata.xml
+++ b/net-firewall/nftables/metadata.xml
@@ -16,7 +16,6 @@
 	<use>
 		<flag name="doc">Create man pages for the package (requires <pkg>app-text/asciidoc</pkg>)</flag>
 		<flag name="json">Enable JSON support via <pkg>dev-libs/jansson</pkg></flag>
-		<flag name="modern-kernel">Install init scripts for 3.18 or higher kernels with atomic rule updates</flag>
 		<flag name="xtables">Add libxtables support to try to automatically translate rules added by iptables-compat</flag>
 	</use>
 </pkgmetadata>
diff --git a/net-firewall/nftables/nftables-1.0.7-r1.ebuild b/net-firewall/nftables/nftables-1.0.7-r1.ebuild
deleted file mode 100644
index d5054eca943d..000000000000
--- a/net-firewall/nftables/nftables-1.0.7-r1.ebuild
+++ /dev/null
@@ -1,232 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-PYTHON_COMPAT=( python3_{9..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-	BDEPEND="app-alternatives/yacc"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.xz
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )"
-	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-# See COPYING: new code is GPL-2+, existing code is GPL-2
-LICENSE="GPL-2 GPL-2+"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit +modern-kernel python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:=
-	>=net-libs/libnftnl-1.2.5:=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND+="
-	app-alternatives/lex
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${PYTHON_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	local stderr
-
-	# There's a history of regressions with nftables upgrades. Perform a
-	# safety check to help us spot them earlier. For the check to pass, the
-	# currently loaded ruleset, if any, must be successfully evaluated by
-	# the newly built instance of nft(8).
-	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
-		# Either nftables isn't yet in use or nft(8) cannot be executed.
-		return
-	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
-		# Report errors induced by trying to list the ruleset but don't
-		# treat them as being fatal.
-		printf '%s\n' "${stderr}" >&2
-	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
-		# Rulesets generated by iptables-nft are special in nature and
-		# will not always be printed in a way that constitutes a valid
-		# syntax for ntf(8). Ignore them.
-		return
-	elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
-		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-		eerror "nft. This probably means that there is a regression introduced by v${PV}."
-		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-			die "Aborting because of failed nft reload!"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}
diff --git a/net-firewall/nftables/nftables-1.0.8-r1.ebuild b/net-firewall/nftables/nftables-1.0.8-r1.ebuild
deleted file mode 100644
index 221f5fa3d427..000000000000
--- a/net-firewall/nftables/nftables-1.0.8-r1.ebuild
+++ /dev/null
@@ -1,217 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-	BDEPEND="app-alternatives/yacc"
-else
-	SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.xz
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )"
-	KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~ia64 ~loong ~mips ~ppc ~ppc64 ~riscv ~sparc ~x86"
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-# See COPYING: new code is GPL-2+, existing code is GPL-2
-LICENSE="GPL-2 GPL-2+"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:=
-	>=net-libs/libnftnl-1.2.6:=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND+="
-	app-alternatives/lex
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${DISTUTILS_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}-mk.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	local stderr
-
-	# There's a history of regressions with nftables upgrades. Perform a
-	# safety check to help us spot them earlier. For the check to pass, the
-	# currently loaded ruleset, if any, must be successfully evaluated by
-	# the newly built instance of nft(8).
-	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
-		# Either nftables isn't yet in use or nft(8) cannot be executed.
-		return
-	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
-		# Report errors induced by trying to list the ruleset but don't
-		# treat them as being fatal.
-		printf '%s\n' "${stderr}" >&2
-	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
-		# Rulesets generated by iptables-nft are special in nature and
-		# will not always be printed in a way that constitutes a valid
-		# syntax for ntf(8). Ignore them.
-		return
-	elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
-		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-		eerror "nft. This probably means that there is a regression introduced by v${PV}."
-		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-			die "Aborting because of failed nft reload!"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}
diff --git a/net-firewall/nftables/nftables-1.0.8-r2.ebuild b/net-firewall/nftables/nftables-1.0.8-r2.ebuild
deleted file mode 100644
index 6f7b07fcd40b..000000000000
--- a/net-firewall/nftables/nftables-1.0.8-r2.ebuild
+++ /dev/null
@@ -1,223 +0,0 @@
-# Copyright 1999-2024 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-DISTUTILS_OPTIONAL=1
-DISTUTILS_USE_PEP517=setuptools
-PYTHON_COMPAT=( python3_{10..11} )
-VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/netfilter.org.asc
-inherit edo linux-info distutils-r1 systemd verify-sig
-
-DESCRIPTION="Linux kernel firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-
-if [[ ${PV} =~ ^[9]{4,}$ ]]; then
-	inherit autotools git-r3
-	EGIT_REPO_URI="https://git.netfilter.org/${PN}"
-	BDEPEND="app-alternatives/yacc"
-else
-	SRC_URI="
-		https://netfilter.org/projects/nftables/files/${P}.tar.xz
-		verify-sig? ( https://netfilter.org/projects/nftables/files/${P}.tar.xz.sig )
-	"
-	KEYWORDS="amd64 arm arm64 hppa ~ia64 ~loong ~mips ppc ppc64 ~riscv sparc x86"
-	BDEPEND="verify-sig? ( sec-keys/openpgp-keys-netfilter )"
-fi
-
-# See COPYING: new code is GPL-2+, existing code is GPL-2
-LICENSE="GPL-2 GPL-2+"
-SLOT="0/1"
-IUSE="debug doc +gmp json libedit python +readline static-libs test xtables"
-RESTRICT="!test? ( test )"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:=
-	>=net-libs/libnftnl-1.2.6:=
-	gmp? ( dev-libs/gmp:= )
-	json? ( dev-libs/jansson:= )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:= )
-	xtables? ( >=net-firewall/iptables-1.6.1:= )
-"
-DEPEND="${RDEPEND}"
-BDEPEND+="
-	app-alternatives/lex
-	virtual/pkgconfig
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	python? ( ${DISTUTILS_DEPS} )
-"
-
-REQUIRED_USE="
-	python? ( ${PYTHON_REQUIRED_USE} )
-	libedit? ( !readline )
-"
-
-PATCHES=(
-	"${FILESDIR}"/${P}-fix-regression-evaluate.patch
-)
-
-src_prepare() {
-	default
-
-	if [[ ${PV} =~ ^[9]{4,}$ ]] ; then
-		eautoreconf
-	fi
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_prepare
-		popd >/dev/null || die
-	fi
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--disable-static
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with libedit cli editline)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_configure
-		popd >/dev/null || die
-	fi
-}
-
-src_compile() {
-	default
-
-	if use python; then
-		pushd py >/dev/null || die
-		distutils-r1_src_compile
-		popd >/dev/null || die
-	fi
-}
-
-src_test() {
-	emake check
-
-	if [[ ${EUID} == 0 ]]; then
-		edo tests/shell/run-tests.sh -v
-	else
-		ewarn "Skipping shell tests (requires root)"
-	fi
-
-	# Need to rig up Python eclass if using this, but it doesn't seem to work
-	# for me anyway.
-	#cd tests/py || die
-	#"${EPYTHON}" nft-test.py || die
-}
-
-src_install() {
-	default
-
-	if ! use doc && [[ ! ${PV} =~ ^[9]{4,}$ ]]; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	# Do it here instead of in src_prepare to avoid eautoreconf
-	# rmdir lets us catch if more files end up installed in /etc/nftables
-	dodir /usr/share/doc/${PF}/skels/
-	mv "${ED}"/etc/nftables/osf "${ED}"/usr/share/doc/${PF}/skels/osf || die
-	rmdir "${ED}"/etc/nftables || die
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}-mk.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}-mk.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}-mk.init-r1 ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		pushd py >/dev/null || die
-		distutils-r1_src_install
-		popd >/dev/null || die
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_preinst() {
-	local stderr
-
-	# There's a history of regressions with nftables upgrades. Perform a
-	# safety check to help us spot them earlier. For the check to pass, the
-	# currently loaded ruleset, if any, must be successfully evaluated by
-	# the newly built instance of nft(8).
-	if [[ -n ${ROOT} ]] || [[ ! -d /sys/module/nftables ]] || [[ ! -x /sbin/nft ]]; then
-		# Either nftables isn't yet in use or nft(8) cannot be executed.
-		return
-	elif ! stderr=$(umask 177; /sbin/nft -t list ruleset 2>&1 >"${T}"/ruleset.nft); then
-		# Report errors induced by trying to list the ruleset but don't
-		# treat them as being fatal.
-		printf '%s\n' "${stderr}" >&2
-	elif [[ ${stderr} == *"is managed by iptables-nft"* ]]; then
-		# Rulesets generated by iptables-nft are special in nature and
-		# will not always be printed in a way that constitutes a valid
-		# syntax for ntf(8). Ignore them.
-		return
-	elif set -- "${ED}"/usr/lib*/libnftables.so; ! LD_LIBRARY_PATH=${1%/*} "${ED}"/sbin/nft -c -f -- "${T}"/ruleset.nft; then
-		eerror "Your currently loaded ruleset cannot be parsed by the newly built instance of"
-		eerror "nft. This probably means that there is a regression introduced by v${PV}."
-		eerror "(To make the ebuild fail instead of warning, set NFTABLES_ABORT_ON_RELOAD_FAILURE=1.)"
-		if [[ -n ${NFTABLES_ABORT_ON_RELOAD_FAILURE} ]] ; then
-			die "Aborting because of failed nft reload!"
-		fi
-	fi
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}"/var/lib/nftables/rules-save
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	if has_version 'sys-apps/systemd'; then
-		elog "If you wish to enable the firewall rules on boot (on systemd) you"
-		elog "will need to enable the nftables-restore service."
-		elog "    'systemctl enable ${PN}-restore.service'"
-		elog
-		elog "If you are creating firewall rules before the next system restart"
-		elog "the nftables-restore service must be manually started in order to"
-		elog "save those rules on shutdown."
-	fi
-
-	if has_version 'sys-apps/openrc'; then
-		elog "If you wish to enable the firewall rules on boot (on openrc) you"
-		elog "will need to enable the nftables service."
-		elog "    'rc-update add ${PN} default'"
-		elog
-		elog "If you are creating or updating the firewall rules and wish to save"
-		elog "them to be loaded on the next restart, use the \"save\" functionality"
-		elog "in the init script."
-		elog "    'rc-service ${PN} save'"
-	fi
-}
diff --git a/net-firewall/xtables-addons/Manifest b/net-firewall/xtables-addons/Manifest
index f7522a3a1bd1..c77bdf7f8a43 100644
--- a/net-firewall/xtables-addons/Manifest
+++ b/net-firewall/xtables-addons/Manifest
@@ -1,6 +1,3 @@
-DIST xtables-addons-3.23.tar.xz 335776 BLAKE2B 9251a2b9707d93dae294dda24bac4f08b69b44486a5235c248f0f64d0ccac78bd6978c98ad9f83de53da1af75d4788b56ce3285a44c738346560ecfc64f8565b SHA512 f798ad74db6068ee50cae662f3de331cbc8654f0ab2b1d59ce3f7818795213e771702078e495f526a212ce8b9ba7920c04670cd5fb3ff51e693bf0161d2e2486
 DIST xtables-addons-3.24.tar.xz 335724 BLAKE2B c086616c0366346bd87813ae0fc561bdb8f892eecea19ef88c65afef5318ac6f75fec658e0c6595de5c620c965b2bd7f10e45ff3ec55ffb9ddf8e85643190e7e SHA512 08c3b87617e0124aef99a3953fc5e03e8d98be50ce70771e352509ec64263d5256f744489f10f39879630d9dc8d28f3c91173b4739c95bbd8d5ad56e33138eb4
-EBUILD xtables-addons-3.23.ebuild 5533 BLAKE2B ded00caedf05de0cbea3d2be455247304b368545520504897108efad78352560e60af8510b37c2833de1ff3d90e01f444376efe1ef710d7919b8fefa4100cd85 SHA512 cbbeabd5cf2a57a79898f8602cb12df1fdabeaaaf3bfee5b1abf117b45af622b6dac3711728b4e2a8848d797e9ea68a9f2f1f29fb2bd75a880a48c699c7f6d5a
 EBUILD xtables-addons-3.24-r1.ebuild 2736 BLAKE2B 6c9276ebebccd0553c4f580fdc0ef8727ae9f419f4f3d573633893c9abc2f8911c69f51da103101420532fbf31672968139b13a6922655441627f98020ef334d SHA512 c3899f153fdef7e207f0329f0bf59a2dabbec33dcdc079361e46df5d42e53db9e43eba98c57f7514a148a64018812e9453c4ab1ce456029b9ed32a88b4dc9093
-EBUILD xtables-addons-3.24.ebuild 5533 BLAKE2B ded00caedf05de0cbea3d2be455247304b368545520504897108efad78352560e60af8510b37c2833de1ff3d90e01f444376efe1ef710d7919b8fefa4100cd85 SHA512 cbbeabd5cf2a57a79898f8602cb12df1fdabeaaaf3bfee5b1abf117b45af622b6dac3711728b4e2a8848d797e9ea68a9f2f1f29fb2bd75a880a48c699c7f6d5a
 MISC metadata.xml 698 BLAKE2B 64bcff2bb22f8b71b1acd94386eb10067dfd7be07d829f6e7e75a77da09b5999b8a53da6b9a1aca727dc7d32518fd11cd447ad19aeaec97f1eddfd9107b3d8e9 SHA512 99851425f9be6f3aa906d8d1d908a64a1354bc5b9d0ff771a016cc6b2c31ceb107a01ead4287db7cbaf20bb4661b372ee5454881b00ca5c01ef3b4b81073f9e3
diff --git a/net-firewall/xtables-addons/xtables-addons-3.23.ebuild b/net-firewall/xtables-addons/xtables-addons-3.23.ebuild
deleted file mode 100644
index c64b0a510779..000000000000
--- a/net-firewall/xtables-addons/xtables-addons-3.23.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MODULES_OPTIONAL_USE=modules
-MODULES_OPTIONAL_USE_IUSE_DEFAULT=1
-inherit linux-info linux-mod multilib toolchain-funcs
-
-DESCRIPTION="iptables extensions not yet accepted in the main kernel"
-HOMEPAGE="https://inai.de/projects/xtables-addons/ https://codeberg.org/jengelh/xtables-addons"
-SRC_URI="https://inai.de/files/xtables-addons/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 x86"
-
-MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq proto logmark ipmark echo dnetmap dhcpmac delude chaos account"
-
-for mod in ${MODULES}; do
-	IUSE="${IUSE} xtables_addons_${mod}"
-done
-
-DEPEND=">=net-firewall/iptables-1.6.0"
-
-RDEPEND="${DEPEND}
-	xtables_addons_geoip? (
-		app-arch/unzip
-		dev-perl/Net-CIDR-Lite
-		dev-perl/Text-CSV_XS
-		virtual/perl-Getopt-Long
-	)
-"
-
-DEPEND="${DEPEND}
-	virtual/linux-sources"
-
-SKIP_MODULES=""
-
-XA_check4internal_module() {
-	local mod=${1}
-	local version=${3}
-	local kconfigname=${3}
-
-	if use xtables_addons_${mod} && kernel_is -gt ${version}; then
-		ewarn "${kconfigname} should be provided by the kernel. Skipping its build..."
-		if ! linux_chkconfig_present ${kconfigname}; then
-			ewarn "Please enable ${kconfigname} target in your kernel
-			configuration or disable checksum module in ${PN}."
-		fi
-		# SKIP_MODULES in case we need to disable building of everything
-		# like having this USE disabled
-		SKIP_MODULES+=" ${mod}"
-	fi
-}
-
-pkg_setup() {
-	if use modules; then
-		get_version
-		check_modules_supported
-		CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR"
-		ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector"
-		linux-mod_pkg_setup
-
-		if ! linux_chkconfig_present IPV6; then
-			SKIP_IPV6_MODULES="ip6table_rawpost"
-			ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}"
-		fi
-		kernel_is -lt 4 18 && die "${P} requires kernel version >= 4.18"
-	fi
-}
-
-# Helper for maintainer: cheks if all possible MODULES are listed.
-XA_qa_check() {
-	local all_modules
-	all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig")
-	if [[ ${all_modules} != ${MODULES} ]]; then
-		ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild."
-		ewarn "Please, update MODULES in ebuild."
-		ewarn "'${all_modules}'"
-	fi
-}
-
-# Is there any use flag set?
-XA_has_something_to_build() {
-	local mod
-	for mod in ${MODULES}; do
-		use xtables_addons_${mod} && return
-	done
-
-	eerror "All modules are disabled. What do you want me to build?"
-	eerror "Please, set XTABLES_ADDONS to any combination of"
-	eerror "${MODULES}"
-	die "All modules are disabled."
-}
-
-# Parse Kbuid files and generates list of sources
-XA_get_module_name() {
-	[[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument."
-	local mod objdir build_mod sources_list
-	mod=${1}
-	objdir=${S}/extensions
-	# Take modules name from mconfig
-	build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig")
-	# strip .o, = and everything before = and print
-	sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\
-		{s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \
-				"${objdir}/Kbuild")
-
-	if [[ -d ${S}/extensions/${sources_list} ]]; then
-		objdir=${S}/extensions/${sources_list}
-		sources_list=$(sed -n "/^obj-m/\
-			{s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \
-				"${objdir}/Kbuild")
-	fi
-	for mod_src in ${sources_list}; do
-		has ${mod_src} ${SKIP_IPV6_MODULES} || \
-			echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})"
-	done
-}
-
-# Die on modules known to fail on certain kernel version.
-XA_known_failure() {
-	local module_name=$1
-	local KV_max=$2
-
-	if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then
-		eerror
-		eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above."
-		eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel."
-		eerror
-		die
-	fi
-}
-
-src_prepare() {
-	XA_qa_check
-	XA_has_something_to_build
-
-	# Bug #553630#c2.  echo fails on linux-4 and above.
-	# This appears to be fixed, at least as of linux-4.2
-	# XA_known_failure "echo" 4
-
-	local mod module_name
-	if use modules; then
-		MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)"
-	fi
-	for mod in ${MODULES}; do
-		if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then
-			sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die
-			if use modules; then
-				for module_name in $(XA_get_module_name ${mod}); do
-					MODULE_NAMES+=" ${module_name}"
-				done
-			fi
-		else
-			sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die
-		fi
-	done
-	einfo "${MODULE_NAMES}" # for debugging
-
-	sed -e 's/depmod -a/true/' -i Makefile.in || die
-	sed -e '/^all-local:/{s: modules::}' \
-		-e '/^install-exec-local:/{s: modules_install::}' \
-			-i extensions/Makefile.in || die
-
-	use xtables_addons_geoip || sed  -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in
-
-	eapply_user
-}
-
-src_configure() {
-	set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile
-	econf --prefix="${EPREFIX}/" \
-		--libexecdir="${EPREFIX}/$(get_libdir)/" \
-		--with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
-	emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1
-	use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-	use modules && linux-mod_src_install
-	dodoc -r README.rst doc/*
-	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+'
-}
diff --git a/net-firewall/xtables-addons/xtables-addons-3.24.ebuild b/net-firewall/xtables-addons/xtables-addons-3.24.ebuild
deleted file mode 100644
index c64b0a510779..000000000000
--- a/net-firewall/xtables-addons/xtables-addons-3.24.ebuild
+++ /dev/null
@@ -1,189 +0,0 @@
-# Copyright 1999-2023 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=8
-
-MODULES_OPTIONAL_USE=modules
-MODULES_OPTIONAL_USE_IUSE_DEFAULT=1
-inherit linux-info linux-mod multilib toolchain-funcs
-
-DESCRIPTION="iptables extensions not yet accepted in the main kernel"
-HOMEPAGE="https://inai.de/projects/xtables-addons/ https://codeberg.org/jengelh/xtables-addons"
-SRC_URI="https://inai.de/files/xtables-addons/${P}.tar.xz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="amd64 x86"
-
-MODULES="quota2 psd pknock lscan length2 ipv4options ipp2p iface gradm geoip fuzzy condition tarpit sysrq proto logmark ipmark echo dnetmap dhcpmac delude chaos account"
-
-for mod in ${MODULES}; do
-	IUSE="${IUSE} xtables_addons_${mod}"
-done
-
-DEPEND=">=net-firewall/iptables-1.6.0"
-
-RDEPEND="${DEPEND}
-	xtables_addons_geoip? (
-		app-arch/unzip
-		dev-perl/Net-CIDR-Lite
-		dev-perl/Text-CSV_XS
-		virtual/perl-Getopt-Long
-	)
-"
-
-DEPEND="${DEPEND}
-	virtual/linux-sources"
-
-SKIP_MODULES=""
-
-XA_check4internal_module() {
-	local mod=${1}
-	local version=${3}
-	local kconfigname=${3}
-
-	if use xtables_addons_${mod} && kernel_is -gt ${version}; then
-		ewarn "${kconfigname} should be provided by the kernel. Skipping its build..."
-		if ! linux_chkconfig_present ${kconfigname}; then
-			ewarn "Please enable ${kconfigname} target in your kernel
-			configuration or disable checksum module in ${PN}."
-		fi
-		# SKIP_MODULES in case we need to disable building of everything
-		# like having this USE disabled
-		SKIP_MODULES+=" ${mod}"
-	fi
-}
-
-pkg_setup() {
-	if use modules; then
-		get_version
-		check_modules_supported
-		CONFIG_CHECK="NF_CONNTRACK NF_CONNTRACK_MARK ~CONNECTOR"
-		ERROR_CONNECTOR="Please, enable CONFIG_CONNECTOR if you wish to receive userspace notifications from pknock through netlink/connector"
-		linux-mod_pkg_setup
-
-		if ! linux_chkconfig_present IPV6; then
-			SKIP_IPV6_MODULES="ip6table_rawpost"
-			ewarn "No IPV6 support in kernel. Disabling: ${SKIP_IPV6_MODULES}"
-		fi
-		kernel_is -lt 4 18 && die "${P} requires kernel version >= 4.18"
-	fi
-}
-
-# Helper for maintainer: cheks if all possible MODULES are listed.
-XA_qa_check() {
-	local all_modules
-	all_modules=$(sed -n '/^build_/{s/build_\(.*\)=.*/\L\1/;G;s/\n/ /;s/ $//;h}; ${x;p}' "${S}/mconfig")
-	if [[ ${all_modules} != ${MODULES} ]]; then
-		ewarn "QA: Modules in mconfig differ from \$MODULES in ebuild."
-		ewarn "Please, update MODULES in ebuild."
-		ewarn "'${all_modules}'"
-	fi
-}
-
-# Is there any use flag set?
-XA_has_something_to_build() {
-	local mod
-	for mod in ${MODULES}; do
-		use xtables_addons_${mod} && return
-	done
-
-	eerror "All modules are disabled. What do you want me to build?"
-	eerror "Please, set XTABLES_ADDONS to any combination of"
-	eerror "${MODULES}"
-	die "All modules are disabled."
-}
-
-# Parse Kbuid files and generates list of sources
-XA_get_module_name() {
-	[[ $# != 1 ]] && die "XA_get_sources_for_mod: needs exactly one argument."
-	local mod objdir build_mod sources_list
-	mod=${1}
-	objdir=${S}/extensions
-	# Take modules name from mconfig
-	build_mod=$(sed -n "s/\(build_${mod}\)=.*/\1/Ip" "${S}/mconfig")
-	# strip .o, = and everything before = and print
-	sources_list=$(sed -n "/^obj-[$][{]${build_mod}[}]/\
-		{s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \
-				"${objdir}/Kbuild")
-
-	if [[ -d ${S}/extensions/${sources_list} ]]; then
-		objdir=${S}/extensions/${sources_list}
-		sources_list=$(sed -n "/^obj-m/\
-			{s:obj-[^+]\+ [+]=[[:space:]]*::;s:[.]o::g;p}" \
-				"${objdir}/Kbuild")
-	fi
-	for mod_src in ${sources_list}; do
-		has ${mod_src} ${SKIP_IPV6_MODULES} || \
-			echo " ${mod_src}(xtables_addons:${S}/extensions:${objdir})"
-	done
-}
-
-# Die on modules known to fail on certain kernel version.
-XA_known_failure() {
-	local module_name=$1
-	local KV_max=$2
-
-	if use xtables_addons_${module_name} && kernel_is ge ${KV_max//./ }; then
-		eerror
-		eerror "XTABLES_ADDONS=${module_name} fails to build on linux ${KV_max} or above."
-		eerror "Either remove XTABLES_ADDONS=${module_name} or use an earlier version of the kernel."
-		eerror
-		die
-	fi
-}
-
-src_prepare() {
-	XA_qa_check
-	XA_has_something_to_build
-
-	# Bug #553630#c2.  echo fails on linux-4 and above.
-	# This appears to be fixed, at least as of linux-4.2
-	# XA_known_failure "echo" 4
-
-	local mod module_name
-	if use modules; then
-		MODULE_NAMES="compat_xtables(xtables_addons:${S}/extensions:)"
-	fi
-	for mod in ${MODULES}; do
-		if ! has ${mod} ${SKIP_MODULES} && use xtables_addons_${mod}; then
-			sed "s/\(build_${mod}=\).*/\1m/I" -i mconfig || die
-			if use modules; then
-				for module_name in $(XA_get_module_name ${mod}); do
-					MODULE_NAMES+=" ${module_name}"
-				done
-			fi
-		else
-			sed "s/\(build_${mod}=\).*/\1n/I" -i mconfig || die
-		fi
-	done
-	einfo "${MODULE_NAMES}" # for debugging
-
-	sed -e 's/depmod -a/true/' -i Makefile.in || die
-	sed -e '/^all-local:/{s: modules::}' \
-		-e '/^install-exec-local:/{s: modules_install::}' \
-			-i extensions/Makefile.in || die
-
-	use xtables_addons_geoip || sed  -e '/^SUBDIRS/{s/geoip//}' -i Makefile.in
-
-	eapply_user
-}
-
-src_configure() {
-	set_arch_to_kernel # .. or it'll look for /arch/amd64/Makefile
-	econf --prefix="${EPREFIX}/" \
-		--libexecdir="${EPREFIX}/$(get_libdir)/" \
-		--with-kbuild="${KV_OUT_DIR}"
-}
-
-src_compile() {
-	emake CFLAGS="${CFLAGS}" CC="$(tc-getCC)" V=1
-	use modules && BUILD_PARAMS="V=1" BUILD_TARGETS="modules" linux-mod_src_compile
-}
-
-src_install() {
-	emake DESTDIR="${D}" install
-	use modules && linux-mod_src_install
-	dodoc -r README.rst doc/*
-	find "${ED}" -type f -name '*.la' -exec rm -rf '{}' '+'
-}