From feb0daf81d888e9160f9f94502de09b66f2a63fd Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sun, 21 Jun 2020 17:50:24 +0100
Subject: gentoo resync : 21.06.2020

---
 net-firewall/Manifest.gz                           | Bin 4715 -> 4719 bytes
 net-firewall/ebtables/Manifest                     |   6 +-
 net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild  |  72 ---
 net-firewall/ebtables/ebtables-2.0.11-r1.ebuild    | 106 -----
 net-firewall/ebtables/ebtables-2.0.11-r2.ebuild    | 107 +++++
 net-firewall/ebtables/ebtables-2.0.11.ebuild       |  92 ----
 net-firewall/ebtables/files/ebtables.initd-r1      |   4 +-
 net-firewall/nftables/Manifest                     |   4 +-
 net-firewall/nftables/nftables-0.9.5.ebuild        | 151 -------
 net-firewall/nftables/nftables-0.9.6.ebuild        | 151 +++++++
 net-firewall/pglinux/Manifest                      |   3 +-
 .../files/pglinux-2.3.1_p20171006-fno-common.patch |  21 +
 .../pglinux/pglinux-2.3.1_p20171006.ebuild         |   5 +-
 net-firewall/shorewall/Manifest                    |   8 +
 net-firewall/shorewall/shorewall-5.2.5.ebuild      | 482 +++++++++++++++++++++
 net-firewall/ufw/Manifest                          |   6 -
 .../ufw/files/ufw-0.33-dont-check-iptables.patch   |  46 --
 .../ufw/files/ufw-0.34_pre805-shebang.patch        |  15 -
 .../ufw/files/ufw-0.35-bash-completion.patch       |  17 -
 net-firewall/ufw/files/ufw-0.35-move-path.patch    | 179 --------
 net-firewall/ufw/ufw-0.35-r1.ebuild                | 195 ---------
 21 files changed, 781 insertions(+), 889 deletions(-)
 delete mode 100644 net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild
 delete mode 100644 net-firewall/ebtables/ebtables-2.0.11-r1.ebuild
 create mode 100644 net-firewall/ebtables/ebtables-2.0.11-r2.ebuild
 delete mode 100644 net-firewall/ebtables/ebtables-2.0.11.ebuild
 delete mode 100644 net-firewall/nftables/nftables-0.9.5.ebuild
 create mode 100644 net-firewall/nftables/nftables-0.9.6.ebuild
 create mode 100644 net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch
 create mode 100644 net-firewall/shorewall/shorewall-5.2.5.ebuild
 delete mode 100644 net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
 delete mode 100644 net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
 delete mode 100644 net-firewall/ufw/files/ufw-0.35-bash-completion.patch
 delete mode 100644 net-firewall/ufw/files/ufw-0.35-move-path.patch
 delete mode 100644 net-firewall/ufw/ufw-0.35-r1.ebuild

(limited to 'net-firewall')

diff --git a/net-firewall/Manifest.gz b/net-firewall/Manifest.gz
index b7013c5f6b2d..71f2a9344970 100644
Binary files a/net-firewall/Manifest.gz and b/net-firewall/Manifest.gz differ
diff --git a/net-firewall/ebtables/Manifest b/net-firewall/ebtables/Manifest
index 494fcfb529ac..dbaf6e416881 100644
--- a/net-firewall/ebtables/Manifest
+++ b/net-firewall/ebtables/Manifest
@@ -3,12 +3,10 @@ AUX ebtables-2.0.11-makefile.patch 495 BLAKE2B 213fe84dcdb82b55e074ba7015b8cf202
 AUX ebtables-2.0.11-remove-stray-atsign.patch 1120 BLAKE2B 14bac4aec87d44e5ca166418abf39368f7b7e45922d8371f6dd469a2d1963fef7c9f8d960c78d72153d9b4f307491f8498a0460b4d150468f8848c3dd4b973bf SHA512 8094f6aee009880c79e8476d29dcb90c1682922f27ed7ab0a4ae7175e7efc46f035d228586895f4e6793876f944010abd72ee7102be31962bd832070be7db14e
 AUX ebtables-2.0.8.1-ebt-save.diff 1089 BLAKE2B bf3c12e0849823dd48aa6cd627ffc463588f6b62c841723f12dd5a7903830fc0e214d18ff74ec7162de23dd7b176b6f875cb7f88153b5200cd876b9ff2d47cd8 SHA512 904cb936ca6fc39dc4fa6e287ef70df9e1dacbd9dc464f839f25213f5525d4020f819dd893b784c5f611f1185c05ffbaa49423afcd6db2ef328950408a07e6a7
 AUX ebtables.confd-r1 288 BLAKE2B 72e0ad40f53058f1ede8a4d049badde04e69e307e9c24ffe5cdc7f61d918b0e1b3296f793c4dd46389b2dee69ad4730f563bd3891569612d7f9f8c7b39641a84 SHA512 088308eba077fcec35299c8aaad0492024173504a361c2ba7e29dce106888a78c72818a791f3d3655aed3f6df26a3319c42e2b2c54760cdbad036d46b89b97f3
-AUX ebtables.initd-r1 1990 BLAKE2B 04587ed7130a48609815974cb8fa6eff86013cb50d02b944424ebc3c578bb2257241878e7d86b46eba16bdc8a96b2dec1f21a7d80a6e51bafd82cf264824265a SHA512 ceceaf33d6f6bfa89a5d81932e3ec76a26d09d67150efd3de587520ea47984f618d4fc55e799c58a2e5e236caec5bd81e2fde31a7e5aa328e629cdabbd29339b
+AUX ebtables.initd-r1 1991 BLAKE2B d044278249406982a7f1b83edab498ecad6368462451890d137bb3f03a404334b8e1f77bb4eef49375090b7499010dc4a4318caf53c9edd78b0fda73c8620c29 SHA512 82fa6298595ffdf0c286940f7a77b8246e274c3dc3f8c7448c1b36114cb9c8725b0466ba9feb34bd521bc3f7d9ae049ceae557a059d23acf2a2a97a167647b73
 DIST ebtables-2.0.11.tar.gz 428411 BLAKE2B 62af4c38ad21498e43f41ef96c8abb5704e8d8a48f1327c587b664f36fdfa9849a9a37e59958db56d38019465d8bf1775914f7387fde99a441615913702cf504 SHA512 43a04c6174c8028c501591ef260526297e0f018016f226e2a3bcf80766fddf53d4605c347554d6da7c4ab5e2131584a18da20916ffddcbf2d26ac93b00c5777f
 DIST ebtables-v2.0.10-4.tar.gz 103764 BLAKE2B 01995c701c6dbc7495bdf1f0fce61dce51a379dd1a304d2a5174e0190c040ee958833c65be9fd9d6a7601a2f81461ce1f2e9db989081b4fe7dabc5bfcecd57d6 SHA512 a6832453812eaede3fcbb5b4cab5902ea1ea752a80a259eed276a01b61e2afaa6cf07d3d023d86a883f9a02505aecc44a1c6e0d27b3a61f341002e4c051cd60a
-EBUILD ebtables-2.0.10.4-r1.ebuild 1914 BLAKE2B 799fe8c074cb8ad34821007296c192345925f66645bcf52f584aabcbac9099f98214a6cf80b1f31e8d55f58ab894d2ba4bd975ff4f710848afa88ade2817749e SHA512 a57f925dae0e290422cd79944963510de853b19b81eacc219aacfdd00f5a456f6b5f18c4cbf71c8d7129f317f33d71709fb6d5d3c5712f11115acd3c1eff93fa
 EBUILD ebtables-2.0.10.4-r2.ebuild 1888 BLAKE2B 59fb0004f531ea9a19e3fd6fcb6d4b11c9345d04e3c5692a8a6028f343e8a4d02b4b9f4a3a0d5bdda280519218b80dfb97726f91c6eb78387521538784f28dc9 SHA512 f3464a20c8b33fb55931efd5fb86e4edece9f3c8243f6b15c008c0d100953385fb6f915073055e9d481b6ba8e12d6a67c96d378783474178aaff112f0f5b3675
 EBUILD ebtables-2.0.10.4.ebuild 1755 BLAKE2B 4801b2df1f8dfa4db9c9ea4fe5fea274487b999247ec48c0c2da6123883dc50b60c85738f4a1fda5d164e05018eafb9b5cc78123a3761c5adcefb729633dc188 SHA512 b4b9dada0a1179c7e3df58fefb49a34f85fcc05b184c003c261f58e6394b5006633bf5a7e9ae7a94fc0b49df82569999e0f59178296e38f6856fa1e72f5d52fa
-EBUILD ebtables-2.0.11-r1.ebuild 2464 BLAKE2B d1ae3b7d191c918fa29f30bd9bba26e1f59f8777ced2dee7830b3228c588ecc4686c30c6d60167295c9cc0a49f9d7b8ea7b25271d145378553434a7a7d79439d SHA512 e37bd81f0c4cbdf7e634742b524253b6c22f79d97a21eec8ce879c9c42249831d226a8a72285d3f3e83af9dffe6dcdc1b835960f7213a1fa8714d27d70a609d5
-EBUILD ebtables-2.0.11.ebuild 2086 BLAKE2B 5a6c010cf562b09b8041f34e8063260da5dce78f2cdabe37596324da534d92481b7e0382c21773dc500a17678899794b415814cf8b968ffb5341e9ba0e63d685 SHA512 45f34debaeecab1f99b3e8ac0073b94a404c09e2aa8911161296b30985d785844ca854939a702172e1a44700a98efb2b1bf9d1c4ac5151a282d02e9604856138
+EBUILD ebtables-2.0.11-r2.ebuild 2519 BLAKE2B 8b9cd6a1fe8b1dc6b4420a795fbcdb7be97a148770b72491dd4511e577acfc23c0a536e7fec62e2c3e72c9ceede41147faf6fe51b1dd3dc93d01184086e7453b SHA512 cbb2fb7a7dbdbba8536a30fe19190f9a1efdb0f2a5c971fa80dc0d8f67210c315987a4d941781ae979218ad9148589abc8cdaf024ca7f0342265e51e251209e6
 MISC metadata.xml 488 BLAKE2B 683d7552083e64daf3e41f9c1e7c53033ac4059a1f3ae248e666001424725f21efb1ec0d35c28492ac80c19998692c00e795818501b0c9f0df1037175b8bda93 SHA512 88d08269d25c3f4a22d89b5774e21c4af048c2e39beba41514780d3dac72494cb39e993becd49b0a73cb9c2d0b2e7e46c7bbe1b3a40fe6d7094431a9fb384f35
diff --git a/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild
deleted file mode 100644
index c506fa3d0bfc..000000000000
--- a/net-firewall/ebtables/ebtables-2.0.10.4-r1.ebuild
+++ /dev/null
@@ -1,72 +0,0 @@
-# Copyright 1999-2018 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI="4"
-
-inherit versionator eutils toolchain-funcs multilib flag-o-matic
-
-MY_PV=$(replace_version_separator 3 '-' )
-MY_P=${PN}-v${MY_PV}
-
-DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
-HOMEPAGE="http://ebtables.sourceforge.net/"
-SRC_URI="mirror://sourceforge/${PN}/${MY_P}.tar.gz"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~x86"
-IUSE="+perl static"
-
-# The ebtables-save script is written in perl.
-RDEPEND="perl? ( dev-lang/perl )
-	!<net-firewall/iptables-1.6.2-r2[nftables(-)]
-	!net-misc/ethertypes
-"
-
-S=${WORKDIR}/${MY_P}
-
-pkg_setup() {
-	if use static; then
-		ewarn "You've chosen static build which is useful for embedded devices."
-		ewarn "It has no init script. Make sure that's really what you want."
-	fi
-}
-
-src_prepare() {
-	# Enhance ebtables-save to take table names as parameters bug #189315
-	epatch "${FILESDIR}/${PN}-2.0.8.1-ebt-save.diff"
-
-	sed -i -e "s,^MANDIR:=.*,MANDIR:=/usr/share/man," \
-		-e "s,^BINDIR:=.*,BINDIR:=/sbin," \
-		-e "s,^INITDIR:=.*,INITDIR:=/usr/share/doc/${PF}," \
-		-e "s,^SYSCONFIGDIR:=.*,SYSCONFIGDIR:=/usr/share/doc/${PF}," \
-		-e "s,^LIBDIR:=.*,LIBDIR:=/$(get_libdir)/\$(PROGNAME)," Makefile
-}
-
-src_compile() {
-	# This package uses _init functions to initialise extensions. With
-	# --as-needed this will not work.
-	append-ldflags $(no-as-needed)
-	emake \
-		CC="$(tc-getCC)" \
-		CFLAGS="${CFLAGS}" \
-		$(use static && echo static)
-}
-
-src_install() {
-	if ! use static; then
-		emake DESTDIR="${D}" install
-		keepdir /var/lib/ebtables/
-		newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
-		newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
-		if ! use perl; then
-			rm "${ED}"/sbin/ebtables-save || die
-		fi
-	else
-		into /
-		newsbin static ebtables
-		insinto /etc
-		doins ethertypes
-	fi
-	dodoc ChangeLog THANKS
-}
diff --git a/net-firewall/ebtables/ebtables-2.0.11-r1.ebuild b/net-firewall/ebtables/ebtables-2.0.11-r1.ebuild
deleted file mode 100644
index 038a8e1204cb..000000000000
--- a/net-firewall/ebtables/ebtables-2.0.11-r1.ebuild
+++ /dev/null
@@ -1,106 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit toolchain-funcs autotools
-
-MY_PV="$(ver_rs 3 '-' )"
-MY_P="${PN}-${MY_PV}"
-
-DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
-HOMEPAGE="http://ebtables.sourceforge.net/"
-SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
-IUSE="+perl static"
-
-BDEPEND=">=app-eselect/eselect-iptables-20200508"
-# The ebtables-save script is written in perl.
-RDEPEND="${BDEPEND}
-	perl? ( dev-lang/perl )
-	net-misc/ethertypes"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.0.11-makefile.patch"
-
-	# Enhance ebtables-save to take table names as parameters bug #189315
-	"${FILESDIR}/${PN}-2.0.11-ebt-save.patch"
-
-	# from upstream git
-	"${FILESDIR}/ebtables-2.0.11-remove-stray-atsign.patch"
-)
-
-pkg_setup() {
-	if use static; then
-		ewarn "You've chosen static build which is useful for embedded devices."
-		ewarn "It has no init script. Make sure that's really what you want."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# don't install perl scripts if USE=perl is disabled
-	if ! use perl; then
-		sed -e '/sbin_SCRIPTS/ d' -i Makefile.am || die
-	fi
-
-	eautoreconf
-}
-
-src_configure() {
-	econf \
-		--bindir="/bin" \
-		--sbindir="/sbin" \
-		--libdir=/$(get_libdir)/${PN} \
-		--sysconfdir="/usr/share/doc/${PF}" \
-		$(use_enable static)
-}
-
-src_compile() {
-	emake $(usex static 'static ebtables-legacy.8' '')
-}
-
-src_install() {
-	local -a DOCS=( ChangeLog THANKS )
-
-	if ! use static; then
-		emake DESTDIR="${D}" install
-		keepdir /var/lib/ebtables/
-		newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
-		newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
-
-		find "${D}" -name '*.la' -type f -delete || die
-	else
-		into /
-		newsbin static ebtables
-		insinto /etc
-		doins ethertypes
-	fi
-
-	newman ebtables-legacy.8 ebtables.8
-	einstalldocs
-}
-
-pkg_postinst() {
-	if ! eselect ebtables show &>/dev/null; then
-		elog "Current ebtables implementation is unset, setting to ebtables-legacy"
-		eselect ebtables set ebtables-legacy
-	fi
-
-	eselect ebtables show
-}
-
-pkg_prerm() {
-	if [[ -z ${REPLACED_BY_VERSION} ]] && has_version 'net-firewall/iptables[nftables]'; then
-		elog "Resetting ebtables symlinks to xtables-nft-multi before removal"
-		eselect ebtables set xtables-nft-multi
-	else
-		elog "Unsetting ebtables symlinks before removal"
-		eselect ebtables unset
-	fi
-}
diff --git a/net-firewall/ebtables/ebtables-2.0.11-r2.ebuild b/net-firewall/ebtables/ebtables-2.0.11-r2.ebuild
new file mode 100644
index 000000000000..d455e69db67b
--- /dev/null
+++ b/net-firewall/ebtables/ebtables-2.0.11-r2.ebuild
@@ -0,0 +1,107 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit toolchain-funcs autotools
+
+MY_PV="$(ver_rs 3 '-' )"
+MY_P="${PN}-${MY_PV}"
+
+DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
+HOMEPAGE="http://ebtables.sourceforge.net/"
+SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz"
+S="${WORKDIR}/${MY_P}"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
+IUSE="+perl static"
+
+BDEPEND=">=app-eselect/eselect-iptables-20200508"
+# The ebtables-save script is written in perl.
+RDEPEND="${BDEPEND}
+	perl? ( dev-lang/perl )
+	net-misc/ethertypes"
+
+PATCHES=(
+	"${FILESDIR}/${PN}-2.0.11-makefile.patch"
+
+	# Enhance ebtables-save to take table names as parameters bug #189315
+	"${FILESDIR}/${PN}-2.0.11-ebt-save.patch"
+
+	# from upstream git
+	"${FILESDIR}/ebtables-2.0.11-remove-stray-atsign.patch"
+)
+
+pkg_setup() {
+	if use static; then
+		ewarn "You've chosen static build which is useful for embedded devices."
+		ewarn "It has no init script. Make sure that's really what you want."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# don't install perl scripts if USE=perl is disabled
+	if ! use perl; then
+		sed -e '/sbin_SCRIPTS/ d' -i Makefile.am || die
+	fi
+
+	eautoreconf
+}
+
+src_configure() {
+	econf \
+		--bindir="/bin" \
+		--sbindir="/sbin" \
+		--libdir=/$(get_libdir)/${PN} \
+		--sysconfdir="/usr/share/doc/${PF}" \
+		$(use_enable static)
+}
+
+src_compile() {
+	emake $(usex static 'static ebtables-legacy.8' '')
+}
+
+src_install() {
+	local -a DOCS=( ChangeLog THANKS )
+
+	if ! use static; then
+		emake DESTDIR="${D}" install
+		keepdir /var/lib/ebtables/
+		newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
+		newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
+
+		find "${D}" -name '*.la' -type f -delete || die
+	else
+		into /
+		newsbin static ebtables
+		insinto /etc
+		doins ethertypes
+	fi
+
+	newman ebtables-legacy.8 ebtables.8
+	einstalldocs
+	docompress -x /usr/share/doc/${PF}/ethertypes #724138
+}
+
+pkg_postinst() {
+	if ! eselect ebtables show &>/dev/null; then
+		elog "Current ebtables implementation is unset, setting to ebtables-legacy"
+		eselect ebtables set ebtables-legacy
+	fi
+
+	eselect ebtables show
+}
+
+pkg_prerm() {
+	if [[ -z ${REPLACED_BY_VERSION} ]] && has_version 'net-firewall/iptables[nftables]'; then
+		elog "Resetting ebtables symlinks to xtables-nft-multi before removal"
+		eselect ebtables set xtables-nft-multi
+	else
+		elog "Unsetting ebtables symlinks before removal"
+		eselect ebtables unset
+	fi
+}
diff --git a/net-firewall/ebtables/ebtables-2.0.11.ebuild b/net-firewall/ebtables/ebtables-2.0.11.ebuild
deleted file mode 100644
index c9be4be12cce..000000000000
--- a/net-firewall/ebtables/ebtables-2.0.11.ebuild
+++ /dev/null
@@ -1,92 +0,0 @@
-# Copyright 1999-2019 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-inherit toolchain-funcs autotools
-
-MY_PV="$(ver_rs 3 '-' )"
-MY_P="${PN}-${MY_PV}"
-
-DESCRIPTION="Controls Ethernet frame filtering on a Linux bridge, MAC NAT and brouting"
-HOMEPAGE="http://ebtables.sourceforge.net/"
-SRC_URI="ftp://ftp.netfilter.org/pub/${PN}/${MY_P}.tar.gz"
-S="${WORKDIR}/${MY_P}"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ppc ~ppc64 ~x86"
-IUSE="+perl static"
-
-# The ebtables-save script is written in perl.
-RDEPEND="perl? ( dev-lang/perl )
-	net-misc/ethertypes"
-
-PATCHES=(
-	"${FILESDIR}/${PN}-2.0.11-makefile.patch"
-
-	# Enhance ebtables-save to take table names as parameters bug #189315
-	"${FILESDIR}/${PN}-2.0.11-ebt-save.patch"
-
-	# from upstream git
-	"${FILESDIR}/ebtables-2.0.11-remove-stray-atsign.patch"
-)
-
-pkg_setup() {
-	if use static; then
-		ewarn "You've chosen static build which is useful for embedded devices."
-		ewarn "It has no init script. Make sure that's really what you want."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# don't install perl scripts if USE=perl is disabled
-	if ! use perl; then
-		sed -e '/sbin_SCRIPTS/ d' -i Makefile.am || die
-	fi
-
-	eautoreconf
-}
-
-src_configure() {
-	econf \
-		--bindir="/bin" \
-		--sbindir="/sbin" \
-		--libdir=/$(get_libdir)/${PN} \
-		--sysconfdir="/usr/share/doc/${PF}" \
-		$(use_enable static)
-}
-
-src_compile() {
-	emake $(usex static 'static ebtables-legacy.8' '')
-}
-
-src_install() {
-	local -a DOCS=( ChangeLog THANKS )
-
-	if ! use static; then
-		emake DESTDIR="${D}" install
-		keepdir /var/lib/ebtables/
-		newinitd "${FILESDIR}"/ebtables.initd-r1 ebtables
-		newconfd "${FILESDIR}"/ebtables.confd-r1 ebtables
-
-		# symlink -legacy binaries to original names
-		local ext
-		for ext in '' -{save,restore}; do
-			local prog="${PN}-legacy${ext}"
-			[[ -f ${ED}/sbin/${prog} ]] && dosym ${prog} /sbin/${PN}${ext}
-		done
-
-		find "${D}" -name '*.la' -type f -delete || die
-	else
-		into /
-		newsbin static ebtables
-		insinto /etc
-		doins ethertypes
-	fi
-
-	newman ebtables-legacy.8 ebtables.8
-	einstalldocs
-}
diff --git a/net-firewall/ebtables/files/ebtables.initd-r1 b/net-firewall/ebtables/files/ebtables.initd-r1
index 9c78e9b78df0..6608760110be 100644
--- a/net-firewall/ebtables/files/ebtables.initd-r1
+++ b/net-firewall/ebtables/files/ebtables.initd-r1
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 extra_commands="save panic"
@@ -16,7 +16,7 @@ depend() {
 ebtables_tables() {
 	for table in filter nat broute; do
 		if ${ebtables_bin} -t ${table} -L > /dev/null 2>&1; then
-			echo -n "${table} "
+			printf '%s' "${table} "
 		fi
 	done
 }
diff --git a/net-firewall/nftables/Manifest b/net-firewall/nftables/Manifest
index ec18f0d65b3a..aaaa01f83cfb 100644
--- a/net-firewall/nftables/Manifest
+++ b/net-firewall/nftables/Manifest
@@ -10,9 +10,9 @@ AUX systemd/nftables-restore.service 394 BLAKE2B 1c1f358eb2eff789e68c051098c971f
 DIST nftables-0.9.3.tar.bz2 786759 BLAKE2B 578276d861fdb2b843223aca1276bbc1dda9627d0058259a966e324e30ee64d8c102d1e2cceb82d29143caa9dcd1a4492df168f1c87b136fc7b3a1a7dc8568a8 SHA512 d264f6fc75c95510e29fe7d5b82ae418d502f40437b098ba6117ffb1374d9989d70a7296e2e58c5fb25142145a987bb9c160902637899f892589809f9541db43
 DIST nftables-0.9.4-manpages.tar.xz 38580 BLAKE2B bb561c7824d032ecfff5c98af10c95af6f5188377f43de8398be7e503adff0441d49fa3e2cefcb646927cc1a4222957f0cc75d5ad4c770ef3a3f8cb8a677c5ce SHA512 1b94ff06ceccf75bbefbf64496d5fa0b492907d7ec5fe41f7808c6e239b2a0a42e88d61e35e22485abee7e4bd382178e962a7c5b113433247ca329cbfa408bca
 DIST nftables-0.9.4.tar.bz2 792788 BLAKE2B 3f2d8ff3bcfe3ab815ee369c4937adef5e5730edee8ea59b32031732802e608bcb47ddd3e55303ad6c295158aff51b2f2c069d98600db83d732ff78836c7abb5 SHA512 cef5b5f26f3a2893a3eb1323f1f0ecfd6e2865e0eb040e9b7da5824e5be2274b888e661abe96e828add9e951f47303e30cb7c9238d267a031c0f99b5f3b6e2c0
-DIST nftables-0.9.5.tar.bz2 855740 BLAKE2B 82c6962616a1ba5329fe9f39a64e61984415be5087bc79457fc2f6c4e70edba0f2ccc63698eb620f9d9e22950b9de014d34bf499f8457179610ff749a9ad8658 SHA512 fc306984e951c3d036ce0d5bc0cd9dc07dd773a129ceb2df13db6636fbeeeb08ddd1586ef7116f3a0c3a08d1366da230ebcbcdb65e5fe29c07e24d612426f352
+DIST nftables-0.9.6.tar.bz2 859481 BLAKE2B 0ede36370d9f8b75d0179f8f28077124d47132413417382b737508c7ef81c7d2891e1934e69c1ef5af5450ac13c9a914d37bb62ebf40fb91fa048b4ec3a24c90 SHA512 ca6524ff1cb1e79d636afeb96f54e4699773e1cbda8e9a3ec5728f4d5b764c0df16b195cdcc0e304ae5643c8761b6b5a6685c737965a7415aec07aeb9f3dc5df
 EBUILD nftables-0.9.3-r1.ebuild 3756 BLAKE2B 79cbed1a1065288d7736bb3687e7142a9bc55e788bdf88cdbb7fb48f6adfd93af2e0deb6964d3522f09fbeeed4f6c4700988f7db27a6e52ccf10bd0a9c469026 SHA512 5f508726b8e1543590379b60c589f97f722bb458ac12530833992d76094e5c70df830af223363a3c95fb142309843df6b30320b666062b48f2659e4c014973b6
 EBUILD nftables-0.9.4-r1.ebuild 3782 BLAKE2B aa3edaa13d0c0032819476c5fdfbe3a1119b815d8d167eafe48c49f36dd49780c80020045418e084ce1c6bdc5b56ffc7a511c50c356b6ccdb44c36ef41899465 SHA512 741af7b9f7b07ee5b6133170637ae819e5d8d190cda398087b7b26f7e7e377df975f2cc72f0b706707073e029b905a8284bb9a13875cda869ec7df9767faa55e
 EBUILD nftables-0.9.4-r2.ebuild 4131 BLAKE2B d30066d0eef62040e79e2099bb1db6f49667177e0f7099f0a928ee87f80664b6069b26a6ba954b38e32179e6734b564290ae8466cd8f90d79b2ee1bbc3126d2b SHA512 f777309e620845e89d32596adcd270c2961111168d11d68d9b1cd75b97a60fb3213238b60d7190559eec478d9e08e09c89de8e54bb048c59a51cfb1b412831fc
-EBUILD nftables-0.9.5.ebuild 3840 BLAKE2B dcc38a431e2600b1172ed4e8a1609813c89b9c8c591f3c267184f9b55df94988cfd692bb8764083a1bfaa01363b684313a614df57f6fdbfeb434d3747232141c SHA512 85c0f54856a5a54016d37f86124cb0b1e689254eb55cde570044efe03bfb2282dbc3e74d437130067d4b301e40fab83436e4eee551bb7d3ef5eda100e760b085
+EBUILD nftables-0.9.6.ebuild 3840 BLAKE2B dcc38a431e2600b1172ed4e8a1609813c89b9c8c591f3c267184f9b55df94988cfd692bb8764083a1bfaa01363b684313a614df57f6fdbfeb434d3747232141c SHA512 85c0f54856a5a54016d37f86124cb0b1e689254eb55cde570044efe03bfb2282dbc3e74d437130067d4b301e40fab83436e4eee551bb7d3ef5eda100e760b085
 MISC metadata.xml 918 BLAKE2B 8c2c39f04e2c5591ea06788788d244bddc1cdc25780810b2a19e131d43d0bdf964d2129c01605fc536451cb9a3354420a1c2f656dad45c56dec4f360a95fe473 SHA512 08de9d11f48dcb132eb5423de56b458dd4c4122329b84b56c252436c882b7670233f2217cc01755649f27e14ff9346cf99e3a742224567e712f5cb3678165dcf
diff --git a/net-firewall/nftables/nftables-0.9.5.ebuild b/net-firewall/nftables/nftables-0.9.5.ebuild
deleted file mode 100644
index aad88b619234..000000000000
--- a/net-firewall/nftables/nftables-0.9.5.ebuild
+++ /dev/null
@@ -1,151 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-PYTHON_COMPAT=( python3_{6,7,8} )
-
-inherit autotools linux-info python-r1 systemd
-
-DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
-HOMEPAGE="https://netfilter.org/projects/nftables/"
-#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
-SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
-
-LICENSE="GPL-2"
-SLOT="0"
-KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
-IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
-
-RDEPEND="
-	>=net-libs/libmnl-1.0.4:0=
-	gmp? ( dev-libs/gmp:0= )
-	json? ( dev-libs/jansson )
-	python? ( ${PYTHON_DEPS} )
-	readline? ( sys-libs/readline:0= )
-	>=net-libs/libnftnl-1.1.7:0=
-	xtables? ( >=net-firewall/iptables-1.6.1 )
-"
-
-DEPEND="${RDEPEND}"
-
-BDEPEND="
-	doc? (
-		app-text/asciidoc
-		>=app-text/docbook2X-0.8.8-r4
-	)
-	virtual/pkgconfig
-"
-
-REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
-
-#S="${WORKDIR}/v${PV}"
-
-python_make() {
-	emake \
-		-C py \
-		abs_builddir="${S}" \
-		DESTDIR="${D}" \
-		PYTHON_BIN="${PYTHON}" \
-		${@}
-}
-
-pkg_setup() {
-	if kernel_is ge 3 13; then
-		if use modern-kernel && kernel_is lt 3 18; then
-			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
-		fi
-		CONFIG_CHECK="~NF_TABLES"
-		linux-info_pkg_setup
-	else
-		eerror "This package requires kernel version 3.13 or newer to work properly."
-	fi
-}
-
-src_prepare() {
-	default
-
-	# fix installation path for doc stuff
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
-		-i files/nftables/Makefile.am || die
-	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
-		-i files/osf/Makefile.am || die
-
-	eautoreconf
-}
-
-src_configure() {
-	local myeconfargs=(
-		# We handle python separately
-		--disable-python
-		--sbindir="${EPREFIX}"/sbin
-		$(use_enable debug)
-		$(use_enable doc man-doc)
-		$(use_with !gmp mini_gmp)
-		$(use_with json)
-		$(use_with readline cli readline)
-		$(use_enable static-libs static)
-		$(use_with xtables)
-	)
-	econf "${myeconfargs[@]}"
-}
-
-src_compile() {
-	default
-
-	if use python ; then
-		python_foreach_impl python_make
-	fi
-}
-
-src_install() {
-	default
-
-	if ! use doc; then
-		pushd doc >/dev/null || die
-		doman *.?
-		popd >/dev/null || die
-	fi
-
-	local mksuffix="$(usex modern-kernel '-mk' '')"
-
-	exeinto /usr/libexec/${PN}
-	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
-	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
-	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
-	keepdir /var/lib/nftables
-
-	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
-
-	if use python ; then
-		python_foreach_impl python_make install
-		python_foreach_impl python_optimize
-	fi
-
-	find "${ED}" -type f -name "*.la" -delete || die
-}
-
-pkg_postinst() {
-	local save_file
-	save_file="${EROOT}/var/lib/nftables/rules-save"
-
-	# In order for the nftables-restore systemd service to start
-	# the save_file must exist.
-	if [[ ! -f "${save_file}" ]]; then
-		( umask 177; touch "${save_file}" )
-	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
-		ewarn "Your system has dangerous permissions for ${save_file}"
-		ewarn "It is probably affected by bug #691326."
-		ewarn "You may need to fix the permissions of the file. To do so,"
-		ewarn "you can run the command in the line below as root."
-		ewarn "    'chmod 600 \"${save_file}\"'"
-	fi
-
-	elog "If you wish to enable the firewall rules on boot (on systemd) you"
-	elog "will need to enable the nftables-restore service."
-	elog "    'systemctl enable ${PN}-restore.service'"
-	elog
-	elog "If you are creating firewall rules before the next system restart "
-	elog "the nftables-restore service must be manually started in order to "
-	elog "save those rules on shutdown."
-}
diff --git a/net-firewall/nftables/nftables-0.9.6.ebuild b/net-firewall/nftables/nftables-0.9.6.ebuild
new file mode 100644
index 000000000000..aad88b619234
--- /dev/null
+++ b/net-firewall/nftables/nftables-0.9.6.ebuild
@@ -0,0 +1,151 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+PYTHON_COMPAT=( python3_{6,7,8} )
+
+inherit autotools linux-info python-r1 systemd
+
+DESCRIPTION="Linux kernel (3.13+) firewall, NAT and packet mangling tools"
+HOMEPAGE="https://netfilter.org/projects/nftables/"
+#SRC_URI="https://git.netfilter.org/nftables/snapshot/v${PV}.tar.gz -> ${P}.tar.gz"
+SRC_URI="https://netfilter.org/projects/nftables/files/${P}.tar.bz2"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~ia64 ~ppc64 ~sparc ~x86"
+IUSE="debug doc +gmp json +modern-kernel python +readline static-libs xtables"
+
+RDEPEND="
+	>=net-libs/libmnl-1.0.4:0=
+	gmp? ( dev-libs/gmp:0= )
+	json? ( dev-libs/jansson )
+	python? ( ${PYTHON_DEPS} )
+	readline? ( sys-libs/readline:0= )
+	>=net-libs/libnftnl-1.1.7:0=
+	xtables? ( >=net-firewall/iptables-1.6.1 )
+"
+
+DEPEND="${RDEPEND}"
+
+BDEPEND="
+	doc? (
+		app-text/asciidoc
+		>=app-text/docbook2X-0.8.8-r4
+	)
+	virtual/pkgconfig
+"
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+#S="${WORKDIR}/v${PV}"
+
+python_make() {
+	emake \
+		-C py \
+		abs_builddir="${S}" \
+		DESTDIR="${D}" \
+		PYTHON_BIN="${PYTHON}" \
+		${@}
+}
+
+pkg_setup() {
+	if kernel_is ge 3 13; then
+		if use modern-kernel && kernel_is lt 3 18; then
+			eerror "The modern-kernel USE flag requires kernel version 3.18 or newer to work properly."
+		fi
+		CONFIG_CHECK="~NF_TABLES"
+		linux-info_pkg_setup
+	else
+		eerror "This package requires kernel version 3.13 or newer to work properly."
+	fi
+}
+
+src_prepare() {
+	default
+
+	# fix installation path for doc stuff
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels@' \
+		-i files/nftables/Makefile.am || die
+	sed '/^pkgsysconfdir/s@${sysconfdir}.*$@${docdir}/skels/osf@' \
+		-i files/osf/Makefile.am || die
+
+	eautoreconf
+}
+
+src_configure() {
+	local myeconfargs=(
+		# We handle python separately
+		--disable-python
+		--sbindir="${EPREFIX}"/sbin
+		$(use_enable debug)
+		$(use_enable doc man-doc)
+		$(use_with !gmp mini_gmp)
+		$(use_with json)
+		$(use_with readline cli readline)
+		$(use_enable static-libs static)
+		$(use_with xtables)
+	)
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use python ; then
+		python_foreach_impl python_make
+	fi
+}
+
+src_install() {
+	default
+
+	if ! use doc; then
+		pushd doc >/dev/null || die
+		doman *.?
+		popd >/dev/null || die
+	fi
+
+	local mksuffix="$(usex modern-kernel '-mk' '')"
+
+	exeinto /usr/libexec/${PN}
+	newexe "${FILESDIR}"/libexec/${PN}${mksuffix}.sh ${PN}.sh
+	newconfd "${FILESDIR}"/${PN}${mksuffix}.confd ${PN}
+	newinitd "${FILESDIR}"/${PN}${mksuffix}.init ${PN}
+	keepdir /var/lib/nftables
+
+	systemd_dounit "${FILESDIR}"/systemd/${PN}-restore.service
+
+	if use python ; then
+		python_foreach_impl python_make install
+		python_foreach_impl python_optimize
+	fi
+
+	find "${ED}" -type f -name "*.la" -delete || die
+}
+
+pkg_postinst() {
+	local save_file
+	save_file="${EROOT}/var/lib/nftables/rules-save"
+
+	# In order for the nftables-restore systemd service to start
+	# the save_file must exist.
+	if [[ ! -f "${save_file}" ]]; then
+		( umask 177; touch "${save_file}" )
+	elif [[ $(( "$( stat --printf '%05a' "${save_file}" )" & 07177 )) -ne 0 ]]; then
+		ewarn "Your system has dangerous permissions for ${save_file}"
+		ewarn "It is probably affected by bug #691326."
+		ewarn "You may need to fix the permissions of the file. To do so,"
+		ewarn "you can run the command in the line below as root."
+		ewarn "    'chmod 600 \"${save_file}\"'"
+	fi
+
+	elog "If you wish to enable the firewall rules on boot (on systemd) you"
+	elog "will need to enable the nftables-restore service."
+	elog "    'systemctl enable ${PN}-restore.service'"
+	elog
+	elog "If you are creating firewall rules before the next system restart "
+	elog "the nftables-restore service must be manually started in order to "
+	elog "save those rules on shutdown."
+}
diff --git a/net-firewall/pglinux/Manifest b/net-firewall/pglinux/Manifest
index 92fb68b24e16..8be7e2f6b34d 100644
--- a/net-firewall/pglinux/Manifest
+++ b/net-firewall/pglinux/Manifest
@@ -1,3 +1,4 @@
+AUX pglinux-2.3.1_p20171006-fno-common.patch 492 BLAKE2B 803ecc1c2089a873ef2df2901c3364ff4e9242c2b6758c0b2e8fee57c7a13e31d6fb2a5f10ee24f8452e453299112af3be4fb1500f472bdd8192ea1b2363f13e SHA512 dbeac2030b38a7e224a0d3221ebbb8b3199f8a7eca3d675c6516121c8a61c6834f25da93bab60fe3216745d6fde12f4342c8f9f94abab6efbdda45e7f0f697a6
 DIST pglinux-2.3.1_p20171006.zip 340253 BLAKE2B a39ecad1290dd31b126ed58c22f2de1162a4081e07f576509b5d77adffeb4a74b5aeb489f8f63134b0fc37d174e61b6631bdb350c3277729456092ba0ae3c600 SHA512 ea30076d7a21fa71d5e352c479cb1a463c9f244d675f5c7f9d5d25a33b27f4c7f1a39d173f2fd156e3f2cb0652da0a06c078fc38972275073f38d48f207e42f3
-EBUILD pglinux-2.3.1_p20171006.ebuild 2550 BLAKE2B 94ed616c03210e31a466b06645dcd9aa546d60ad18e3ed7581b2e46b40165b0b2c3cd41f02e7ecff4b211565b33be5e168aff55efa328c38a624557ea43d74f7 SHA512 f307273c75ca8a53849cd8b40cde226d01c2f11809772862b00462f9e4e7a2dc12c15cc22da3801095ec359e390f450791be5510d931d726ea5ce65b2eb48526
+EBUILD pglinux-2.3.1_p20171006.ebuild 2596 BLAKE2B 2b9185dd83a20c85f6a79b92be9f661bca488e84047d9c8ef265370d0251b6668969707e15795fddfa109de811c23bfec1422daac06fa104ad6cab48e7ab6719 SHA512 d732b18ee3e784c868e081b59f31462742b73cf5787a007a3b3df5696983fcff733b822ffad3f46d4ae1dcc2d632f42b917e407b40d85c2b7b66f1b4bfd97728
 MISC metadata.xml 877 BLAKE2B 23f3f249945c9c606588fab5cb610e10a5adfa00bb9f9408f5dd373bc76b6a1b4b0cfff72de8b86d2b7de335d1730ee5cf15108b519e148f797ff2855fa16064 SHA512 6b9986e54aa2b6d75acabfc74e080d0e378b79f94178d7dec3c6b870fa90ccbf4840559942d29ce27f017a63b8f8760c21ac09fffb0040f9f624a053c489d8de
diff --git a/net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch b/net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch
new file mode 100644
index 000000000000..d6c80405e86d
--- /dev/null
+++ b/net-firewall/pglinux/files/pglinux-2.3.1_p20171006-fno-common.patch
@@ -0,0 +1,21 @@
+--- a/pgld/src/blocklist.h
++++ b/pgld/src/blocklist.h
+@@ -74,6 +74,6 @@
+ void blocklist_stats(int clearhits);
+ block_entry_t * blocklist_find(uint32_t ip);
+ void blocklist_dump();
+-blocklist_t blocklist;
++extern blocklist_t blocklist;
+ 
+ #endif /* INC_BLOCKLIST_H */
+--- a/pgld/src/blocklist.c
++++ b/pgld/src/blocklist.c
+@@ -22,6 +22,8 @@
+ #include "blocklist.h"
+ #include "pgld.h"
+ 
++blocklist_t blocklist;
++
+ void blocklist_init() {
+     blocklist.entries = NULL;
+     blocklist.count = 0;
diff --git a/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild b/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild
index 8f0826099c32..eafaafe2ee81 100644
--- a/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild
+++ b/net-firewall/pglinux/pglinux-2.3.1_p20171006.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2018 Gentoo Foundation
+# Copyright 1999-2020 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI=6
@@ -58,6 +58,9 @@ CONFIG_CHECK="~NETFILTER_NETLINK
 	~IP_NF_IPTABLES
 	~IP_NF_TARGET_REJECT"
 
+PATCHES=(
+	"${FILESDIR}"/${P}-fno-common.patch
+)
 S="${WORKDIR}/${MY_PN}-code-${COMMIT}"
 
 src_prepare() {
diff --git a/net-firewall/shorewall/Manifest b/net-firewall/shorewall/Manifest
index dad7b7df12e5..38ee50e066e1 100644
--- a/net-firewall/shorewall/Manifest
+++ b/net-firewall/shorewall/Manifest
@@ -17,18 +17,26 @@ AUX shorewall6.systemd 577 BLAKE2B 5c755c0105954a34e39e077af0e012d9d6e647715a4b1
 AUX shorewallrc-r3 2035 BLAKE2B 6f4e4c93cee1f25405cc3ac76958064f1241a325c8b530c30f6dbd94423577d592e88613f463c4b41c1af1db22c7e53512fd8509931bb6527a8da669f2dbe773 SHA512 eaa32bf6baca0d3555db918d6221c7678f5ba67e78bf9dcdc1bf96deded8f64838d3a332226fa6605f0c1ae82e51e0f2c1540fa6188fd9bced22460a631f48a8
 DIST shorewall-5.2.4.4.tar.bz2 581085 BLAKE2B 6830f1ce9350534a51b0d79efad07b338c511ab3cc1bf151ac958052c5feb1794d994a71e80ebf1546a76fae1718ebc74abab37fbb4d9362d8b3108133b30354 SHA512 c050af24969c2f18c4c020dfb611edaf9c6a5aa09d1dace502ae99b9aa82d7f217695e8099d6615a9a3c9f6de951f6d8b24621021c48ee2f2095edf9815a8d57
 DIST shorewall-5.2.4.5.tar.bz2 581558 BLAKE2B 9b089a9c5cab212ba130e3865c2ea5a8ad27c88979e6497a0fef823a12a6ac98ca12a150c3e9a5b6c76c90339aeb3c92a438dfc068811790aef13783e39e6204 SHA512 3914bac627cf8787372f21c4332fc13744a6190c7a128521103e3f47533ebbe2fe359a4c6bc95a0d7dfb03e2ce30f7b7cd8eaed9d8fa3169d4b0b5244aa6d8f8
+DIST shorewall-5.2.5.tar.bz2 582270 BLAKE2B 6b0e883dd424ec814fb5f2dac601bd4e896c97c73ed0f2a151a054bd4b3db732aeaeb158d5bc453ca7cf3723233e429aa24f0b9908787f384e69da656fd71832 SHA512 6527fae5067bbfedd4d1fe53fb1b110fbac3f6d7f3b1abfe76be373ebb345bc238dabf3f24a8883314bf29ffc847dcd190bddc82ca64183311ba0e5544078743
 DIST shorewall-core-5.2.4.4.tar.bz2 73257 BLAKE2B 16b8d3a1d08c9db6a939f946324295063cee71b373bd67dd85d0acb4332502df4b5d9bb932695228ad6d33395c6596e86fd3e77ca59abc99d88bab7e883777c9 SHA512 1868dcd6bad6b0cb5be2c1b0724f076605e7990d0b9dfd19fee06c758b19f2ebcbe18bccaa7a4ea861ceb26038ed07837eecdacdd2a02d0c2a927c732d6bdc30
 DIST shorewall-core-5.2.4.5.tar.bz2 73333 BLAKE2B e4d71ddd92e83c31d90b766568d4d595d1035278832c9f92c103e7b95436adecf9e79612f0bf82e7eb3447d067c2d4e626bed14f1c9d74e5f11fa5d585830ba6 SHA512 74d413cbe95688d7604a01580eff32c92b1be754df2052fa4ed22dd549c18887b1462fc70c1a2913c2d77255fccb7badce33863686abffecadb6b316aa545827
+DIST shorewall-core-5.2.5.tar.bz2 74420 BLAKE2B ff2a6c2ead74f125785bcb2aea42948f27b88cb39d121a3ab1af1e4df6dc4ec878854499be7c385766af6245f4590c62b4dd2eb3d648b02fa4f16d3e13a302ce SHA512 9bd7e74def89cdc07987cbcbf9b8d8a69500f7b0dfc346c9fbcec6ab8cecad3c2adfcc505136ef0c2f0525345fdb6de4918dd5bd2d382bfb4773b23ce868a937
 DIST shorewall-docs-html-5.2.4.4.tar.bz2 4294159 BLAKE2B 81bb4a9d086f48bf8551be3bc8aff0ed8a0a99d215338f12b711c96115507ea5a7eb567d084db0a93628c4036623a72231f33dd15671e84739d59608268b98c7 SHA512 086096604f5a580906f05b460e1e19df24620b610675a8ec6038c0061199fd6f09cd8aff08f1e8daa8d2898bfaec9db95cf7f4f1397ca9df784d420907b16fac
 DIST shorewall-docs-html-5.2.4.5.tar.bz2 4294320 BLAKE2B dd80e0ae8bc622aaa2e1278a20d2b0e2aaccd25debf22301b71dfce125f94be3e9c30dd411f3f7a84592ca126917447d1b61624079b6bf3686156578c54495cd SHA512 6453c0dbdd80c41b5ca706eae2cd05946a6442f939b398985bf2b6687b60c1f636cf387d1581694223b6d887f914764f9193070dfce745e6e32dd0edd582fe76
+DIST shorewall-docs-html-5.2.5.tar.bz2 4310021 BLAKE2B 2d5704f126f6626bf2c934390552c19190fac5fd4231aaf61a2b0eadd770cad7b220d1083df2b0ab26ce8b2c1d97f5a3b0f2b083d14d3c5ce800bb6402603216 SHA512 04ae753f25371c0ce08af2cac5abd19797ec70860714e6891900a45baab0fb24d0f7c3163a5d2f5e419f1c1a8b092c164b7230b8d0c8cc4c3f53bbd0269e419b
 DIST shorewall-init-5.2.4.4.tar.bz2 38048 BLAKE2B 01b4664396933ca303d4013d50f290be850dad51142257a7b1f3081cee3baac219feadc96636c732072c6918f83d847eca2107aa094804691500972a90f222fd SHA512 fdab4aa68429144cbffdf41aad78744feb3e9736df0e8d6ed87ed7ac80aebf7078c6ec28646069a71cacc8d9a6738605d59c6b6fb35d8c4d9a1ed8353a71775c
 DIST shorewall-init-5.2.4.5.tar.bz2 38113 BLAKE2B 4231e22c7dfd862fd6ee8b573ea3f137ea078e488d354ddf197a83c4d60827a462311f5f9cd7d1dd0df17b61713fa164e6c6594eb4b8c173bef59fee75f4c1bc SHA512 51ac7a4022caca14c25efe0e608bb3983f27c31326b1a933385891fbe01aa5137f3d8e50406fddec41024fe8aea6e55ad16c3a4cb2d1b211fd0d13d61ce61cb1
+DIST shorewall-init-5.2.5.tar.bz2 39405 BLAKE2B 8259b4618c3b75201e245fd414da7890a80d31535eea71358f9ed3bc9b44ad0e341c3b795f624ac8cb05e2345fac82a8831ad877abe6a9ef13a8c7889bfdcb7e SHA512 61f31287472770fe02a099bddd7a6a5fa42fb676462cb7b16975fb15c6a70fe1fbb40d4c1b714f9e8a1a4bdc0ef3d7542552b1dd780833be781dda1e8dba9879
 DIST shorewall-lite-5.2.4.4.tar.bz2 42806 BLAKE2B d6dd5d9268d40fb88ee99be36b359423a6d7785417752f6e9d7245806bf9677963851327dcfd0d5fe81ea54ab11d59a5e64ee4115d41d3a6c8f4ced1e7cda732 SHA512 b81aa04f124435d3bf63d1796cca4db987f56c3e31953386ab7f3aae290058e5f3240b43864753121ed48b3744f8d6ee2dcd5210105dc1ccf5a4f790b3e22092
 DIST shorewall-lite-5.2.4.5.tar.bz2 42868 BLAKE2B 5ccab6fd410deb721671d16967fdf57be051c8403d7b2dc7273dea76f42584d01c593adee25d72730091d3f8cc7d85b985e58b5e243f5f5a11522935eae88087 SHA512 329535471f9a44f7cd3935e490d238768fe37bba397dbfd83b1f0960e16a1fdb6407ae6fd36f7054ec998f1ea8c2f91bb4cc1fa6d970675939856b2436cf7c45
+DIST shorewall-lite-5.2.5.tar.bz2 44120 BLAKE2B 47154b9f7203f5bff279c2e936dd0fe108bcb44bc9dd43abb49dc0c129a54ea381fff71b1dc3ac55e026b4065d8d5ab48edb1dcf52845e5e5f88492a958f4451 SHA512 41e6de25b2b10452bd15c465df5ffaf21019059f511197a6d398af086bba55f80b21b6644747fb2c228414a1e8af381ef5c4174b8e4defc72389664e971a85d3
 DIST shorewall6-5.2.4.4.tar.bz2 199722 BLAKE2B c5c741ea7108e6edbb35190bccea06d04c6a0d1cf5dbae23481e38d3c05155df6bcaf4deb6397d07a1f51ba0b13b18b4ed22349fbe1f6e605d0303486002d876 SHA512 cf212d1c7c8703319a5c6f34ba8629f115b2f03a0713c1b40cf370adad66b671bfd9536a28bc650aba04bf6a6fd7c396788d40c2eb650a006e8f2eb27baf76f8
 DIST shorewall6-5.2.4.5.tar.bz2 200261 BLAKE2B b21f8232a3497be70184c9053e17265d803a9561f5799921ee63ab67bd4b1b8fa8c1950de13a5f6d8f1662013641859844b5a2032e684151a3b85b0de8d8dfb9 SHA512 362802b8b9dc52da00a291f0fb0bb115387a409974e418bb3e00d8c9c900cd49f0b6d90a4c75db5028b5a2d1ad499d352d322e4f7132a9e8647b3502a263531b
+DIST shorewall6-5.2.5.tar.bz2 201419 BLAKE2B efb1a81ee1bcee982d7cfd1bb5ee9cbae5e59e3ce47895d25332f71c1d79d2bb2421c6fca0645fe9d2d493648caab2b9c233d36fb9210e3fd6f667b89ff66671 SHA512 2b3656490209872c696966129bf4a411d050f561fd82645f494c503013a755854833cdbedfd6bdb971abb974988d11b1c4e29e62d431a4d67bba74822f579692
 DIST shorewall6-lite-5.2.4.4.tar.bz2 42739 BLAKE2B 3f1caa78b12f779bd73716dad78a26544bf99204b96da2fa950c709bbb5d68ac1ee062714d5040d961a2df35b4d22e0b6c8747b36a84bb9a5b6805cb6d0158cd SHA512 4a0c6e939bd8ca239734de64ea0b2a94885f8f14d00e37dce291b2f5aa00384227c16cc0595ef1b038f05d3d42212ace3e9482937c8c072d7e194099ab867646
 DIST shorewall6-lite-5.2.4.5.tar.bz2 42843 BLAKE2B a02923bcd75bedbcb3d48f43c11de7956829528c7076f6cdd7353550e4703de3c19d01e16abbc6d2db74a748edaffec613060a7fb6179a1c89a75e0058d766ff SHA512 c93ebb94c9baa627cb9fd18af098ca484c5e6cf2d0405624a00d6cf9093e900e06b6da7f2f9acedf3fcd1c68d6221a50ae2826718313cc0482b74c34d6f2498a
+DIST shorewall6-lite-5.2.5.tar.bz2 44064 BLAKE2B e4667d1f1c932980d7bea03059b0aae8f83f0f3557f4245cec21aafaae72a942d47a8a355d3581cc459f85a80c10cb16af1c6e08971be2d120644098543bb3af SHA512 0c61c489f79aa51178aa733e1e738a2921c598e9403884322ccbc90461be4ee18dd0225d758371f1c750cfc832ca63652bbd8cac831e2ea026d63b72202c6f2a
 EBUILD shorewall-5.2.4.4.ebuild 16949 BLAKE2B 40c143a0265318201ec0d2186b6a1e75c0cf368e87e2544ade3ff7db49b03134434e27d628453692e33fbddaa34ec3bcb42c9375524be92fb1cbda5f37077bc4 SHA512 055dd811b6ea964f3cd44e9d312684438e17b9a5aae7a1dfd60ea863c8537e4bdc9cd80d7a129b9fa23f2483c7943c91ce3adf8ac872bb3b58e3e562654a415b
 EBUILD shorewall-5.2.4.5.ebuild 16955 BLAKE2B 492e4680f686a2e733bcc135644882abbc04a1f0e5cdc12cff69bd2f561d88e58fdef36a162f462a7e602b8fc2bcf1c8af1329aab24df9f00d966c0e8fd34d43 SHA512 0f694217f51006e9a7872d8130b849e2461ab07fb84e64bf97a060765cd16b8f3f5cbac4728822ba65cb4dde34158480b7ffbe9ee4a3d0da8df6514a186ad33e
+EBUILD shorewall-5.2.5.ebuild 16955 BLAKE2B 492e4680f686a2e733bcc135644882abbc04a1f0e5cdc12cff69bd2f561d88e58fdef36a162f462a7e602b8fc2bcf1c8af1329aab24df9f00d966c0e8fd34d43 SHA512 0f694217f51006e9a7872d8130b849e2461ab07fb84e64bf97a060765cd16b8f3f5cbac4728822ba65cb4dde34158480b7ffbe9ee4a3d0da8df6514a186ad33e
 MISC metadata.xml 2254 BLAKE2B e9d48407a0f055415070f5b0266ed9f534768f6d17d52b7070de30a037b89dbd08daac40b0ec313b8dfc65ba40ff38dae96c9758b78ec66d100ac8fa6b870d5f SHA512 0a201cf40dd1282b52897f751903baf28a2eb284b94316a45d8af6879f995dde1cdd4a7d474293835a0bde801ce41497bde558a51035a5e3650f0ec098688f33
diff --git a/net-firewall/shorewall/shorewall-5.2.5.ebuild b/net-firewall/shorewall/shorewall-5.2.5.ebuild
new file mode 100644
index 000000000000..95a3c0906eab
--- /dev/null
+++ b/net-firewall/shorewall/shorewall-5.2.5.ebuild
@@ -0,0 +1,482 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="7"
+
+inherit linux-info prefix systemd
+
+DESCRIPTION='A high-level tool for configuring Netfilter'
+HOMEPAGE="https://shorewall.org/"
+LICENSE="GPL-2"
+SLOT="0"
+IUSE="doc +init +ipv4 ipv6 lite4 lite6 selinux"
+
+MY_PV=${PV/_rc/-RC}
+MY_PV=${MY_PV/_beta/-Beta}
+MY_P=${PN}-${MY_PV}
+
+MY_MAJOR_RELEASE_NUMBER=$(ver_cut 1-2)
+MY_MAJORMINOR_RELEASE_NUMBER=$(ver_cut 1-3)
+
+# shorewall
+MY_PN_IPV4=Shorewall
+MY_P_IPV4=${MY_PN_IPV4/#S/s}-${MY_PV}
+
+# shorewall6
+MY_PN_IPV6=Shorewall6
+MY_P_IPV6=${MY_PN_IPV6/#S/s}-${MY_PV}
+
+# shorewall-lite
+MY_PN_LITE4=Shorewall-lite
+MY_P_LITE4=${MY_PN_LITE4/#S/s}-${MY_PV}
+
+# shorewall6-lite
+MY_PN_LITE6=Shorewall6-lite
+MY_P_LITE6=${MY_PN_LITE6/#S/s}-${MY_PV}
+
+# shorewall-init
+MY_PN_INIT=Shorewall-init
+MY_P_INIT=${MY_PN_INIT/#S/s}-${MY_PV}
+
+# shorewall-core
+MY_PN_CORE=Shorewall-core
+MY_P_CORE=${MY_PN_CORE/#S/s}-${MY_PV}
+
+# shorewall-docs-html
+MY_PN_DOCS=Shorewall-docs-html
+MY_P_DOCS=${MY_PN_DOCS/#S/s}-${MY_PV}
+
+# Upstream URL schema:
+# Beta:    $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-Beta2/shorewall-4.6.4-Beta2.tar.bz2
+# RC:      $MIRROR/pub/shorewall/development/4.6/shorewall-4.6.4-RC1/shorewall-4.6.4-RC1.tar.bz2
+# Release: $MIRROR/pub/shorewall/4.6/shorewall-4.6.3/shorewall-4.6.3.3.tar.bz2
+
+MY_URL_PREFIX=
+MY_URL_SUFFIX=
+if [[ ${MY_PV} = *-Beta* ]] || [[ ${MY_PV} = *-RC* ]]; then
+	MY_URL_PREFIX='development/'
+
+	if [[ ${MY_PV} = *-Beta* ]] ; then
+		MY_URL_SUFFIX="-Beta${MY_PV##*-Beta}"
+	elif [[ ${MY_PV} = *-RC* ]] ; then
+		MY_URL_SUFFIX="-RC${MY_PV##*-RC}"
+	fi
+
+	# Cleaning up temporary variables
+	unset _tmp_last_index
+	unset _tmp_suffix
+else
+	KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~ppc64 ~sparc ~x86"
+fi
+
+SRC_URI="
+	https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-core-${MY_PV}.tar.bz2
+	ipv4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-${MY_PV}.tar.bz2 )
+	ipv6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-${MY_PV}.tar.bz2 )
+	lite4? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-lite-${MY_PV}.tar.bz2 )
+	lite6? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall6-lite-${MY_PV}.tar.bz2 )
+	init? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/shorewall-init-${MY_PV}.tar.bz2 )
+	doc? ( https://shorewall.org/pub/shorewall/${MY_URL_PREFIX}${MY_MAJOR_RELEASE_NUMBER}/shorewall-${MY_MAJORMINOR_RELEASE_NUMBER}${MY_URL_SUFFIX}/${MY_P_DOCS}.tar.bz2 )
+"
+
+# - Shorewall6 requires Shorewall
+# - Installing Shorewall-init or just the documentation doesn't make any sense,
+#   that's why we force the user to select at least one "real" Shorewall product
+#
+# See https://shorewall.org/download.htm#Which
+REQUIRED_USE="
+	ipv6? ( ipv4 )
+	|| ( ipv4 lite4 lite6 )
+"
+
+# No build dependencies! Just plain shell scripts...
+DEPEND=""
+
+RDEPEND="
+	>=net-firewall/iptables-1.4.20
+	>=sys-apps/iproute2-3.8.0[-minimal]
+	>=sys-devel/bc-1.06.95
+	ipv4? (
+		>=dev-lang/perl-5.16
+		virtual/perl-Digest-SHA
+	)
+	ipv6? (
+		>=dev-perl/Socket6-0.230.0
+		>=net-firewall/iptables-1.4.20[ipv6]
+		>=sys-apps/iproute2-3.8.0[ipv6]
+	)
+	lite6? (
+		>=net-firewall/iptables-1.4.20[ipv6]
+		>=sys-apps/iproute2-3.8.0[ipv6]
+	)
+	init? ( >=sys-apps/coreutils-8.20 )
+	selinux? ( >=sec-policy/selinux-shorewall-2.20161023-r3 )
+	!net-firewall/shorewall-core
+	!net-firewall/shorewall6
+	!net-firewall/shorewall-lite
+	!net-firewall/shorewall6-lite
+	!net-firewall/shorewall-init
+	!<sys-apps/systemd-214
+"
+
+S=${WORKDIR}
+
+pkg_pretend() {
+	local CONFIG_CHECK="~NF_CONNTRACK"
+
+	local WARNING_CONNTRACK="Without NF_CONNTRACK support, you will be unable"
+	local WARNING_CONNTRACK+=" to run any shorewall-based firewall on the local system."
+
+	# kernel >=4.19 has unified NF_CONNTRACK module, bug 671176
+	if kernel_is -lt 4 19; then
+		if use ipv4 || use lite4; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV4"
+
+			local WARNING_CONNTRACK_IPV4="Without NF_CONNTRACK_IPV4 support, you will"
+			local WARNING_CONNTRACK_IPV4+=" be unable to run any shorewall-based IPv4 firewall on the local system."
+		fi
+
+		if use ipv6 || use lite6; then
+			CONFIG_CHECK="${CONFIG_CHECK} ~NF_CONNTRACK_IPV6"
+
+			local WARNING_CONNTRACK_IPV6="Without NF_CONNTRACK_IPV6 support, you will"
+			local WARNING_CONNTRACK_IPV6+=" be unable to run any shorewall-based IPv6 firewall on the local system."
+		fi
+	fi
+
+	check_extra_config
+}
+
+pkg_setup() {
+	if [[ -n "${DIGEST}" ]]; then
+		einfo "Unsetting environment variable \"DIGEST\" to prevent conflicts with package's \"install.sh\" script ..."
+		unset DIGEST
+	fi
+}
+
+src_prepare() {
+	# We are moving each unpacked source from MY_P_* to MY_PN_*.
+	# This allows us to use patches from upstream and keeps epatch_user working
+
+	einfo "Preparing shorewallrc ..."
+	cp "${FILESDIR}"/shorewallrc-r3 "${S}"/shorewallrc.gentoo || die "Copying shorewallrc failed"
+	eprefixify "${S}"/shorewallrc.gentoo
+	sed -i \
+		-e "s|SERVICEDIR=tbs|SERVICEDIR=$(systemd_get_systemunitdir)|" \
+		"${S}"/shorewallrc.gentoo || die "Failed to update shorewallrc"
+
+	# shorewall-core
+	mv "${S}"/${MY_P_CORE} "${S}"/${MY_PN_CORE} || die "Failed to move '${S}/${MY_P_CORE}' to '${S}/${MY_PN_CORE}'"
+	ebegin "Applying Gentoo-specific changes to ${MY_P_CORE} ..."
+	ln -s ../shorewallrc.gentoo ${MY_PN_CORE}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+	eend 0
+
+	pushd "${S}"/${MY_PN_CORE} &>/dev/null || die
+	eapply "${FILESDIR}"/shorewall-core-5.2.1-no-gzipped-manpages.patch
+	popd &>/dev/null || die
+
+	# shorewall
+	if use ipv4; then
+		mv "${S}"/${MY_P_IPV4} "${S}"/${MY_PN_IPV4} || die "Failed to move '${S}/${MY_P_IPV4}' to '${S}/${MY_PN_IPV4}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV4}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_IPV4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV4}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV4}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall.systemd "${S}"/${MY_PN_IPV4}/gentoo.service || die "Copying shorewall.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_IPV4} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall6
+	if use ipv6; then
+		mv "${S}"/${MY_P_IPV6} "${S}"/${MY_PN_IPV6} || die "Failed to move '${S}/${MY_P_IPV6}' to '${S}/${MY_PN_IPV6}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_IPV6}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_IPV6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall.confd-r1 "${S}"/${MY_PN_IPV6}/default.gentoo || die "Copying shorewall.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall.initd-r3 "${S}"/${MY_PN_IPV6}/init.gentoo.sh || die "Copying shorewall.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall6.systemd "${S}"/${MY_PN_IPV6}/gentoo.service || die "Copying shorewall6.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_IPV6} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-lite
+	if use lite4; then
+		mv "${S}"/${MY_P_LITE4} "${S}"/${MY_PN_LITE4} || die "Failed to move '${S}/${MY_P_LITE4}' to '${S}/${MY_PN_LITE4}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE4}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_LITE4}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE4}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE4}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall-lite.systemd "${S}"/${MY_PN_LITE4}/gentoo.service || die "Copying shorewall-lite.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_LITE4} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall6-lite
+	if use lite6; then
+		mv "${S}"/${MY_P_LITE6} "${S}"/${MY_PN_LITE6} || die "Failed to move '${S}/${MY_P_LITE6}' to '${S}/${MY_PN_LITE6}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_LITE6}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_LITE6}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-lite.confd-r1 "${S}"/${MY_PN_LITE6}/default.gentoo || die "Copying shorewall-lite.confd-r1 failed"
+		cp "${FILESDIR}"/shorewall-lite.initd-r3 "${S}"/${MY_PN_LITE6}/init.gentoo.sh || die "Copying shorewall-lite.initd-r2 failed"
+		cp "${FILESDIR}"/shorewall6-lite.systemd "${S}"/${MY_PN_LITE6}/gentoo.service || die "Copying shorewall6-lite.systemd failed"
+		eend 0
+
+		pushd "${S}"/${MY_PN_LITE6} &>/dev/null || die
+		eapply "${FILESDIR}"/shorewall-lite-5.2.1-no-gzipped-manpages.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-init
+	if use init; then
+		mv "${S}"/${MY_P_INIT} "${S}"/${MY_PN_INIT} || die "Failed to move '${S}/${MY_P_INIT}' to '${S}/${MY_PN_INIT}'"
+		ebegin "Applying Gentoo-specific changes to ${MY_P_INIT}"
+		ln -s ../shorewallrc.gentoo ${MY_PN_INIT}/shorewallrc.gentoo || die "Failed to symlink shorewallrc.gentoo"
+		cp "${FILESDIR}"/shorewall-init.confd "${S}"/${MY_PN_INIT}/default.gentoo || die "Copying shorewall-init.confd failed"
+		cp "${FILESDIR}"/shorewall-init.initd "${S}"/${MY_PN_INIT}/init.gentoo.sh || die "Copying shorewall-init.initd failed"
+		cp "${FILESDIR}"/shorewall-init.systemd "${S}"/${MY_PN_INIT}/gentoo.service || die "Copying shorewall-init.systemd failed"
+		cp "${FILESDIR}"/shorewall-init.readme "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt || die "Copying shorewall-init.systemd failed"
+		eend 0
+
+		eprefixify "${S}"/${MY_PN_INIT}/init.gentoo.sh
+
+		pushd "${S}"/${MY_PN_INIT} &>/dev/null || die
+		eapply -p2 "${FILESDIR}"/shorewall-init-01_remove-ipset-functionality-r2.patch
+		popd &>/dev/null || die
+	fi
+
+	# shorewall-docs-html
+	if use doc; then
+		mv "${S}"/${MY_P_DOCS} "${S}"/${MY_PN_DOCS} || die "Failed to move '${S}/${MY_P_DOCS}' to '${S}/${MY_PN_DOCS}'"
+	fi
+
+	eapply_user
+}
+
+src_configure() {
+	:;
+}
+
+src_compile() {
+	:;
+}
+
+src_install() {
+	# shorewall-core
+	einfo "Installing ${MY_P_CORE} ..."
+	DESTDIR="${ED}" ${MY_PN_CORE}/install.sh shorewallrc.gentoo || die "${MY_PN_CORE}/install.sh failed"
+	dodoc "${S}"/${MY_PN_CORE}/changelog.txt "${S}"/${MY_PN_CORE}/releasenotes.txt
+
+	# shorewall
+	if use ipv4; then
+		einfo "Installing ${MY_P_IPV4} ..."
+		DESTDIR="${ED}" ${MY_PN_IPV4}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV4}/install.sh failed"
+		keepdir /var/lib/shorewall
+
+		if use doc; then
+			dodoc -r "${S}"/${MY_PN_IPV4}/Samples
+		fi
+	fi
+
+	# shorewall6
+	if use ipv6; then
+		einfo "Installing ${MY_P_IPV6} ..."
+		DESTDIR="${ED}" ${MY_PN_IPV6}/install.sh shorewallrc.gentoo || die "${MY_PN_IPV6}/install.sh failed"
+		keepdir /var/lib/shorewall6
+
+		if use doc; then
+			dodoc -r "${S}"/${MY_PN_IPV6}/Samples6
+		fi
+	fi
+
+	# shorewall-lite
+	if use lite4; then
+		einfo "Installing ${MY_P_LITE4} ..."
+		DESTDIR="${ED}" ${MY_PN_LITE4}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE4}/install.sh failed"
+		keepdir /var/lib/shorewall-lite
+	fi
+
+	# shorewall6-lite
+	if use lite6; then
+		einfo "Installing ${MY_P_LITE6} ..."
+		DESTDIR="${ED}" ${MY_PN_LITE6}/install.sh shorewallrc.gentoo || die "${MY_PN_LITE6}/install.sh failed"
+		keepdir /var/lib/shorewall6-lite
+	fi
+
+	# shorewall-init
+	if use init; then
+		einfo "Installing ${MY_P_INIT} ..."
+		DESTDIR="${ED}" ${MY_PN_INIT}/install.sh shorewallrc.gentoo || die "${MY_PN_INIT}/install.sh failed"
+		dodoc "${S}"/${MY_PN_INIT}/shorewall-init.README.Gentoo.txt
+
+		if [[ -f "${ED}/etc/logrotate.d/shorewall-init" ]]; then
+			# On Gentoo, shorewall-init will not create shorewall-ifupdown.log,
+			# so we don't need a logrotate configuration file for shorewall-init
+			einfo "Removing unused \"${ED}/etc/logrotate.d/shorewall-init\" ..."
+			rm -rf "${ED}"/etc/logrotate.d/shorewall-init || die "Removing \"${ED}/etc/logrotate.d/shorewall-init\" failed"
+		fi
+
+		if [[ -d "${ED}/etc/NetworkManager" ]]; then
+			# On Gentoo, we don't support NetworkManager
+			# so we don't need this folder at all
+			einfo "Removing unused \"${ED}/etc/NetworkManager\" ..."
+			rm -rf "${ED}"/etc/NetworkManager || die "Removing \"${ED}/etc/NetworkManager\" failed"
+		fi
+
+		if [[ -f "${ED}/usr/share/shorewall-init/ifupdown" ]]; then
+			# This script isn't supported on Gentoo
+			rm -rf "${ED}"/usr/share/shorewall-init/ifupdown || die "Removing \"${ED}/usr/share/shorewall-init/ifupdown\" failed"
+		fi
+	fi
+
+	if use doc; then
+		einfo "Installing ${MY_P_DOCS} ..."
+		docinto html && dodoc -r "${S}"/${MY_PN_DOCS}/*
+	fi
+}
+
+pkg_postinst() {
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		# Show first steps for shorewall/shorewall6
+		local _PRODUCTS=""
+		if use ipv4; then
+			_PRODUCTS="shorewall"
+
+			if use ipv6; then
+				_PRODUCTS="${_PRODUCTS}/shorewall6"
+			fi
+		fi
+
+		if [[ -n "${_PRODUCTS}" ]]; then
+			elog "Before you can use ${_PRODUCTS}, you need to edit its configuration in:"
+			elog ""
+			elog "  /etc/shorewall/shorewall.conf"
+
+			if use ipv6; then
+				elog "  /etc/shorewall6/shorewall6.conf"
+			fi
+
+			elog ""
+			elog "To activate your shorewall-based firewall on system start, please add ${_PRODUCTS} to your default runlevel:"
+			elog ""
+			elog "  # rc-update add shorewall default"
+
+			if use ipv6; then
+				elog "  # rc-update add shorewall6 default"
+			fi
+		fi
+
+		# Show first steps for shorewall-lite/shorewall6-lite
+		_PRODUCTS=""
+		if use lite4; then
+			_PRODUCTS="shorewall-lite"
+		fi
+
+		if use lite6; then
+			if [[ -z "${_PRODUCTS}" ]]; then
+				_PRODUCTS="shorewall6-lite"
+			else
+				_PRODUCTS="${_PRODUCTS}/shorewall6-lite"
+			fi
+		fi
+
+		if [[ -n "${_PRODUCTS}" ]]; then
+			if use ipv4; then
+				elog ""
+			fi
+
+			elog "Before you can use ${_PRODUCTS}, you need to provide a configuration, which you can"
+			elog "create using ${CATEGORY}/shorewall (with \"ipv4\" and or \"ipv6\" USE flag)."
+			elog ""
+			elog "To read more about ${_PRODUCTS}, please visit"
+			elog "  https://shorewall.org/CompiledPrograms.html"
+			elog ""
+			elog "To activate your shorewall-lite-based firewall on system start, please add ${PRODUCTS} to your default runlevel:"
+			elog ""
+
+			if use lite4; then
+				elog "  # rc-update add shorewall-lite default"
+			fi
+
+			if use lite6; then
+				elog "  # rc-update add shorewall6-lite default"
+			fi
+		fi
+
+		if use init; then
+			elog ""
+			elog "To secure your system on boot, please add shorewall-init to your boot runlevel:"
+			elog ""
+			elog "  # rc-update add shorewall-init boot"
+			elog ""
+			elog "and review \$PRODUCTS in"
+			elog ""
+			elog "  /etc/conf.d/shorewall-init"
+		fi
+
+	fi
+
+	local v
+	for v in ${REPLACING_VERSIONS}; do
+		if ! version_is_at_least ${MY_MAJOR_RELEASE_NUMBER} ${v}; then
+			# This is an upgrade
+
+			elog "You are upgrading from a previous major version. It is highly recommended that you read"
+			elog ""
+			elog "  - /usr/share/doc/shorewall*/releasenotes.tx*"
+			elog "  - https://shorewall.org/Shorewall-5.html#idm214"
+
+			if use ipv4; then
+				elog ""
+				elog "You can auto-migrate your configuration using"
+				elog ""
+				elog "  # shorewall update -A"
+
+				if use ipv6; then
+					elog "  # shorewall6 update -A"
+				fi
+
+				elog ""
+				elog "*after* you have merged the changed files using one of the configuration"
+				elog "files update tools of your choice (dispatch-conf, etc-update...)."
+
+				elog ""
+				elog "But if you are not familiar with the \"shorewall[6] update\" command,"
+				elog "please read the shorewall[6] man page first."
+			fi
+
+			# Show this elog only once
+			break
+		fi
+	done
+
+	if ! use init; then
+		elog ""
+		elog "Consider emerging ${CATEGORY}/${PN} with USE flag \"init\" to secure your system on boot"
+		elog "before your shorewall-based firewall is ready to start."
+		elog ""
+		elog "To read more about shorewall-init, please visit"
+		elog "  https://shorewall.org/Shorewall-init.html"
+	fi
+
+	if ! has_version "net-firewall/conntrack-tools"; then
+		elog ""
+		elog "Your Shorewall firewall can utilize \"conntrack\" from the \"net-firewall/conntrack-tools\""
+		elog "package. if you want to use this feature, you need to install \"net-firewall/conntrack-tools\"!"
+	fi
+
+	if ! has_version "dev-perl/Devel-NYTProf"; then
+		elog ""
+		elog "If you want to profile your Shorewall firewall you need to install \"dev-perl/Devel-NYTProf\"!"
+	fi
+}
diff --git a/net-firewall/ufw/Manifest b/net-firewall/ufw/Manifest
index 41bc7679a435..8f34b20134cb 100644
--- a/net-firewall/ufw/Manifest
+++ b/net-firewall/ufw/Manifest
@@ -1,10 +1,6 @@
 AUX rsyslog/ufw.logrotate 178 BLAKE2B 488f56cb61e3d708e771e927b0c92ce354ebd7aa65c70c26f7473b23fa2ee2387bcea2505f157b87597cb9ccef741d5df27a4a26c2dc9a23ec91877c28595737 SHA512 d381a34b23d8656c316af69c07d49042d6c4def4cea3e51367210bce20681376fd0259a95b6b9403171c5d80732927a8880f3d401e13e6f76b505324eecb146b
 AUX syslog-ng/syslog-ng.example 381 BLAKE2B 01026130ac3aec7bb4b3862e9567c225073d5f467eced4701c711842f2aa8ff7b566874e64e302728a5bff15d848325040e3df900776950269d431dda6763950 SHA512 f48d2487679fe179ea216bb4259affbf5ab4c86725b45942581ada8dac24dd0c978f755182805ff5350ab169972fcee7bb54a6d14df760d4b5f62c485af1e49e
 AUX syslog-ng/ufw.logrotate 269 BLAKE2B 6dd614ec033e8b9fd6d95e7a6fc69252e5a7fd33da6e760320b7f9fb519936a94f2f46e7833189601ddfa7fa080402237831fab9daf1b18a0872cc49c56715b1 SHA512 22d89f04b68a8b4deeb60aca263239255dd01b9c6e6d23a5d77514daf7bb9dc3910a28cfe9c606f70d2a50f0365bb19c3cf00c5859ee2630c00f0df451ee9c5d
-AUX ufw-0.33-dont-check-iptables.patch 1659 BLAKE2B 2e99b686c1bd556055904b080026d44c49885b2acfa37e22dfa6ea756619a8dc22fd0d54277c5a66ab769fc16d810218caafd5fabd656cabc055a115cde6feb9 SHA512 8f92d4b79f1caf01cb97ec64014c7607a410fb0a36e5e87376707c026d714a060ae554591b6e5b3834b671acd4145dcca68a9373aa41051ef60c9dd409dd008d
-AUX ufw-0.34_pre805-shebang.patch 675 BLAKE2B b6197588687ab9ecea071be057adf14d47dac994415894a6cc4a9943f2f8dceae77a429a0ebbbfc49bf4a4eba2aa5a63cb153e290bdea33626939f054bdb9a4c SHA512 8954f679a993d65cb880ffce09b448626fd64dea93257f0faa97b8bec76dcbbda4fb0d19408655d6db387066a0ac94b962dca2e5febcc5b5685e9b16b97b4cad
-AUX ufw-0.35-bash-completion.patch 259 BLAKE2B bb20b7af317c2e36023e28b85d51cdccde43354db39d26e65a721983478c7d39e1e3c71c36f2c8c5c2515db929f50a1edc1c84d9c4294662d8601e0136a98019 SHA512 9a59ff192e6fb3365c8585b984f4743a05f7cb18ae581a8b79c4afe39e43f12d993febf1319e1ee810483d610d970649e75c4b9dde891be728869b69c80b4709
-AUX ufw-0.35-move-path.patch 7386 BLAKE2B 022c734deaa24316e3e72cf83110a7cff5f9f763f713a61c17ee74ba57724cd94c1dbb6741904d68ad7f3874c21015b87fae239811b84928b35aa4c4019ac430 SHA512 eac6e0c96e7b0e501b3792671a21306049f40869fafc1d9c579c2424fb32b91987a846b3562c30513326433031ff46bc4df2bbb5706f7af18e6216f8f2b7546f
 AUX ufw-0.36-bash-completion.patch 328 BLAKE2B 7f88afa8f4ccc12aba70dce1ca82e6992497819cfd7dc005b13c9d17212adb74134115d83907ec2b8c916d40213ab2acea170e649e438744b854f11fd22815bd SHA512 11a9cf4906fa0bd677e745615b3c4d663512a1d05f9c21149d09624237a88938b9ed83b8ca876dbcf9bbac41a4bf7155eba76ec32778e025f013e1ffb07e4abb
 AUX ufw-0.36-dont-check-iptables.patch 1592 BLAKE2B 7b8bb33a04a455fd05bf62b19ec35ff209eb54f7adc77a6296d4a5bbb80996ec11691e48b3ba1f4cffd11c53775545e537319852b0a9a3e27e4799d79c34a655 SHA512 a0c8c7331d46b917cec86763414ce2c70ef120bd069bd8ba67ef4ab2ab5212e7263f01d3d5072c7c8e4301ee36b280c8f464fc21cc19b3805c6d391437df0438
 AUX ufw-0.36-move-path.patch 6985 BLAKE2B 1f5ed4b0265fb812acffd1bb756a60a2a1e31b013054c40dae532966fd42449ba7bdde644c181a2f6e0c20103d9ef37a0400d217f7ec843bc10e3528b95eb8bc SHA512 228ed40f800b8ed4bbc217df9478c1c0be5eb1ec154abd2d3a3cd6c92902632f07ef70c3ca3f2478bfe501735a0f6f0b7fa8d8f4991fdaead4332e4c65bad0c9
@@ -12,8 +8,6 @@ AUX ufw-0.36-shebang.patch 714 BLAKE2B adfbc135b1ec2e51a6df59c7caf4b081568eb77fc
 AUX ufw-2.initd 2611 BLAKE2B b6a75e023ad0efeeef168e7e074c716ec66f40d3bde9f99cf1a02e63800b4a42c3ff7d35fe9503e51859f98cdf500db4c1900a9436f642c0af7350c9d1256692 SHA512 f6cb7f6f7713d6f2c78c0b0254f385701f28b997931007997f0702af0dcd0d1b1bf08617dbb3abd21219c23a63ec3286e019896253ff7e9bdbb218a5bb17dd80
 AUX ufw.confd 219 BLAKE2B 8ed5dec5dd9acc84715918240e31398268ff36f73bb2cfc10e64e0593e59cc7f5b988f8545ddea37f19d9b40e870d743bea66edd7da1e3d2753b6edda8afa352 SHA512 a010532c97b9cf83f1fb5fa707228e0542a8b109c76e5942aaf2d6552c63e033d32e39e5a6ac87cb9e2ed4c3fdbc5d03c75127e6378665e592b143bc1eda52c7
 AUX ufw.service 329 BLAKE2B e817fc85b3bdb21b47a3089c6f2204292a019eaeae510832530f0e09f8784a312dd636fa3cf90610bb3159d52b4bdaadf803699ac4bff31576b566a3e977b2d2 SHA512 a365e704ca958c83c86f8a6b1623ce3f9ad72dcfb0cfc7758bfc787e0877f897ccf8b200db83df17130ca5dcc54f938178b8cabfe3ee0c0896c814ee7d2439c7
-DIST ufw-0.35.tar.gz 375310 BLAKE2B 3babf22e860ead6970c1386b0ab9fc3de364ba3f5c8bc0237be4a9446358fe058d216e7928d16eed8a148fbee5b82fc1d9e3b358f357c2fac236ae6f6b942a01 SHA512 b36c82559910634505648f717d19eb5a0cb1ce739a804359087e74c966869d0375c4ed5811954b32d2b5b51866f6ae1bec62a4a464f226b2eecc56b096f303fc
 DIST ufw-0.36.tar.gz 580338 BLAKE2B a7e07ac11539061a69bb83d45c0affc54793503b31c9e9f9f8b34fa890a3fe97682f9133102e74e5f6e1eb372a929cfc8619baa2cc9efc1dc289d9f4a1766efd SHA512 b32d7f79f43c203149c48b090ee0d063df78fcf654344ee11066a7363e799a62b046758ffe02b8bd15121545ac2a6b61df21fe56f8b810319fe4dd562cbdadb3
-EBUILD ufw-0.35-r1.ebuild 5630 BLAKE2B 5fae04dd991fa046db5768c93cadc54ba44d853e96eae1b0268c1c6d718d537a65cd1a3525dd8a0d33322708e28cdd6a339b348affbd2b31b481069f7c8cd068 SHA512 5aac0a79bb395b5dfbd8b192626ddd164494ac6ae35e8a5c2a2e671039d67e591bab4b0759ed4809064319e38fc3e22b9a5dceaf4258fbf859aca26665960e4d
 EBUILD ufw-0.36.ebuild 5716 BLAKE2B fc67446fab27bcedb0dcf9b120ac554cf8fce0663a6bcfef321612d09bdfedad17c17a6b44877d197afa0d38a681932ffb1673713abaffb32c649ebc46fb5ee9 SHA512 71a7d5b97d0d2468610455599d58ccd709e498761cbed609aa70f7ccb46742d0ca739d9cfbc608111c3358fc9eada298bf66220db6141a8ac95fffdcde4f1b83
 MISC metadata.xml 867 BLAKE2B 803f1809161a81c013989270661d5e17bc74c9f02dd7c2cf9e7847b86072ea56fc5ad980a6f2d285ee1d806902621ff1100ac20bbc27465e828aec4537e846c6 SHA512 e11ddde14aa8fb8aa187537f3cfeb01b26b4421489d69223fc77ab4400b002105d2b8161ebf489748eb42b615899f87c1abc65d10d7ef40b2f107f0d85c17c77
diff --git a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch b/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
deleted file mode 100644
index b7eae3595cb5..000000000000
--- a/net-firewall/ufw/files/ufw-0.33-dont-check-iptables.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-diff -ur ufw-0.32/setup.py ufw-0.32.new/setup.py
---- ufw-0.32/setup.py	2012-07-06 17:46:29.000000000 +0200
-+++ ufw-0.32.new/setup.py	2012-07-30 15:28:31.874547818 +0200
-@@ -225,41 +225,7 @@
- os.unlink(os.path.join('staging', 'ufw-init'))
- os.unlink(os.path.join('staging', 'ufw-init-functions'))
- 
--iptables_exe = ''
--iptables_dir = ''
--
--for e in ['iptables']:
--    for dir in ['/sbin', '/bin', '/usr/sbin', '/usr/bin', '/usr/local/sbin', \
--                '/usr/local/bin']:
--        if e == "iptables":
--            if os.path.exists(os.path.join(dir, e)):
--                iptables_dir = dir
--                iptables_exe = os.path.join(iptables_dir, "iptables")
--                print("Found '%s'" % iptables_exe)
--            else:
--                continue
--
--        if iptables_exe != "":
--            break
--
--
--if iptables_exe == '':
--    print("ERROR: could not find required binary 'iptables'", file=sys.stderr)
--    sys.exit(1)
--
--for e in ['ip6tables', 'iptables-restore', 'ip6tables-restore']:
--    if not os.path.exists(os.path.join(iptables_dir, e)):
--        print("ERROR: could not find required binary '%s'" % (e), file=sys.stderr)
--        sys.exit(1)
--
--(rc, out) = cmd([iptables_exe, '-V'])
--if rc != 0:
--    raise OSError(errno.ENOENT, "Could not find version for '%s'" % \
--                  (iptables_exe))
--version = re.sub('^v', '', re.split('\s', str(out))[1])
--print("Found '%s' version '%s'" % (iptables_exe, version))
--if version < "1.4":
--    print("WARN: version '%s' has limited IPv6 support. See README for details." % (version), file=sys.stderr)
-+iptables_dir = '/sbin'
- 
- setup (name='ufw',
-       version=ufw_version,
diff --git a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch b/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
deleted file mode 100644
index 991f4c826ece..000000000000
--- a/net-firewall/ufw/files/ufw-0.34_pre805-shebang.patch
+++ /dev/null
@@ -1,15 +0,0 @@
---- a/setup.py
-+++ b/setup.py
-@@ -107,12 +107,6 @@ class Install(_install, object):
-         for f in [ script, manpage, manpage_f ]:
-             self.mkpath(os.path.dirname(f))
- 
--        # update the interpreter to that of the one the user specified for setup
--        print("Updating staging/ufw to use %s" % (sys.executable))
--        subprocess.call(["sed",
--                         "-i",
--                         "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
--                         'staging/ufw'])
-         self.copy_file('staging/ufw', script)
-         self.copy_file('doc/ufw.8', manpage)
-         self.copy_file('doc/ufw-framework.8', manpage_f)
diff --git a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch b/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
deleted file mode 100644
index fde635ddc335..000000000000
--- a/net-firewall/ufw/files/ufw-0.35-bash-completion.patch
+++ /dev/null
@@ -1,17 +0,0 @@
---- a/shell-completion/bash
-+++ b/shell-completion/bash
-@@ -52,7 +52,6 @@
-     echo "numbered verbose"
- }
- 
--have ufw &&
- _ufw()
- {
-     cur=${COMP_WORDS[COMP_CWORD]}
-@@ -83,5 +82,5 @@
-     fi
- }
- 
--[ "$have" ] && complete -F _ufw ufw
-+complete -F _ufw ufw
- 
diff --git a/net-firewall/ufw/files/ufw-0.35-move-path.patch b/net-firewall/ufw/files/ufw-0.35-move-path.patch
deleted file mode 100644
index 58af77215085..000000000000
--- a/net-firewall/ufw/files/ufw-0.35-move-path.patch
+++ /dev/null
@@ -1,179 +0,0 @@
-diff -Naur ufw-0.31.orig/doc/ufw-framework.8 ufw-0.31/doc/ufw-framework.8
---- ufw-0.31.orig/doc/ufw-framework.8	2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/doc/ufw-framework.8	2012-03-12 16:55:50.680992962 +0100
-@@ -18,7 +18,7 @@
- parameters and configuration of IPv6. The framework consists of the following
- files:
- .TP
--#STATE_PREFIX#/ufw\-init
-+#SHARE_DIR#/ufw\-init
- initialization script
- .TP
- #CONFIG_PREFIX#/ufw/before[6].rules
-@@ -41,7 +41,7 @@
- 
- .SH "BOOT INITIALIZATION"
- .PP
--\fBufw\fR is started on boot with #STATE_PREFIX#/ufw\-init. This script is a
-+\fBufw\fR is started on boot with #SHARE_DIR#/ufw\-init. This script is a
- standard SysV style initscript used by the \fBufw\fR command and should not be
- modified. It supports the following arguments:
- .TP
-diff -Naur ufw-0.31.orig/README ufw-0.31/README
---- ufw-0.31.orig/README	2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/README	2012-03-12 16:55:50.681993089 +0100
-@@ -58,7 +58,7 @@
- on your needs, this can be as simple as adding the following to a startup
- script (eg rc.local for systems that use it):
- 
--# /lib/ufw/ufw-init start
-+# /usr/share/ufw/ufw-init start
- 
- For systems that use SysV initscripts, an example script is provided in
- doc/initscript.example. See doc/upstart.example for an Upstart example. Consult
-@@ -72,9 +72,9 @@
- /etc/defaults/ufw 		high level configuration
- /etc/ufw/before[6].rules 	rules evaluated before UI added rules
- /etc/ufw/after[6].rules 	rules evaluated after UI added rules
--/lib/ufw/user[6].rules		UI added rules (not to be modified)
-+/etc/ufw/user/user[6].rules		UI added rules (not to be modified)
- /etc/ufw/sysctl.conf 		kernel network tunables
--/lib/ufw/ufw-init		start script
-+/usr/share/ufw/ufw-init		start script
- 
- 
- Usage
-@@ -149,7 +149,7 @@
- that the primary chains don't move around other non-ufw rules and chains. To
- completely flush the built-in chains with this configuration, you can use:
- 
--# /lib/ufw/ufw-init flush-all
-+# /usr/share/ufw/ufw-init flush-all
- 
- Alternately, ufw may also take full control of the firewall by setting
- MANAGE_BUILTINS=yes in /etc/defaults/ufw. This will flush all the built-in
-@@ -247,7 +247,7 @@
- 
- Remote Management
- -----------------
--On /lib/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
-+On /usr/share/ufw/ufw-init start and 'ufw enable' the chains are flushed, so
- ssh may drop. This is needed so ufw is in a consistent state. Once the ufw is
- 'enabled' it will insert rules into the existing chains, and therefore not
- flush the chains (but will when modifying a rule or changing the default
-@@ -290,7 +290,7 @@
- 
- Distributions
- -------------
--While it certainly ok to use /lib/ufw/ufw-init as the initscript for
-+While it certainly ok to use /usr/share/ufw/ufw-init as the initscript for
- ufw, this script is meant to be used by ufw itself, and therefore not
- particularly user friendly. See doc/initscript.example for a simple
- implementation that can be adapted to your distribution.
-diff -Naur ufw-0.31.orig/setup.py ufw-0.31/setup.py
---- ufw-0.31.orig/setup.py	2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/setup.py	2012-03-12 16:55:50.682993216 +0100
-@@ -54,7 +54,8 @@
-             return
- 
-         real_confdir = os.path.join('/etc')
--        real_statedir = os.path.join('/lib', 'ufw')
-+        # real_statedir = os.path.join('/lib', 'ufw')
-+        real_statedir = os.path.join('/etc', 'ufw', 'user')
-         real_prefix = self.prefix
-         if self.home != None:
-             real_confdir = self.home + real_confdir
-@@ -116,7 +117,7 @@
-         self.copy_file('doc/ufw.8', manpage)
-         self.copy_file('doc/ufw-framework.8', manpage_f)
- 
--        # Install state files and helper scripts
-+        # Install state files
-         statedir = real_statedir
-         if self.root != None:
-             statedir = self.root + real_statedir
-@@ -127,8 +128,14 @@
-         self.copy_file('conf/user.rules', user_rules)
-         self.copy_file('conf/user6.rules', user6_rules)
- 
--        init_helper = os.path.join(statedir, 'ufw-init')
--        init_helper_functions = os.path.join(statedir, 'ufw-init-functions')
-+        # Install helper scripts
-+        sharedir = real_sharedir
-+        if self.root != None:
-+            sharedir = self.root + real_sharedir
-+        self.mkpath(sharedir)
-+
-+        init_helper = os.path.join(sharedir, 'ufw-init')
-+        init_helper_functions = os.path.join(sharedir, 'ufw-init-functions')
-         self.copy_file('src/ufw-init', init_helper)
-         self.copy_file('src/ufw-init-functions', init_helper_functions)
- 
-@@ -199,13 +206,18 @@
- 
-             subprocess.call(["sed",
-                              "-i",
-+                             "s%#SHARE_DIR#%" + real_sharedir + "%g",
-+                             f])
-+
-+            subprocess.call(["sed",
-+                             "-i",
-                              "s%#VERSION#%" + ufw_version + "%g",
-                              f])
- 
-         # Install pristine copies of rules files
--        sharedir = real_sharedir
--        if self.root != None:
--            sharedir = self.root + real_sharedir
-+        #sharedir = real_sharedir
-+        #if self.root != None:
-+        #    sharedir = self.root + real_sharedir
-         rulesdir = os.path.join(sharedir, 'iptables')
-         self.mkpath(rulesdir)
-         for file in [ before_rules, after_rules, \
-diff -Naur ufw-0.31.orig/src/backend_iptables.py ufw-0.31/src/backend_iptables.py
---- ufw-0.31.orig/src/backend_iptables.py	2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/src/backend_iptables.py	2012-03-12 16:58:36.879115890 +0100
-@@ -38,6 +38,7 @@
-         files = {}
-         config_dir = _findpath(ufw.common.config_dir, datadir)
-         state_dir = _findpath(ufw.common.state_dir, datadir)
-+        share_dir = _findpath(ufw.common.share_dir, datadir)
-
-         files['rules'] = os.path.join(config_dir, 'ufw/user.rules')
-         files['before_rules'] = os.ppath.join(config_dir, 'ufw/before.rules')
-@@ -45,7 +46,7 @@
-         files['rules6'] = os.path.join(state_dir, 'user6.rules')
-         files['before6_rules'] = os.path.join(config_dir, 'ufw/before6.rules')
-         files['after6_rules'] = os.path.join(config_dir, 'ufw/after6.rules')
--        files['init'] = os.path.join(_findpath(state_dir, rootdir), 'ufw-init')
-+        files['init'] = os.path.join(_findpath(share_dir, rootdir), 'ufw-init')
- 
-         ufw.backend.UFWBackend.__init__(self, "iptables", dryrun, files)
- 
-diff -Naur ufw-0.31.orig/src/ufw-init ufw-0.31/src/ufw-init
---- ufw-0.31.orig/src/ufw-init	2012-03-10 00:07:11.000000000 +0100
-+++ ufw-0.31/src/ufw-init	2012-03-12 16:55:50.687993851 +0100
-@@ -18,10 +18,10 @@
- #
- set -e
- 
--if [ -s "${rootdir}#STATE_PREFIX#/ufw-init-functions" ]; then
--    . "${rootdir}#STATE_PREFIX#/ufw-init-functions"
-+if [ -s "${rootdir}#SHARE_DIR#/ufw-init-functions" ]; then
-+    . "${rootdir}#SHARE_DIR#/ufw-init-functions"
- else
--    echo "Could not find ${rootdir}#STATE_PREFIX#/ufw-init-functions (aborting)"
-+    echo "Could not find ${rootdir}#SHARE_DIR#/ufw-init-functions (aborting)"
-     exit 1
- fi
- 
-@@ -56,7 +56,7 @@
-     flush_builtins || exit "$?"
-     ;;
- *)
--    echo "Usage: #STATE_PREFIX#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
-+    echo "Usage: #SHARE_DIR#/ufw-init {start|stop|restart|force-reload|force-stop|flush-all|status}"
-     exit 1
-     ;;
- esac
diff --git a/net-firewall/ufw/ufw-0.35-r1.ebuild b/net-firewall/ufw/ufw-0.35-r1.ebuild
deleted file mode 100644
index ff137b6b8320..000000000000
--- a/net-firewall/ufw/ufw-0.35-r1.ebuild
+++ /dev/null
@@ -1,195 +0,0 @@
-# Copyright 1999-2020 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=6
-PYTHON_COMPAT=( python{2_7,3_6} )
-DISTUTILS_IN_SOURCE_BUILD=1
-
-inherit bash-completion-r1 eutils linux-info distutils-r1 systemd
-
-DESCRIPTION="A program used to manage a netfilter firewall"
-HOMEPAGE="https://launchpad.net/ufw"
-SRC_URI="https://launchpad.net/ufw/${PV}/${PV}/+download/${P}.tar.gz"
-
-LICENSE="GPL-3"
-SLOT="0"
-KEYWORDS="amd64 ~ia64 ppc ppc64 sparc x86"
-IUSE="examples ipv6"
-
-DEPEND="sys-devel/gettext"
-RDEPEND=">=net-firewall/iptables-1.4[ipv6?]
-	!<kde-misc/kcm-ufw-0.4.2
-	!<net-firewall/ufw-frontends-0.3.2
-"
-
-# tests fail; upstream bug: https://bugs.launchpad.net/ufw/+bug/815982
-RESTRICT="test"
-
-PATCHES=(
-	# Remove unnecessary build time dependency on net-firewall/iptables.
-	"${FILESDIR}"/${PN}-0.33-dont-check-iptables.patch
-	# Move files away from /lib/ufw.
-	"${FILESDIR}"/${PN}-0.35-move-path.patch
-	# Remove shebang modification.
-	"${FILESDIR}"/${PN}-0.34_pre805-shebang.patch
-	# Fix bash completions, bug #526300
-	"${FILESDIR}"/${P}-bash-completion.patch
-)
-
-pkg_pretend() {
-	local CONFIG_CHECK="~PROC_FS
-		~NETFILTER_XT_MATCH_COMMENT ~NETFILTER_XT_MATCH_HL
-		~NETFILTER_XT_MATCH_LIMIT ~NETFILTER_XT_MATCH_MULTIPORT
-		~NETFILTER_XT_MATCH_RECENT ~NETFILTER_XT_MATCH_STATE"
-
-	if kernel_is -ge 2 6 39; then
-		CONFIG_CHECK+=" ~NETFILTER_XT_MATCH_ADDRTYPE"
-	else
-		CONFIG_CHECK+=" ~IP_NF_MATCH_ADDRTYPE"
-	fi
-
-	# https://bugs.launchpad.net/ufw/+bug/1076050
-	if kernel_is -ge 3 4; then
-		CONFIG_CHECK+=" ~NETFILTER_XT_TARGET_LOG"
-	else
-		CONFIG_CHECK+=" ~IP_NF_TARGET_LOG"
-		use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_LOG"
-	fi
-
-	CONFIG_CHECK+=" ~IP_NF_TARGET_REJECT"
-	use ipv6 && CONFIG_CHECK+=" ~IP6_NF_TARGET_REJECT"
-
-	check_extra_config
-
-	# Check for default, useful optional features.
-	if ! linux_config_exists; then
-		ewarn "Cannot determine configuration of your kernel."
-		return
-	fi
-
-	local nf_nat_ftp_ok="yes"
-	local nf_conntrack_ftp_ok="yes"
-	local nf_conntrack_netbios_ns_ok="yes"
-
-	linux_chkconfig_present \
-		NF_NAT_FTP || nf_nat_ftp_ok="no"
-	linux_chkconfig_present \
-		NF_CONNTRACK_FTP || nf_conntrack_ftp_ok="no"
-	linux_chkconfig_present \
-		NF_CONNTRACK_NETBIOS_NS || nf_conntrack_netbios_ns_ok="no"
-
-	# This is better than an essay for each unset option...
-	if [[ ${nf_nat_ftp_ok} = no ]] || [[ ${nf_conntrack_ftp_ok} = no ]] \
-		|| [[ ${nf_conntrack_netbios_ns_ok} = no ]]
-	then
-		echo
-		local mod_msg="Kernel options listed below are not set. They are not"
-		mod_msg+=" mandatory, but they are often useful."
-		mod_msg+=" If you don't need some of them, please remove relevant"
-		mod_msg+=" module name(s) from IPT_MODULES in"
-		mod_msg+=" '${EROOT}etc/default/ufw' before (re)starting ufw."
-		mod_msg+=" Otherwise ufw may fail to start!"
-		ewarn "${mod_msg}"
-		if [[ ${nf_nat_ftp_ok} = no ]]; then
-			ewarn "NF_NAT_FTP: for better support for active mode FTP."
-		fi
-		if [[ ${nf_conntrack_ftp_ok} = no ]]; then
-			ewarn "NF_CONNTRACK_FTP: for better support for active mode FTP."
-		fi
-		if [[ ${nf_conntrack_netbios_ns_ok} = no ]]; then
-			ewarn "NF_CONNTRACK_NETBIOS_NS: for better Samba support."
-		fi
-	fi
-}
-
-python_prepare_all() {
-	# Set as enabled by default. User can enable or disable
-	# the service by adding or removing it to/from a runlevel.
-	sed -i 's/^ENABLED=no/ENABLED=yes/' conf/ufw.conf \
-		|| die "sed failed (ufw.conf)"
-
-	sed -i "s/^IPV6=yes/IPV6=$(usex ipv6)/" conf/ufw.defaults || die
-
-	# If LINGUAS is set install selected translations only.
-	if [[ -n ${LINGUAS+set} ]]; then
-		_EMPTY_LOCALE_LIST="yes"
-		pushd locales/po > /dev/null || die
-
-		local lang
-		for lang in *.po; do
-			if ! has "${lang%.po}" ${LINGUAS}; then
-				rm "${lang}" || die
-			else
-				_EMPTY_LOCALE_LIST="no"
-			fi
-		done
-
-		popd > /dev/null || die
-	else
-		_EMPTY_LOCALE_LIST="no"
-	fi
-
-	distutils-r1_python_prepare_all
-}
-
-python_install_all() {
-	newconfd "${FILESDIR}"/ufw.confd ufw
-	newinitd "${FILESDIR}"/ufw-2.initd ufw
-	systemd_dounit "${FILESDIR}/ufw.service"
-
-	exeinto /usr/share/${PN}
-	doexe tests/check-requirements
-
-	# users normally would want it
-	insinto /usr/share/doc/${PF}/logging/syslog-ng
-	doins "${FILESDIR}"/syslog-ng/*
-
-	insinto /usr/share/doc/${PF}/logging/rsyslog
-	doins "${FILESDIR}"/rsyslog/*
-	doins doc/rsyslog.example
-
-	if use examples; then
-		insinto /usr/share/doc/${PF}/examples
-		doins examples/*
-	fi
-	newbashcomp shell-completion/bash ${PN}
-
-	[[ $_EMPTY_LOCALE_LIST != yes ]] && domo locales/mo/*.mo
-
-	distutils-r1_python_install_all
-	python_replicate_script "${D}usr/sbin/ufw"
-}
-
-pkg_postinst() {
-	local print_check_req_warn
-	print_check_req_warn=false
-
-	if [[ -z ${REPLACING_VERSIONS} ]]; then
-		echo
-		elog "To enable ufw, add it to boot sequence and activate it:"
-		elog "-- # rc-update add ufw boot"
-		elog "-- # /etc/init.d/ufw start"
-		echo
-		elog "If you want to keep ufw logs in a separate file, take a look at"
-		elog "/usr/share/doc/${PF}/logging."
-		print_check_req_warn=true
-	else
-		for rv in ${REPLACING_VERSIONS}; do
-			local major=${rv%%.*}
-			local minor=${rv#${major}.}
-			if [[ ${major} -eq 0 && ${minor} -lt 34 ]]; then
-				print_check_req_warn=true
-			fi
-		done
-	fi
-	if $print_check_req_warn; then
-		echo
-		elog "/usr/share/ufw/check-requirements script is installed."
-		elog "It is useful for debugging problems with ufw. However one"
-		elog "should keep in mind that the script assumes IPv6 is enabled"
-		elog "on kernel and net-firewall/iptables, and fails when it's not."
-	fi
-	echo
-	ewarn "Note: once enabled, ufw blocks also incoming SSH connections by"
-	ewarn "default. See README, Remote Management section for more information."
-}
-- 
cgit v1.2.3