16 files changed, 480 insertions, 268 deletions
diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index 906f8eb5500f..ab984538f05d 100644
--- a/net-firewall/Manifest.gz
+++ b/net-firewall/Manifest.gz
diff --git a/net-firewall/conntrack-tools/Manifest b/net-firewall/conntrack-tools/Manifest
index 2ed98c408027..0a8ea6acb033 100644
--- a/net-firewall/conntrack-tools/Manifest
+++ b/net-firewall/conntrack-tools/Manifest
@@ -2,13 +2,8 @@ AUX conntrack-tools-1.4.4-rpc.patch 1749 BLAKE2B 25b23da8f1aa491de037621977ca40e
 AUX conntrack-tools-1.4.5-rpc.patch 1555 BLAKE2B d92009c2bc4de820956ad2d7459a19cde970356aff4e960e3c17808a28a76483a104df7beaf437dfa30b124d5a2b90bd41db27b4b3b76ab57c3dd2e8bf6bad5f SHA512 55cf7451c3e36e414c8bdc43c46b235259f259b0f7c0b5a11d6543438308ed74621b363ae157160634d00bf45d6115e06badc06848951157facec6b8d496026c
 AUX conntrackd.confd-r2 441 BLAKE2B 5898c470f1d99beb47d01c9215c8e3da2e624455f65c3c41e77dbf26db3ebfa4624ac6556098f303c4f4588e093b7f94ae29921b1a6cdc4a881060eaf0dc425c SHA512 3d72d56d44094593f6ff1eac421fe6a4f0d20450ce698c175adf1b18a859b1a24c7120fa60431b2a00da62ae3749c4619106c8e93fb8fc763ceefc26a82d2ed2
 AUX conntrackd.initd-r3 2238 BLAKE2B 711bf4ab403f61d5d528e0dc504d272a7e410be70c529d8f7a624f742ca66f4692b683f3283b79f000589bdab7f83598130e4ca1a0ae2bed9afce80ec78d00c8 SHA512 445c19ad42e92136e9dfd6b7885334075e72971b73ff7178c6bf16a31e0c037f17d9d039394fa8002f0ad5182a353f7c803d3f900e8873b671eecca94ced78fe
-DIST conntrack-tools-1.4.2.tar.bz2 472074 BLAKE2B 9e3a90b80ea5d47737d5d5bbecd922110f2abc50e922fa2236a61f02e72c8cd4626d51fa31801f6f8b1be26b4ff71f216bd89d3599eebfc12b0f7a69bff3ec4e SHA512 1fed742593caf8bbac96a58df8f7e806d1c0f1dfea8fc601d65aa89b4243b1022949a2bf03ab0ca25994a13e50b3b1ee43a31827e0dc4da1399801ddac623d56
-DIST conntrack-tools-1.4.3.tar.bz2 487111 BLAKE2B 9b8f43129898bdc0c2475a4081333864fb4145a89ced96f7c88d8c8b52bbc9ceb55254b7f9c9776cccc3b89ba6b2aacfb91790ca052defe1a0290a10e85bbb3a SHA512 be76a0ddb7470249c58ceab72cb94ffc05f5cc6d740a0755c9c782e948b4234eb1da4f7c7df1f14e4125cca9f12f3b4d2dcd444fe011941952aa3eeb13cb72c3
 DIST conntrack-tools-1.4.4.tar.bz2 1010504 BLAKE2B 4190672f017f434b6b4a1841022d64256eac1953c6f62aecb087e2ef0f5c83ad57809c9170de816eb7e0f934c41de0a541328bab7e064243e48e9f18ade3f5fb SHA512 f53bd620bfd4e854e792416527a3090d883c5f00d1d8365e52ce3ba204218dc431490703985d3fdae44decbcddb24ed610bf81a6a99bd7ea01482f95f71df0f5
 DIST conntrack-tools-1.4.5.tar.bz2 479562 BLAKE2B 229531d1c6c237e539df5b83525dca5ce0b009a76a2a5f873282eabc73cc00095c15c686bc68f9364e81efc846bfa8eac8b08f7fd476199d10d0c25190ca2456 SHA512 480fe2cc4420bc8477a2ba67b3d052bcb39c6b3ec000cff27fc12db70b42ec94fa3b5fe12ee35d439e88d9a631a33cd12ae470b69dde6d371d4e53af62a2eed1
-EBUILD conntrack-tools-1.4.2.ebuild 1938 BLAKE2B 8d5f16ddce1d4e49e61f0715d0948869878b424838fb6039cd37729d9cf51cbec51ee743a3d81fa71c4711234a563b83f46a3bae83f87cece59033c0cbee8a3f SHA512 b7bc4438561d199cba668ebc1ef691ea0a7d737cee8beeeed1c703d479d9161da68f6b2125b9555decda6dd9271955f4c146ff002a3c53a5263db9f7a5a95695
-EBUILD conntrack-tools-1.4.3.ebuild 1935 BLAKE2B fa4fd76d7c3ba12748c215971c146c36eaae42e564f2185b99f67181f9cef7da3f5c604a694105987c7ff6e613dced5c26a185c41855e378e93dc670077301f5 SHA512 80fa97972a0dce17a5c08bae77123ac0931115cc3d36414c3cb959fbe9edba6ee33a659fdf5c83a6f4c8dfeef94584059adce56955040c56ae958c00a31ef448
 EBUILD conntrack-tools-1.4.4-r1.ebuild 2087 BLAKE2B f30c6468219e9020d40f73f5a2977d04825da1a7d2e6a9765c90a6b3104c8f4bfe7b49c9d4b234ca076f02ac252b72c27faab601dac06ab12e9a5f9bfe04adcc SHA512 6a0cc74bc6bd2e6fe30ecf4c54309d57ec4dd82d3189a890f2ce600ee9c73ffdb1c06eba081cf0ccb1bf39797a5676d7cc12d7317fea4633c0ffe157abc42e79
-EBUILD conntrack-tools-1.4.4.ebuild 1900 BLAKE2B dac0ee63aa964380b8c7866509a8f456abf92593ebe8742fb449199f91a1c02a927a3b027604a7bc1d0ab2977556d57f7184337ad444c451159cb102f7a2751b SHA512 1b009478cd4a93a1aedaab452c947c6c76e0d18cbdbdccef72e995bc7217066883c98c7232fe76a9946b87f8dbb595eef33aba5e21230d22a1c9268171896d83
 EBUILD conntrack-tools-1.4.5.ebuild 2195 BLAKE2B 2e3e6340ef8e79f0a5335c1b88e6e95f1cda785ed72c934dae2e36ec88090ebde4b9d01218969f2bb1e96fdeec7b7f653e9c4be4eee5c11c2f6349982b70dbe8 SHA512 ff4197793e82372c6e16546390a26c970be22eb5b889eb26fa8f9a8cc04d5961e9614fc677ef677a011fe0f8ac0e95d5a27201fe3880f0467e789217f6fa3e74
 MISC metadata.xml 958 BLAKE2B 61cf89e7c192b663fd573ba7be767cd359786ba0fff20e72212fbc24e07c0c69e3bc2ee2226d39ac1744620cb1f5c63a480fc073860af665064853f5b780332d SHA512 19c68ca3bc373de0b9d533c7a36cdbe1da52871fb985641fa725c6208ffc09536696b02cce37e836300a2809bab117be2f0046ef329d2a739de5827cf0ee189a
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild
deleted file mode 100644
index 0e602a00e305..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.2.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit autotools eutils linux-info
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="alpha amd64 hppa x86"
-IUSE="doc"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3
-	>=net-libs/libnetfilter_conntrack-1.0.4
-	>=net-libs/libnetfilter_cthelper-1.0.0
-	>=net-libs/libnetfilter_cttimeout-1.0.0
-	>=net-libs/libnetfilter_queue-1.0.2
-	>=net-libs/libnfnetlink-1.0.1
-"
-DEPEND="${RDEPEND}
-	doc? (
-		app-text/docbook-xml-dtd:4.1.2
-		app-text/xmlto
-	)
-	virtual/pkgconfig
-	sys-devel/bison
-	sys-devel/flex"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if kernel_is lt 2 6 18 ; then
-		die "${PN} requires at least 2.6.18 kernel version"
-	fi
-
-	#netfilter core team has changed some option names with kernel 2.6.20
-	if kernel_is lt 2 6 20 ; then
-		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
-	else
-		CONFIG_CHECK="~NF_CT_NETLINK"
-	fi
-	CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
-		~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
-	check_extra_config
-
-	linux_config_exists || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
-		ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
-			"are not set when one at least should be."
-}
-
-src_prepare() {
-	# bug #474858
-	sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed'
-
-	epatch_user
-	eautoreconf
-}
-
-src_compile() {
-	default
-	use doc && emake -C doc/manual
-}
-
-src_install() {
-	default
-
-	newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
-	newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
-	insinto /etc/conntrackd
-	doins doc/stats/conntrackd.conf
-
-	dodoc -r doc/sync doc/stats AUTHORS TODO
-	use doc && dohtml doc/manual/${PN}.html
-}
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild
deleted file mode 100644
index fccdde6b3e3c..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.3.ebuild
+++ /dev/null
@@ -1,82 +0,0 @@
-# Copyright 1999-2013 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=5
-inherit autotools eutils linux-info
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~hppa ~x86"
-IUSE="doc"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3
-	>=net-libs/libnetfilter_conntrack-1.0.4
-	>=net-libs/libnetfilter_cthelper-1.0.0
-	>=net-libs/libnetfilter_cttimeout-1.0.0
-	>=net-libs/libnetfilter_queue-1.0.2
-	>=net-libs/libnfnetlink-1.0.1
-"
-DEPEND="${RDEPEND}
-	doc? (
-		app-text/docbook-xml-dtd:4.1.2
-		app-text/xmlto
-	)
-	virtual/pkgconfig
-	sys-devel/bison
-	sys-devel/flex"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if kernel_is lt 2 6 18 ; then
-		die "${PN} requires at least 2.6.18 kernel version"
-	fi
-
-	#netfilter core team has changed some option names with kernel 2.6.20
-	if kernel_is lt 2 6 20 ; then
-		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
-	else
-		CONFIG_CHECK="~NF_CT_NETLINK"
-	fi
-	CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
-		~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
-	check_extra_config
-
-	linux_config_exists || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
-		ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
-			"are not set when one at least should be."
-}
-
-src_prepare() {
-	# bug #474858
-	sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die 'sed on doc/stat/conntrackd.conf failed'
-
-	epatch_user
-	eautoreconf
-}
-
-src_compile() {
-	default
-	use doc && emake -C doc/manual
-}
-
-src_install() {
-	default
-
-	newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
-	newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
-	insinto /etc/conntrackd
-	doins doc/stats/conntrackd.conf
-
-	dodoc -r doc/sync doc/stats AUTHORS TODO
-	use doc && dohtml doc/manual/${PN}.html
-}
diff --git a/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild b/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild
deleted file mode 100644
index c004861ea7cb..000000000000
--- a/net-firewall/conntrack-tools/conntrack-tools-1.4.4.ebuild
+++ /dev/null
@@ -1,85 +0,0 @@
-# Copyright 1999-2017 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-inherit autotools eutils linux-info
-
-DESCRIPTION="Connection tracking userspace tools"
-HOMEPAGE="http://conntrack-tools.netfilter.org"
-SRC_URI="http://www.netfilter.org/projects/conntrack-tools/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm64 ~hppa ~x86"
-IUSE="doc"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.3
-	>=net-libs/libnetfilter_conntrack-1.0.6
-	>=net-libs/libnetfilter_cthelper-1.0.0
-	>=net-libs/libnetfilter_cttimeout-1.0.0
-	>=net-libs/libnetfilter_queue-1.0.2
-	>=net-libs/libnfnetlink-1.0.1
-"
-DEPEND="
-	${RDEPEND}
-	doc? (
-		app-text/docbook-xml-dtd:4.1.2
-		app-text/xmlto
-	)
-	virtual/pkgconfig
-	sys-devel/bison
-	sys-devel/flex
-"
-
-pkg_setup() {
-	linux-info_pkg_setup
-
-	if kernel_is lt 2 6 18 ; then
-		die "${PN} requires at least 2.6.18 kernel version"
-	fi
-
-	#netfilter core team has changed some option names with kernel 2.6.20
-	if kernel_is lt 2 6 20 ; then
-		CONFIG_CHECK="~IP_NF_CONNTRACK_NETLINK"
-	else
-		CONFIG_CHECK="~NF_CT_NETLINK"
-	fi
-	CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK
-		~NETFILTER_NETLINK ~NF_CONNTRACK_EVENTS"
-
-	check_extra_config
-
-	linux_config_exists || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV4" || \
-		linux_chkconfig_present "NF_CONNTRACK_IPV6" || \
-		ewarn "CONFIG_NF_CONNTRACK_IPV4 or CONFIG_NF_CONNTRACK_IPV6 " \
-			"are not set when one at least should be."
-}
-
-src_prepare() {
-	default
-
-	# bug #474858
-	sed -i -e 's:/var/lock:/run/lock:' doc/stats/conntrackd.conf || die
-
-	eautoreconf
-}
-
-src_compile() {
-	default
-	use doc && emake -C doc/manual
-}
-
-src_install() {
-	default
-
-	newinitd "${FILESDIR}/conntrackd.initd-r3" conntrackd
-	newconfd "${FILESDIR}/conntrackd.confd-r2" conntrackd
-
-	insinto /etc/conntrackd
-	doins doc/stats/conntrackd.conf
-
-	dodoc -r doc/sync doc/stats AUTHORS TODO
-	use doc && dodoc doc/manual/${PN}.html
-}
diff --git a/net-firewall/firehol/Manifest b/net-firewall/firehol/Manifest
index 57e697c5c29a..65467c1fdbea 100644
--- a/net-firewall/firehol/Manifest
+++ b/net-firewall/firehol/Manifest
@@ -8,5 +8,5 @@ DIST firehol-3.1.6.tar.xz 1484424 BLAKE2B aea45aa424b7b43ed0576916f52a785601a214
 EBUILD firehol-3.1.3-r1.ebuild 1374 BLAKE2B 5d4bb0400ffd486fea5302bd4288fdfdbf3839f5e6c30aa967afe7d5a613e42eaeada633e5c913e4eeed6123c4bd671f041769c2e424c9ef902c693c6229078b SHA512 17c008ecb04c267b5568360d1f89d6809a9aec17ccf3beb98979df91d5c5df568cca4b3c5df91e5ee6644dbb76cc7644de3fd22cbfd8c35bb5aae84d7d2ca919
 EBUILD firehol-3.1.3.ebuild 1321 BLAKE2B 5160111e2939d25a8cca9d4479d88facd80ae7c5dcd93a0e278481edaf1c912266d76157ab3db0d7908782946d6632d3abae71f0b64033cb7bceaec30b21f45e SHA512 6be61cbef86add228244d129e7ff9060cd90d74edc563f568aa55a1f17bd2a483c5c035d396feefefe6a5f92aca9fd63e1c9b0eec1aefd0f76721aa3a606deed
 EBUILD firehol-3.1.4.ebuild 1372 BLAKE2B f3249920863d8736d21da864e390828f05a368e58f8ab3d857151410a840c6c84a18d455b344a9a2ccc5516cb27a7b86a18d22cd67156b13a33e121e7a6e3fec SHA512 b9f5c95333e0f287eef761ae036bface8ec9e549786c1937f695fd37199cbcb3cd3d70a46fb56cb7224a1badf0e43ab4ad2cfacb171ed81c696bcdf2e2d374c1
-EBUILD firehol-3.1.6.ebuild 1433 BLAKE2B 00c0cd01a1a8addd0b6352ef9ce46e06fd33509e134ae637bd3701ffaedc0437c9670f593501f0fd8830237a1d047a899e20df7ecb24dccf408e0f14472400b0 SHA512 1f4e79dcc4dc6d567350979211feff43728951f4a6152e14a216b3bd3ed18a49d9b64747627a0221f1191ac8706012c96072bc503f6021465ca2b417eb25ee68
+EBUILD firehol-3.1.6.ebuild 1431 BLAKE2B 914416fa6cc1a66da86a6e984d73296279bb7457bd39b1714e2a3633d123d734d52eb3367fa5b07f318d2ffa5714879fbec530b1268ee2b233985154651b94ce SHA512 c20b6f70f9c290acc2412cdeaeb6a69012558435bb52e1d6ec3c9aadc3017a6c06c1dd91a9d0bc7c1fed08155b88ba67c726691811a285215d8ddc86097aea6a
 MISC metadata.xml 434 BLAKE2B 43111da215ea3d6d6af807ee1b629a3ff72dfefe15fa429a6ea5b112cbfb881d1bf848b50a266c32b820a7aec3e14e419c64657cc0a205c1e759c77b64a17b52 SHA512 9ab3275ada67cf2da92f07d9a332f098330caa81b0a7f5d17a321a03cf6b441e029efab9a8f3eaaff7d7181eb503721aa954c14e0a7982e4f35e16c8eaa57898
diff --git a/net-firewall/firehol/firehol-3.1.6.ebuild b/net-firewall/firehol/firehol-3.1.6.ebuild
index 8bddf14115b7..c17a7cde2bf0 100644
--- a/net-firewall/firehol/firehol-3.1.6.ebuild
+++ b/net-firewall/firehol/firehol-3.1.6.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Authors
+# Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=7
@@ -12,7 +12,7 @@ SRC_URI="https://github.com/firehol/firehol/releases/download/v${PV}/${P}.tar.xz
 LICENSE="GPL-2"
 SLOT="0"
 IUSE="doc ipv6 ipset"
-KEYWORDS="~amd64 ~arm ~ppc ~x86"
+KEYWORDS="amd64 arm ~ppc ~x86"
 
 RDEPEND="net-firewall/iptables
 	sys-apps/iproute2[-minimal,ipv6?]
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest
index 0cb246904f10..26dcaf02e48d 100644
--- a/net-firewall/shorewall/Manifest
+++ b/net-firewall/shorewall/Manifest
@@ -15,12 +15,12 @@ AUX shorewall.systemd 568 BLAKE2B 385edad8857f029f691481483cc3e5e5981836254b7b39
 AUX shorewall6-lite.systemd 612 BLAKE2B e658af2b6d399fe527a58201b80997651954df67a18be2465a1099b81f7ed89cc3c63d4ef550521d3b9e3cc995915439e21e1142f46f8df1e44e22b5c29009d5 SHA512 0bd832d4f8857bf9b1c9c776a53739d8666f002d1caab29c976a248916cf1eb5806d6b59dbf7ee8a120a3158b10e6fa6e179e34fe9fa6077a794ffa7d1e06cec
 AUX shorewall6.systemd 577 BLAKE2B 5c755c0105954a34e39e077af0e012d9d6e647715a4b12fbae4fc47f4ae19afd6a63266b3684ddead689b2d4f7450b7a12906258fc86ef33fc36a4dac3771274 SHA512 96b69df246a18e8b7dbfdbe78959da1baa8f2a97eb290853d4040a895f2ae91b97addd2ab4e4e19345960ffe8f1b099442f40ce319b27f0d4d8d7d4780d2e78d
 AUX shorewallrc-r3 2035 BLAKE2B 6f4e4c93cee1f25405cc3ac76958064f1241a325c8b530c30f6dbd94423577d592e88613f463c4b41c1af1db22c7e53512fd8509931bb6527a8da669f2dbe773 SHA512 eaa32bf6baca0d3555db918d6221c7678f5ba67e78bf9dcdc1bf96deded8f64838d3a332226fa6605f0c1ae82e51e0f2c1540fa6188fd9bced22460a631f48a8
-DIST shorewall-5.2.3.1.tar.bz2 555568 BLAKE2B a6d1a32d0b3a8858fed6c920b5988ddb27b090ce3a455298ed0f75eb29eb274befebc9509245878a5b9d32574dc8d64d01420eba0e091d9bffde0138296eb7f8 SHA512 bc8bc7f35c9e259ca7a38f6cf38bac60dd04d4c73f7366d33213a9279809f58ef816f8767c81105b8b391b753f9acae7e6313172dacae38f9ad7a5dc02bb890c
-DIST shorewall-core-5.2.3.1.tar.bz2 68870 BLAKE2B 50fe40b119c7778687cef5ac2728c55dff2c70f16174f03d229507ae9db1e505976dbf85df002a234f01a8c07843e889e963c3776dd647c32d202f161cb0f0d2 SHA512 3b44c5cc4dd6e0ffa2f2ed6ce4783fc2f934966eff405671931c2c150794de0e6645f7e4fdb35e93bcaee74e2df53ce41641ea7d9093f20399761ceb90191faf
-DIST shorewall-docs-html-5.2.3.1.tar.bz2 4302429 BLAKE2B dbd36a313ae3a637450ebcb1b5147c2a43f688e21d312ad7ccd79101ad1b046975fb6cf20ea46afb3f1383f427ac1bbcb1ce3fa4715338ed46827da17429e6be SHA512 31f840d9522331266149ac24898618ea172ae89c1b35b5abf4db6d5a15dc9199b6385999a7dff9445c0a319d18e2d47c1b718b6daa07155f28c0f0aa18dba767
-DIST shorewall-init-5.2.3.1.tar.bz2 34221 BLAKE2B 79607fa498eef4adb657009031dd2fc81c53f891d170fc9cb1f6d8432772319194770894d7cb5b95bcd3e41eabd3d6885edde13317b04c92c05c9106a925747a SHA512 fdbe504659c4c0436e3992288aa8868df60bcbccf2ba89e014d4927b82046354f47a54794020199b741de15f38fa4c04a012e595288828715e87fb2ce2bd4d60
-DIST shorewall-lite-5.2.3.1.tar.bz2 38993 BLAKE2B d8c230c9abef51ce4b1a02584c903b5c39080aa9d0398f104c36481eb28d29079fa0b6cb9c20f2d78e2bf8dc09535a643ee318c734ff1358f574f6b12ffc8bf2 SHA512 7ba0cb4ddc863448237c60dec3300dc04b8e509b7df5f650cbc5517badf59af35a5bc651a58bb5e2fed47fb16d633772a385c54bb929c7ac12222191deaab7ba
-DIST shorewall6-5.2.3.1.tar.bz2 190299 BLAKE2B 71745734cda4359da9213478bed680dca595775dca82e937f3a57cce9af0a3f0910989570461d5507bb88e5ebbad5176ed515ab1f8dcef072c78c42a96ff0d11 SHA512 4d2f688e1ecdde239f271c660820faec4db1d7c936c4579e9c5b087125fdfd14e14b72dc590ca59de050155ce91815a49b7b30125ebe97e7be8323aa0f662136
-DIST shorewall6-lite-5.2.3.1.tar.bz2 38966 BLAKE2B c7c6158b1d1dd1aa58bdba35b2606286d01de885e7e35c825d41bcadb651357c62188dd4d7af81979ac8dc18b2f24a6d37c6d2486159796fcccdb9b656178f60 SHA512 cbe82e7a25ea0e0d7cd6a0ceaefe80413a2d07be92433c9932a4b0e1aaa6ff93e6150fd221b43fd056c088390d42b9bb9d8540e8d70dde315f7a53057e6f2f1c
-EBUILD shorewall-5.2.3.1.ebuild 17106 BLAKE2B aa979e5dec0e76a93db5bb2a4671158e792bb76e23e0fc05460f3ddcda9d2638c5608eacd18822aaf8e0dd5ff314925494ead63b39060b131be5ab454b3bb2ce SHA512 8c881b26cb893c6f1660481334440225b7cbce5012f2fcf20e8cce8403baab12fa21ee489b287eb1604b0d85a05d05c1120fc51617a6001cd35fcaab61e09b43
+DIST shorewall-5.2.3.2.tar.bz2 556260 BLAKE2B 4a210acea452c93bc3161ae4386e3f9337ba759bbddde6fc4dfca712d26bf8b99d48b4395b08f351e095155d71a9c0fb014ee16880224ec9d52e88743ca789ef SHA512 187af5eadf1b7717ec02c2532aa65f89a93a4ec6a7dbff11eceabc92309179297f748accf9bd0e35a6c6b8f5f99fa045550c9eb19b08885dd1ecb8206b97de89
+DIST shorewall-core-5.2.3.2.tar.bz2 69128 BLAKE2B 6a5caf31f415094071584d740c56551214326c8b6376cbd770fb4a7b72607bbdb1e53dfe863e40c1b65e874915fdcb0364779efe22c807fa5c8ed810c6cc4d2d SHA512 1de38fb74282a67d4596bc6ddb3b73b88d9d9d31ef4d40555199cba923a600fdfcf19b922d29fa47e9e3f25048404299dadced27ffa0c0ca93368bb80694c17b
+DIST shorewall-docs-html-5.2.3.2.tar.bz2 4302686 BLAKE2B 73d20e4a6a28771963e2fb79b251d42b7c7c7e47df446e5f400f299cbc334567505bb50d2bc5c9c834baf6d8d6208283b86ea0e873c194e9dfbd3d1da2720c2f SHA512 ede1eeb8444832839bdd0642809fbb960300f289c0a9e8c979d92fa376a3ba28648b7c89d4ff8caca4bc4d6ce15d4205e4d4679628b9080e3f41919105850aaa
+DIST shorewall-init-5.2.3.2.tar.bz2 34418 BLAKE2B 1657bf055f2f5aa9206392a4cdf4a2a03185d964e01edc93455b587e5004aab146f6da65d8b70c72414a74887696ad9dbaca729ab063fe4016f3e45a8bb732d9 SHA512 ed46184535a0cc7197f4c7513604574b0ba862a99ac3cd1d0437f12dca17e9b1d249df77ac0152d4cfd257a1de1310af07c1bd70e763e4d663e7114dd26c617c
+DIST shorewall-lite-5.2.3.2.tar.bz2 39201 BLAKE2B a50fdfe8498e745daed93166c5bd3d4cabebcc13f54bf3c00360f6e2fbaaa4327f0b40496308ca00915d35abdff2e37b3e85b29a77828d1bdacd0b36cdcac2f5 SHA512 2ce235153546c35a4fe440ec4b0dc66f6d0807b50dc3a7f148296e341f6a264bf63da36cac1ed9cbb4b857df7843209f818101ff6d342c5673d8b1134de67073
+DIST shorewall6-5.2.3.2.tar.bz2 190178 BLAKE2B 587902f4d0ac799f499520964e33db5251d1e5e3022a2cb2413a1349893bea13a7f1995fe3a70ae0b23d4ab3936e55233f208e9162bd51877d01b3eec4f7137e SHA512 3dc5bb4996ea251aef323241a855a2efaf4db3772e94050403faf040cf8f18fa4e38d7b2cae8733f0557b79c6330b10cf545d51338d4df1ebea19ba20bd66b05
+DIST shorewall6-lite-5.2.3.2.tar.bz2 39069 BLAKE2B 3647156f673cfce29a1bebddeef81de911146d707e5c917ce01a93ed807bc67ee7f9107c9010a396f000fd76286ef167f43b2432954c17bc2a3a5cf085acc073 SHA512 1d47bb005655bf863ec41601b7e49c91508d330f80f0b9b5a546ed366d06fe04a4005598fc5b34b271ccf7f5f4798ccee83917b0988b03fd36cb53e12c44334d
+EBUILD shorewall-5.2.3.2.ebuild 17106 BLAKE2B aa979e5dec0e76a93db5bb2a4671158e792bb76e23e0fc05460f3ddcda9d2638c5608eacd18822aaf8e0dd5ff314925494ead63b39060b131be5ab454b3bb2ce SHA512 8c881b26cb893c6f1660481334440225b7cbce5012f2fcf20e8cce8403baab12fa21ee489b287eb1604b0d85a05d05c1120fc51617a6001cd35fcaab61e09b43
 MISC metadata.xml 2254 BLAKE2B e9d48407a0f055415070f5b0266ed9f534768f6d17d52b7070de30a037b89dbd08daac40b0ec313b8dfc65ba40ff38dae96c9758b78ec66d100ac8fa6b870d5f SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33
diff --git a/net-firewall/shorewall/shorewall-5.2.3.1.ebuild b/net-firewall/shorewall/shorewall-5.2.3.2.ebuild
index 14bfe9b234c5..14bfe9b234c5 100644
--- a/net-firewall/shorewall/shorewall-5.2.3.1.ebuild
+++ b/net-firewall/shorewall/shorewall-5.2.3.2.ebuild
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 165613d07bd2..fc1c46642c93 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -7,11 +7,17 @@ AUX ufw-0.34_pre805-bash-completion.patch 255 BLAKE2B 7d4f916a30b893997e5b9f27ea
 AUX ufw-0.34_pre805-shebang.patch 675 BLAKE2B b6197588687ab9ecea071be057adf14d47dac994415894a6cc4a9943f2f8dceae77a429a0ebbbfc49bf4a4eba2aa5a63cb153e290bdea33626939f054bdb9a4c SHA512 8954f679a993d65cb880ffce09b448626fd64dea93257f0faa97b8bec76dcbbda4fb0d19408655d6db387066a0ac94b962dca2e5febcc5b5685e9b16b97b4cad
 AUX ufw-0.35-bash-completion.patch 259 BLAKE2B bb20b7af317c2e36023e28b85d51cdccde43354db39d26e65a721983478c7d39e1e3c71c36f2c8c5c2515db929f50a1edc1c84d9c4294662d8601e0136a98019 SHA512 9a59ff192e6fb3365c8585b984f4743a05f7cb18ae581a8b79c4afe39e43f12d993febf1319e1ee810483d610d970649e75c4b9dde891be728869b69c80b4709
 AUX ufw-0.35-move-path.patch 7386 BLAKE2B 022c734deaa24316e3e72cf83110a7cff5f9f763f713a61c17ee74ba57724cd94c1dbb6741904d68ad7f3874c21015b87fae239811b84928b35aa4c4019ac430 SHA512 eac6e0c96e7b0e501b3792671a21306049f40869fafc1d9c579c2424fb32b91987a846b3562c30513326433031ff46bc4df2bbb5706f7af18e6216f8f2b7546f
+AUX ufw-0.36-bash-completion.patch 328 BLAKE2B 7f88afa8f4ccc12aba70dce1ca82e6992497819cfd7dc005b13c9d17212adb74134115d83907ec2b8c916d40213ab2acea170e649e438744b854f11fd22815bd SHA512 11a9cf4906fa0bd677e745615b3c4d663512a1d05f9c21149d09624237a88938b9ed83b8ca876dbcf9bbac41a4bf7155eba76ec32778e025f013e1ffb07e4abb
+AUX ufw-0.36-dont-check-iptables.patch 1592 BLAKE2B 7b8bb33a04a455fd05bf62b19ec35ff209eb54f7adc77a6296d4a5bbb80996ec11691e48b3ba1f4cffd11c53775545e537319852b0a9a3e27e4799d79c34a655 SHA512 a0c8c7331d46b917cec86763414ce2c70ef120bd069bd8ba67ef4ab2ab5212e7263f01d3d5072c7c8e4301ee36b280c8f464fc21cc19b3805c6d391437df0438
+AUX ufw-0.36-move-path.patch 6985 BLAKE2B 1f5ed4b0265fb812acffd1bb756a60a2a1e31b013054c40dae532966fd42449ba7bdde644c181a2f6e0c20103d9ef37a0400d217f7ec843bc10e3528b95eb8bc SHA512 228ed40f800b8ed4bbc217df9478c1c0be5eb1ec154abd2d3a3cd6c92902632f07ef70c3ca3f2478bfe501735a0f6f0b7fa8d8f4991fdaead4332e4c65bad0c9
+AUX ufw-0.36-shebang.patch 714 BLAKE2B adfbc135b1ec2e51a6df59c7caf4b081568eb77fc2b4c3518e4cb875aa75cc51122f09557c1bcaea9a06ca18891c897a3bba546027a9e1a2998c342948713676 SHA512 de3750d2e4361315e43df0ee4ed3da90631d66b148e8b93fabf3607d7d3dae9dca53f60edd94c1dc0315435c1a6c5d05816873782fc310ad15b347b2ba743612
 AUX ufw-2.initd 2611 BLAKE2B b6a75e023ad0efeeef168e7e074c716ec66f40d3bde9f99cf1a02e63800b4a42c3ff7d35fe9503e51859f98cdf500db4c1900a9436f642c0af7350c9d1256692 SHA512 f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80
 AUX ufw.confd 219 BLAKE2B 8ed5dec5dd9acc84715918240e31398268ff36f73bb2cfc10e64e0593e59cc7f5b988f8545ddea37f19d9b40e870d743bea66edd7da1e3d2753b6edda8afa352 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7
 AUX ufw.service 329 BLAKE2B e817fc85b3bdb21b47a3089c6f2204292a019eaeae510832530f0e09f8784a312dd636fa3cf90610bb3159d52b4bdaadf803699ac4bff31576b566a3e977b2d2 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7
 DIST ufw-0.34_pre805.tar.gz 335875 BLAKE2B a2b654fe35a299ffd9978ef14a8d5667f799b654b6285bc81756c8081d9f4417b2fa9c05a234351d42709c2c57ff624b4fe7bca8ffe4d13cd12436feead6e4da SHA512 b8bba3bb8c423070d6434d1df7274423edf3a356415f54c6448fa0ff2d13a4b2ac21c4bb627cba01d6955b04f793eeaf2fc535c6221e7de48f11bef745035263
 DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
+DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3
 EBUILD ufw-0.34_pre805-r2.ebuild 5375 BLAKE2B 8f58b7a30d61112af687860824cca03eb9a692aadd14ed94c166da6f3f00482bb9d978c58d7dec3c606fa6cf0c85a93743f2038a9a63f9ca91adb763440e56cd SHA512 63d693768d88d6503cd50ce18bbdd048ed94f44d943e5d36e4523c0ee4918db37ba14616ecbd57df018d6144396285e1c34495813f456035c3a1bb42a6472951
 EBUILD ufw-0.35-r1.ebuild 5637 BLAKE2B 510db5eac08e6ebf38ed2226e9be799cd474929d91ffd39b99ec91a88be9c5bfded0699b7970c51a8558aa76362e1016500812bfb06b7b50c1e0bad7d42bf2cf SHA512 63b5f8bb520c1a509aefb282fab119aa6325d18c46d4b9ad681c91cdc2dddf340f05f93d48212766acb96fd86161ffa2e932d1fb2ba07cc36b35b400b4bc5c4a
-MISC metadata.xml 537 BLAKE2B df149a361c11a14c166588434c1ed7dcc264f51374d2088cdf24feb67c08f10f0f002e28482befa34bdd6f0202300194ac91913d7f49bb3f0d8d16e7777ac13b SHA512 0fa137bf55e1506664168d3e56387c989ce0c7d5a8a0f8c36ce596e5f95a449e3bc35114188b786ebe5fc60d750c4240fafb4ca761f2e29000c23f9c01b5addc
+EBUILD ufw-0.36.ebuild 5728 BLAKE2B 6d4b07dca183774f306a78a517737806790cc0bc52e05354cfd78a490eb44898b61495774848789d816df9be65eae277cf2c1a61a655bff9576a7d6c7a971fac SHA512 0d152a10f11d8a93ef4cf5d85cc79d41d677c523c7bdbe1f2701e04bc290c95ae53fd1ca813aefecf583976acf40f020f6a65140be86e2991ce4295a31ce93ca
+MISC metadata.xml 867 BLAKE2B 803f1809161a81c013989270661d5e17bc74c9f02dd7c2cf9e7847b86072ea56fc5ad980a6f2d285ee1d806902621ff1100ac20bbc27465e828aec4537e846c6 SHA512 e11ddde14aa8fb8aa187537f3cfeb01b26b4421489d69223fc77ab4400b002105d2b8161ebf489748eb42b615899f87c1abc65d10d7ef40b2f107f0d85c17c77
diff --git a/net-firewall/ufw/files/ufw-0.36-bash-completion.patch b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
new file mode 100644
index 000000000000..927af244eef1
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-bash-completion.patch
@@ -0,0 +1,16 @@
+--- a/shell-completion/bash	2018-12-14 21:25:55.000000000 +0300
++++ b/shell-completion/bash	2019-03-21 01:26:46.152181981 +0300
+@@ -57,7 +57,6 @@
+     echo "numbered verbose"
+ }
+ 
+-_have ufw &&
+ _ufw()
+ {
+     cur=${COMP_WORDS[COMP_CWORD]}
+@@ -91,4 +90,4 @@
+     fi
+ }
+ 
+-_have ufw && complete -F _ufw ufw
++complete -F _ufw ufw
diff --git a/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
new file mode 100644
index 000000000000..11eb1748dd1d
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-dont-check-iptables.patch
@@ -0,0 +1,45 @@
+--- a/setup.py	2019-03-21 01:32:28.500245586 +0300
++++ b/setup.py	2019-03-21 01:39:17.166095026 +0300
+@@ -257,41 +257,7 @@
+ os.unlink(os.path.join('staging', 'ufw-init'))
+ os.unlink(os.path.join('staging', 'ufw-init-functions'))
+ 
+-iptables_exe = ''
+-iptables_dir = ''
+-
+-for e in ['iptables']:
+-    for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
+-                '/usr/local/bin']:
+-        if e == "iptables":
+-            if os.path.exists(os.path.join(dir, e)):
+-                iptables_dir = dir
+-                iptables_exe = os.path.join(iptables_dir, "iptables")
+-                print("Found '%s'" % iptables_exe)
+-            else:
+-                continue
+-
+-        if iptables_exe != "":
+-            break
+-
+-
+-if iptables_exe == '':
+-    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
+-    sys.exit(1)
+-
+-for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
+-    if not os.path.exists(os.path.join(iptables_dir, e)):
+-        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
+-        sys.exit(1)
+-
+-(rc, out) = cmd([iptables_exe, '-V'])
+-if rc != 0:
+-    raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
+-                  (iptables_exe))
+-version = re.sub('^v', '', re.split('\s', str(out))[1])
+-print("Found '%s' version '%s'" % (iptables_exe, version))
+-if version < "1.4":
+-    print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
++iptables_dir = '/sbin'
+ 
+ setup (name='ufw',
+       version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-0.36-move-path.patch b/net-firewall/ufw/files/ufw-0.36-move-path.patch
new file mode 100644
index 000000000000..1ba9d117be50
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-move-path.patch
@@ -0,0 +1,174 @@
+--- a/doc/ufw-framework.8	2018-12-14 21:25:55.000000000 +0300
++++ b/doc/ufw-framework.8	2019-03-21 00:12:37.852104313 +0300
+@@ -18,7 +18,7 @@
+ parameters and configuration of IPv6. The framework consists of the following
+ files:
+ .TP
+-#STATE_PREFIX#/ufw\-init
++#SHARE_DIR#/ufw\-init
+ initialization script
+ .TP
+ #CONFIG_PREFIX#/ufw/before.init
+@@ -47,7 +47,7 @@
+ 
+ .SH "BOOT INITIALIZATION"
+ .PP
+-\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
++\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
+ standard SysV style initscript used by the \fBufw\fR command and should not be
+ modified. The #CONFIG_PREFIX#/before.init and #CONFIG_PREFIX#/after.init
+ scripts may be used to perform any additional firewall configuration that is
+--- a/README	2018-07-24 16:42:38.000000000 +0300
++++ b/README	2019-03-21 00:18:18.253205303 +0300
+@@ -60,7 +60,7 @@
+ on your needs, this can be as simple as adding the following to a startup
+ script (eg rc.local for systems that use it):
+ 
+-# /lib/ufw/ufw-init start
++# /usr/share/ufw/ufw-init start
+ 
+ For systems that use SysV initscripts, an example script is provided in
+ doc/initscript.example. See doc/upstart.example for an Upstart example and
+@@ -74,10 +74,9 @@
+ /etc/defaults/ufw 		high level configuration
+ /etc/ufw/before[6].rules 	rules evaluated before UI added rules
+ /etc/ufw/after[6].rules 	rules evaluated after UI added rules
+-/lib/ufw/user[6].rules		UI added rules (not to be modified)
++/etc/ufw/user/user[6].rules	UI added rules (not to be modified)
+ /etc/ufw/sysctl.conf 		kernel network tunables
+-/lib/ufw/ufw-init		start script
+-
++/usr/share/ufw/ufw-init		start script
+ 
+ Usage
+ -----
+@@ -152,7 +151,7 @@
+ that the primary chains don't move around other non-ufw rules and chains. To
+ completely flush the built-in chains with this configuration, you can use:
+ 
+-# /lib/ufw/ufw-init flush-all
++# /usr/share/ufw/ufw-init flush-all
+ 
+ Alternately, ufw may also take full control of the firewall by setting
+ MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
+@@ -260,7 +259,7 @@
+ 
+ Remote Management
+ -----------------
+-On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
++On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
+ ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
+ 'enabled' it will insert rules into the existing chains, and therefore not
+ flush the chains (but will when modifying a rule or changing the default
+@@ -303,7 +302,7 @@
+ 
+ Distributions
+ -------------
+-While it certainly ok to use /lib/ufw/ufw-init as the initscript for
++While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
+ ufw, this script is meant to be used by ufw itself, and therefore not
+ particularly user friendly. See doc/initscript.example for a simple
+ implementation that can be adapted to your distribution.
+--- a/setup.py	2018-12-14 21:25:55.000000000 +0300
++++ b/setup.py	2019-03-21 00:44:49.603002503 +0300
+@@ -55,7 +55,7 @@
+             return
+ 
+         real_confdir = os.path.join('/etc')
+-        real_statedir = os.path.join('/lib', 'ufw')
++        real_statedir = os.path.join('/etc', 'ufw', 'user')
+         real_prefix = self.prefix
+         if self.home != None:
+             real_confdir = self.home + real_confdir
+@@ -132,14 +132,20 @@
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
+ 
+-        # Install state files and helper scripts
++        # Install state files
+         statedir = real_statedir
+         if self.root != None:
+             statedir = self.root + real_statedir
+         self.mkpath(statedir)
+ 
+-        init_helper = os.path.join(statedir, 'ufw-init')
+-        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
++        # Install helper scripts
++        sharedir = real_sharedir
++        if self.root != None:
++            sharedir = self.root + real_sharedir
++        self.mkpath(sharedir)
++
++        init_helper = os.path.join(sharedir, 'ufw-init')
++        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
+         self.copy_file('src/ufw-init', init_helper)
+         self.copy_file('src/ufw-init-functions', init_helper_functions)
+ 
+@@ -220,14 +226,19 @@
+                              f])
+ 
+             subprocess.call(["sed",
++                              "-i",
++                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
++                             f])
++
++            subprocess.call(["sed",
+                              "-i",
+                              "s%#VERSION#%" + ufw_version + "%g",
+                              f])
+ 
+         # Install pristine copies of rules files
+-        sharedir = real_sharedir
+-        if self.root != None:
+-            sharedir = self.root + real_sharedir
++        #sharedir = real_sharedir
++        #if self.root != None:
++        #    sharedir = self.root + real_sharedir
+         rulesdir = os.path.join(sharedir, 'iptables')
+         self.mkpath(rulesdir)
+         for f in [ before_rules, after_rules, \
+--- a/src/backend_iptables.py	2018-12-14 21:25:55.000000000 +0300
++++ b/src/backend_iptables.py	2019-03-21 00:52:10.416829220 +0300
+@@ -38,6 +38,7 @@
+         files = {}
+         config_dir = _findpath(ufw.common.config_dir, datadir)
+         state_dir = _findpath(ufw.common.state_dir, datadir)
++        share_dir = _findpath(ufw.common.share_dir, datadir)
+ 
+         files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
+         files['before_rules'] = os.path.join(config_dir, 'ufw/before.rules')
+@@ -45,7 +46,7 @@
+         files['rules6'] = os.path.join(config_dir, 'ufw/user6.rules')
+         files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
+         files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
+-        files['init'] = os.path.join(state_dir, 'ufw-init')
++        files['init'] = os.path.join(share_dir, 'ufw-init')
+ 
+         ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files,
+                                         rootdir=rootdir, datadir=datadir)
+--- a/src/ufw-init	2018-03-30 22:45:52.000000000 +0300
++++ b/src/ufw-init	2019-03-21 01:06:32.720483789 +0300
+@@ -31,10 +31,11 @@
+ fi
+ export DATA_DIR="$datadir"
+ 
+-if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
+-    . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
++if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
++    . "${rootdir}#SHARE_DIR#/ufw-init-functions"
++
+ else
+-    echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
++    echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
+     exit 1
+ fi
+ 
+@@ -83,7 +84,7 @@
+     fi
+     ;;
+ *)
+-    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
++    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
+     exit 1
+     ;;
+ esac
diff --git a/net-firewall/ufw/files/ufw-0.36-shebang.patch b/net-firewall/ufw/files/ufw-0.36-shebang.patch
new file mode 100644
index 000000000000..8c2b8fe2392e
--- /dev/null
+++ b/net-firewall/ufw/files/ufw-0.36-shebang.patch
@@ -0,0 +1,15 @@
+--- a/setup.py	2019-03-21 01:51:55.751971770 +0300
++++ b/setup.py	2019-03-21 01:54:40.142513567 +0300
+@@ -122,12 +122,6 @@
+         for f in [ script, manpage, manpage_f ]:
+             self.mkpath(os.path.dirname(f))
+ 
+-        # update the interpreter to that of the one the user specified for setup
+-        print("Updating staging/ufw to use %s" % (sys.executable))
+-        subprocess.call(["sed",
+-                         "-i",
+-                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
+-                         'staging/ufw'])
+         self.copy_file('staging/ufw', script)
+         self.copy_file('doc/ufw.8', manpage)
+         self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/metadata.xml b/net-firewall/ufw/metadata.xml
index b8103d2da1af..a35eb64d103a 100644
--- a/net-firewall/ufw/metadata.xml
+++ b/net-firewall/ufw/metadata.xml
@@ -1,13 +1,24 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
-	<!-- maintainer-needed -->	
+	<maintainer type="person">
+		<email>hasan.calisir@psauxit.com</email>
+		<name>Hasan ÇALIŞIR</name>
+	</maintainer>
+	<maintainer type="project">
+		<email>proxy-maint@gentoo.org</email>
+		<name>Proxy Maintainers</name>
+	</maintainer>
+	<use>
+		<flag name="examples">Example ufw config files</flag>
+		<flag name="ipv6">IPv6 support for iptables</flag>
+	</use>
 	<longdescription lang="en">
 	The Uncomplicated Firewall (ufw) is a frontend for iptables and is
 	particularly well-suited for host-based firewalls. It provides a framework
 	for managing netfilter, as well as an easy to use command-line interface for
 	manipulating the firewall.
-</longdescription>
+	</longdescription>
 	<upstream>
 		<remote-id type="launchpad">ufw</remote-id>
 	</upstream>
diff --git a/net-firewall/ufw/ufw-0.36.ebuild b/net-firewall/ufw/ufw-0.36.ebuild
new file mode 100644
index 000000000000..3afeac0ab6dd
--- /dev/null
+++ b/net-firewall/ufw/ufw-0.36.ebuild
@@ -0,0 +1,199 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+DISTUTILS_IN_SOURCE_BUILD=1
+
+inherit bash-completion-r1 distutils-r1 eutils linux-info systemd
+
+DESCRIPTION="A program used to manage a netfilter firewall"
+HOMEPAGE="https://launchpad.net/ufw"
+SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="~amd64 ~ia64 ~ppc ~ppc64 ~sparc ~x86"
+IUSE="examples ipv6"
+
+DEPEND=""
+
+RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
+	!<kde-misc/kcm-ufw-0.4.2
+	!<net-firewall/ufw-frontends-0.3.2"
+
+BDEPEND="sys-devel/gettext"
+
+# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
+RESTRICT="test"
+
+PATCHES=(
+	# Move files away from /lib/ufw.
+	"${FILESDIR}/${P}-move-path.patch"
+	# Remove unnecessary build time dependency on net-firewall/iptables.
+	"${FILESDIR}/${P}-dont-check-iptables.patch"
+	# Remove shebang modification.
+	"${FILESDIR}/${P}-shebang.patch"
+	# Fix bash completions, bug #526300
+	"${FILESDIR}/${P}-bash-completion.patch"
+)
+
+pkg_pretend() {
+	local CONFIG_CHECK="~PROC_FS
+		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
+		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
+		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
+
+	if kernel_is -ge 2 6 39; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
+	else
+		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
+	fi
+
+	# https://bugs.launchpad.net/ufw/+bug/1076050
+	if kernel_is -ge 3 4; then
+		CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
+	else
+		CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
+		use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
+	fi
+
+	CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
+	use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
+
+	check_extra_config
+
+	# Check for default, useful optional features.
+	if ! linux_config_exists; then
+		ewarn "Cannot determine configuration of your kernel."
+		return
+	fi
+
+	local nf_nat_ftp_ok="yes"
+	local nf_conntrack_ftp_ok="yes"
+	local nf_conntrack_netbios_ns_ok="yes"
+
+	linux_chkconfig_present \
+		NF_NAT_FTP || nf_nat_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
+	linux_chkconfig_present \
+		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
+
+	# This is better than an essay for each unset option...
+	if [[ "${nf_nat_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_ftp_ok}" == "no" ]] || \
+	   [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+		echo
+		local mod_msg="Kernel options listed below are not set. They are not"
+		mod_msg+=" mandatory, but they are often useful."
+		mod_msg+=" If you don't need some of them, please remove relevant"
+		mod_msg+=" module name(s) from IPT_MODULES in"
+		mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
+		mod_msg+=" Otherwise ufw may fail to start!"
+		ewarn "${mod_msg}"
+		if [[ "${nf_nat_ftp_ok}" == "no" ]]; then
+			ewarn "NF_NAT_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_ftp_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
+		fi
+		if [[ "${nf_conntrack_netbios_ns_ok}" == "no" ]]; then
+			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
+		fi
+	fi
+}
+
+python_prepare_all() {
+	# Set as enabled by default. User can enable or disable
+	# the service by adding or removing it to/from a runlevel.
+	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
+		|| die "sed failed (ufw.conf)"
+
+	sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
+
+	# If LINGUAS is set install selected translations only.
+	if [[ -n ${LINGUAS+set} ]]; then
+		_EMPTY_LOCALE_LIST="yes"
+		pushd locales/po > /dev/null || die
+
+		local lang
+		for lang in *.po; do
+			if ! has "${lang%.po}" ${LINGUAS}; then
+				rm "${lang}" || die
+			else
+				_EMPTY_LOCALE_LIST="no"
+			fi
+		done
+
+		popd > /dev/null || die
+	else
+		_EMPTY_LOCALE_LIST="no"
+	fi
+
+	distutils-r1_python_prepare_all
+}
+
+python_install_all() {
+	newconfd "${FILESDIR}"/ufw.confd ufw
+	newinitd "${FILESDIR}"/ufw-2.initd ufw
+	systemd_dounit "${FILESDIR}/ufw.service"
+
+	exeinto /usr/share/${PN}
+	doexe tests/check-requirements
+
+	# users normally would want it
+	insinto "/usr/share/doc/${PF}/logging/syslog-ng"
+	doins -r "${FILESDIR}"/syslog-ng/*
+
+	insinto "/usr/share/doc/${PF}/logging/rsyslog"
+	doins -r "${FILESDIR}"/rsyslog/*
+	doins doc/rsyslog.example
+
+	if use examples; then
+		insinto "/usr/share/doc/${PF}/examples"
+		doins -r examples/*
+	fi
+	newbashcomp shell-completion/bash "${PN}"
+
+	[[ $_EMPTY_LOCALE_LIST != "yes" ]] && domo locales/mo/*.mo
+
+	distutils-r1_python_install_all
+	python_replicate_script "${D}/usr/sbin/ufw"
+}
+
+pkg_postinst() {
+	local print_check_req_warn
+	print_check_req_warn=false
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		echo
+		elog "To enable ufw, add it to boot sequence and activate it:"
+		elog "-- # rc-update add ufw boot"
+		elog "-- # /etc/init.d/ufw start"
+		echo
+		elog "If you want to keep ufw logs in a separate file, take a look at"
+		elog "/usr/share/doc/${PF}/logging."
+		print_check_req_warn=true
+	else
+		local rv
+		for rv in "${REPLACING_VERSIONS}"; do
+			local major=${rv%%.*}
+			local minor=${rv#${major}.}
+			if [[ "${major}" -eq 0 && "${minor}" -lt 34 ]]; then
+				print_check_req_warn=true
+			fi
+		done
+	fi
+	if [[ "${print_check_req_warn}" == "true" ]]; then
+		echo
+		elog "/usr/share/ufw/check-requirements script is installed."
+		elog "It is useful for debugging problems with ufw. However one"
+		elog "should keep in mind that the script assumes IPv6 is enabled"
+		elog "on kernel and net-firewall/iptables, and fails when it's not."
+	fi
+	echo
+	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
+	ewarn "default. See README, Remote Management section for more information."
+}