diff --git a/.ebtables.metadata b/.ebtables.metadata
new file mode 100644
index 0000000..5379a9b
--- /dev/null
+++ b/.ebtables.metadata
@@ -0,0 +1 @@
+907d3b82329e8fbb7aaaa98049732bd8dab022f9 SOURCES/ebtables-v2.0.10-4.tar.gz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d35117c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/ebtables-v2.0.10-4.tar.gz
diff --git a/README.md b/README.md
deleted file mode 100644
index 0e7897f..0000000
--- a/README.md
+++ /dev/null
@@ -1,5 +0,0 @@
-The master branch has no content
- 
-Look at the c7 branch if you are working with CentOS-7, or the c4/c5/c6 branch for CentOS-4, 5 or 6
- 
-If you find this file in a distro specific branch, it means that no content has been checked in yet
diff --git a/SOURCES/ebtables-2.0.0-audit.patch b/SOURCES/ebtables-2.0.0-audit.patch
new file mode 100644
index 0000000..c1d85e9
--- /dev/null
+++ b/SOURCES/ebtables-2.0.0-audit.patch
@@ -0,0 +1,157 @@
+--- ebtables2.orig/extensions/ebt_AUDIT.c	1970-01-01 01:00:00.000000000 +0100
++++ ebtables2.orig/extensions/ebt_AUDIT.c	2011-01-07 10:53:46.680329228 +0100
+@@ -0,0 +1,110 @@ 
++
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <getopt.h>
++#include "../include/ebtables_u.h"
++#include <linux/netfilter/xt_AUDIT.h>
++
++#define AUDIT_TYPE  '1'
++static struct option opts[] =
++{
++	{ "audit-type" , required_argument, 0, AUDIT_TYPE },
++	{ 0 }
++};
++
++static void print_help()
++{
++	printf(
++	"AUDIT target options:\n"
++	" --audit-type TYPE          : Set action type to record.\n");
++}
++
++static void init(struct ebt_entry_target *target)
++{
++	struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) target->data;
++
++	info->type = 0;
++}
++
++static int parse(int c, char **argv, int argc,
++   const struct ebt_u_entry *entry, unsigned int *flags,
++   struct ebt_entry_target **target)
++{
++	struct xt_AUDIT_info *info = (struct xt_AUDIT_info *) (*target)->data;
++
++	switch (c) {
++	case AUDIT_TYPE:
++		ebt_check_option2(flags, AUDIT_TYPE);
++
++		if (!strcasecmp(optarg, "accept"))
++			info->type = XT_AUDIT_TYPE_ACCEPT;
++		else if (!strcasecmp(optarg, "drop"))
++			info->type = XT_AUDIT_TYPE_DROP;
++		else if (!strcasecmp(optarg, "reject"))
++			info->type = XT_AUDIT_TYPE_REJECT;
++		else
++			ebt_print_error2("Bad action type value `%s'", optarg);
++
++		break;
++	 default:
++		return 0;
++	}
++	return 1;
++}
++
++static void final_check(const struct ebt_u_entry *entry,
++   const struct ebt_entry_match *match, const char *name,
++   unsigned int hookmask, unsigned int time)
++{
++}
++
++static void print(const struct ebt_u_entry *entry,
++   const struct ebt_entry_target *target)
++{
++	const struct xt_AUDIT_info *info =
++		(const struct xt_AUDIT_info *) target->data;
++
++	printf("--audit-type ");
++
++	switch(info->type) {
++	case XT_AUDIT_TYPE_ACCEPT:
++		printf("accept");
++		break;
++	case XT_AUDIT_TYPE_DROP:
++		printf("drop");
++		break;
++	case XT_AUDIT_TYPE_REJECT:
++		printf("reject");
++		break;
++	}
++}
++
++static int compare(const struct ebt_entry_target *t1,
++   const struct ebt_entry_target *t2)
++{
++	const struct xt_AUDIT_info *info1 =
++		(const struct xt_AUDIT_info *) t1->data;
++	const struct xt_AUDIT_info *info2 =
++		(const struct xt_AUDIT_info *) t2->data;
++
++	return info1->type == info2->type;
++}
++
++static struct ebt_u_target AUDIT_target =
++{
++	.name		= "AUDIT",
++	.size		= sizeof(struct xt_AUDIT_info),
++	.help		= print_help,
++	.init		= init,
++	.parse		= parse,
++	.final_check	= final_check,
++	.print		= print,
++	.compare	= compare,
++	.extra_ops	= opts,
++};
++
++void _init(void)
++{
++	ebt_register_target(&AUDIT_target);
++}
+--- ebtables2.orig/extensions/Makefile	2011-01-07 10:55:28.077246240 +0100
++++ ebtables2.orig/extensions/Makefile	2011-01-07 10:53:46.686329230 +0100
+@@ -1,7 +1,7 @@ 
+ #! /usr/bin/make
+ 
+ EXT_FUNC+=802_3 nat arp arpreply ip ip6 standard log redirect vlan mark_m mark \
+-          pkttype stp among limit ulog nflog
++          pkttype stp among limit ulog nflog AUDIT
+ EXT_TABLES+=filter nat broute
+ EXT_OBJS+=$(foreach T,$(EXT_FUNC), extensions/ebt_$(T).o)
+ EXT_OBJS+=$(foreach T,$(EXT_TABLES), extensions/ebtable_$(T).o)
+--- a/include/linux/netfilter/xt_AUDIT.h	
++++ a/include/linux/netfilter/xt_AUDIT.h	
+@@ -0,0 +1,30 @@ 
++/*
++ * Header file for iptables xt_AUDIT target
++ *
++ * (C) 2010-2011 Thomas Graf <tgraf@redhat.com>
++ * (C) 2010-2011 Red Hat, Inc.
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2 as
++ * published by the Free Software Foundation.
++ */
++
++#ifndef _XT_AUDIT_TARGET_H
++#define _XT_AUDIT_TARGET_H
++
++#include <linux/types.h>
++
++enum {
++	XT_AUDIT_TYPE_ACCEPT = 0,
++	XT_AUDIT_TYPE_DROP,
++	XT_AUDIT_TYPE_REJECT,
++	__XT_AUDIT_TYPE_MAX,
++};
++
++#define XT_AUDIT_TYPE_MAX (__XT_AUDIT_TYPE_MAX - 1)
++
++struct xt_AUDIT_info {
++	__u8 type; /* XT_AUDIT_TYPE_* */
++};
++
++#endif /* _XT_AUDIT_TARGET_H */
diff --git a/SOURCES/ebtables-2.0.10-flock.patch b/SOURCES/ebtables-2.0.10-flock.patch
new file mode 100644
index 0000000..b1d59a7
--- /dev/null
+++ b/SOURCES/ebtables-2.0.10-flock.patch
@@ -0,0 +1,126 @@
+From 03df255180677b86eb058866be668063fcc6f598 Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Fri, 6 Oct 2017 12:48:50 +0200
+Subject: [PATCH] Use flock() for --concurrent option
+
+The previous locking mechanism was not atomic, hence it was possible
+that a killed ebtables process would leave the lock file in place which
+in turn made future ebtables processes wait indefinitely for the lock to
+become free.
+
+Fix this by using flock(). This also simplifies code quite a bit because
+there is no need for a custom signal handler or an __exit routine
+anymore.
+
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Phil Sutter <psutter@redhat.com>
+---
+ ebtables.c |  8 --------
+ libebtc.c  | 49 +++++--------------------------------------------
+ 2 files changed, 5 insertions(+), 52 deletions(-)
+
+diff --git a/ebtables.c b/ebtables.c
+index 62f1ba80063d8..f7dfccf4b2f31 100644
+--- a/ebtables.c
++++ b/ebtables.c
+@@ -528,12 +528,6 @@ void ebt_early_init_once()
+ 	ebt_iterate_targets(merge_target);
+ }
+ 
+-/* signal handler, installed when the option --concurrent is specified. */
+-static void sighandler(int signum)
+-{
+-	exit(-1);
+-}
+-
+ /* We use exec_style instead of #ifdef's because ebtables.so is a shared object. */
+ int do_command(int argc, char *argv[], int exec_style,
+                struct ebt_u_replace *replace_)
+@@ -1047,8 +1041,6 @@ big_iface_length:
+ 			strcpy(replace->filename, optarg);
+ 			break;
+ 		case 13 : /* concurrent */
+-			signal(SIGINT, sighandler);
+-			signal(SIGTERM, sighandler);
+ 			use_lockfd = 1;
+ 			break;
+ 		case 1 :
+diff --git a/libebtc.c b/libebtc.c
+index b0814213b6b06..ab3429577a1f1 100644
+--- a/libebtc.c
++++ b/libebtc.c
+@@ -31,6 +31,7 @@
+ #include "include/ethernetdb.h"
+ #include <unistd.h>
+ #include <fcntl.h>
++#include <sys/file.h>
+ #include <sys/wait.h>
+ #include <sys/stat.h>
+ #include <sys/types.h>
+@@ -137,58 +138,18 @@ void ebt_list_extensions()
+ #define LOCKDIR "/run"
+ #define LOCKFILE LOCKDIR"/ebtables.lock"
+ #endif
+-static int lockfd = -1, locked;
+ int use_lockfd;
+ /* Returns 0 on success, -1 when the file is locked by another process
+  * or -2 on any other error. */
+ static int lock_file()
+ {
+-	int try = 0;
+-	int ret = 0;
+-	sigset_t sigset;
+-
+-tryagain:
+-	/* the SIGINT handler will call unlock_file. To make sure the state
+-	 * of the variable locked is correct, we need to temporarily mask the
+-	 * SIGINT interrupt. */
+-	sigemptyset(&sigset);
+-	sigaddset(&sigset, SIGINT);
+-	sigprocmask(SIG_BLOCK, &sigset, NULL);
+-	lockfd = open(LOCKFILE, O_CREAT | O_EXCL | O_WRONLY, 00600);
+-	if (lockfd < 0) {
+-		if (errno == EEXIST)
+-			ret = -1;
+-		else if (try == 1)
+-			ret = -2;
+-		else {
+-			if (mkdir(LOCKDIR, 00700))
+-				ret = -2;
+-			else {
+-				try = 1;
+-				goto tryagain;
+-			}
+-		}
+-	} else {
+-		close(lockfd);
+-		locked = 1;
+-	}
+-	sigprocmask(SIG_UNBLOCK, &sigset, NULL);
+-	return ret;
+-}
++	int fd = open(LOCKFILE, O_CREAT, 00600);
+ 
+-void unlock_file()
+-{
+-	if (locked) {
+-		remove(LOCKFILE);
+-		locked = 0;
+-	}
++	if (fd < 0)
++		return -2;
++	return flock(fd, LOCK_EX);
+ }
+ 
+-void __attribute__ ((destructor)) onexit()
+-{
+-	if (use_lockfd)
+-		unlock_file();
+-}
+ /* Get the table from the kernel or from a binary file
+  * init: 1 = ask the kernel for the initial contents of a table, i.e. the
+  *           way it looks when the table is insmod'ed
+-- 
+2.13.1
+
diff --git a/SOURCES/ebtables-2.0.10-linkfix.patch b/SOURCES/ebtables-2.0.10-linkfix.patch
new file mode 100644
index 0000000..b140d72
--- /dev/null
+++ b/SOURCES/ebtables-2.0.10-linkfix.patch
@@ -0,0 +1,16 @@
+diff -up ebtables-v2.0.10-4/extensions/Makefile.linkfix ebtables-v2.0.10-4/extensions/Makefile
+--- ebtables-v2.0.10-4/extensions/Makefile.linkfix	2011-12-15 15:02:47.000000000 -0500
++++ ebtables-v2.0.10-4/extensions/Makefile	2012-04-05 15:52:09.563511746 -0400
+@@ -9,9 +9,10 @@ EXT_LIBS+=$(foreach T,$(EXT_FUNC), exten
+ EXT_LIBS+=$(foreach T,$(EXT_TABLES), extensions/libebtable_$(T).so)
+ EXT_LIBSI+=$(foreach T,$(EXT_FUNC), -lebt_$(T))
+ EXT_LIBSI+=$(foreach T,$(EXT_TABLES), -lebtable_$(T))
++EXT_LDFLAGS+=-L. -lebtc
+ 
+-extensions/ebt_%.so: extensions/ebt_%.o
+-	$(CC) $(LDFLAGS) -shared -o $@ -lc $< -nostartfiles
++extensions/ebt_%.so: extensions/ebt_%.o libebtc.so
++	$(CC) $(LDFLAGS) $(EXT_LDFLAGS) -shared -o $@ -lc $< -nostartfiles
+ 
+ extensions/libebt_%.so: extensions/ebt_%.so
+ 	mv $< $@
diff --git a/SOURCES/ebtables-2.0.10-lockdirfix.patch b/SOURCES/ebtables-2.0.10-lockdirfix.patch
new file mode 100644
index 0000000..9fadf08
--- /dev/null
+++ b/SOURCES/ebtables-2.0.10-lockdirfix.patch
@@ -0,0 +1,50 @@
+diff -up ebtables-v2.0.10-4/ebtables.8.lockdirfix ebtables-v2.0.10-4/ebtables.8
+--- ebtables-v2.0.10-4/ebtables.8.lockdirfix	2016-01-18 11:13:21.707069702 -0500
++++ ebtables-v2.0.10-4/ebtables.8	2016-01-18 11:13:40.554953365 -0500
+@@ -1103,7 +1103,7 @@ arp message and the hardware address len
+ .br
+ .SH FILES
+ .I /etc/ethertypes
+-.I /var/lib/ebtables/lock
++.I /run/ebtables.lock
+ .SH ENVIRONMENT VARIABLES
+ .I EBTABLES_ATOMIC_FILE
+ .SH MAILINGLISTS
+diff -up ebtables-v2.0.10-4/INSTALL.lockdirfix ebtables-v2.0.10-4/INSTALL
+--- ebtables-v2.0.10-4/INSTALL.lockdirfix	2016-01-18 11:15:31.458268826 -0500
++++ ebtables-v2.0.10-4/INSTALL	2016-01-18 11:15:53.890130367 -0500
+@@ -31,7 +31,7 @@ WHAT GETS INSTALLED AND WHAT OPTIONS ARE
+   copied to /etc/rc.d/init.d (change with option INITDIR)
+ - The ebtables configuration file (ebtables-config) is copied to /etc/sysconfig
+ - ebtables can use a lock file to enable concurrent execution of the ebtables
+-  tool. The standard location of the lock file is /var/lib/ebtables/lock.
++  tool. The standard location of the lock file is /run/ebtables.lock.
+   Include LOCKFILE=<<path-to-file>> if you want to use another file.
+ 
+ That's all
+diff -up ebtables-v2.0.10-4/libebtc.c.lockdirfix ebtables-v2.0.10-4/libebtc.c
+--- ebtables-v2.0.10-4/libebtc.c.lockdirfix	2016-01-18 11:12:14.347485472 -0500
++++ ebtables-v2.0.10-4/libebtc.c	2016-01-18 11:13:06.515163472 -0500
+@@ -134,8 +134,8 @@ void ebt_list_extensions()
+ }
+ 
+ #ifndef LOCKFILE
+-#define LOCKDIR "/var/lib/ebtables"
+-#define LOCKFILE LOCKDIR"/lock"
++#define LOCKDIR "/run"
++#define LOCKFILE LOCKDIR"/ebtables.lock"
+ #endif
+ static int lockfd = -1, locked;
+ int use_lockfd;
+diff -up ebtables-v2.0.10-4/Makefile.lockdirfix ebtables-v2.0.10-4/Makefile
+--- ebtables-v2.0.10-4/Makefile.lockdirfix	2016-01-18 11:14:10.715767201 -0500
++++ ebtables-v2.0.10-4/Makefile	2016-01-18 11:15:20.506336425 -0500
+@@ -5,7 +5,7 @@ PROGRELEASE:=4
+ PROGVERSION_:=2.0.10
+ PROGVERSION:=$(PROGVERSION_)-$(PROGRELEASE)
+ PROGDATE:=December\ 2011
+-LOCKFILE?=/var/lib/ebtables/lock
++LOCKFILE?=/run/ebtables.lock
+ LOCKDIR:=$(shell echo $(LOCKFILE) | sed 's/\(.*\)\/.*/\1/')/
+ 
+ # default paths
diff --git a/SOURCES/ebtables-2.0.10-noflush.patch b/SOURCES/ebtables-2.0.10-noflush.patch
new file mode 100644
index 0000000..42d5611
--- /dev/null
+++ b/SOURCES/ebtables-2.0.10-noflush.patch
@@ -0,0 +1,69 @@
+commit 3a25ae2361da048f24524d8e63d70f4cd40444f3
+Author: Sanket Shah <sanket.shah@cyberoam.com>
+Date:   Wed Jul 31 21:40:08 2013 +0200
+
+    Add --noflush command line support for ebtables-restore
+
+diff --git a/ebtables-restore.c b/ebtables-restore.c
+index ea02960..bb4d0cf 100644
+--- a/ebtables-restore.c
++++ b/ebtables-restore.c
+@@ -22,13 +22,25 @@
+ #include <string.h>
+ #include <errno.h>
+ #include <unistd.h>
++#include <getopt.h>
+ #include "include/ebtables_u.h"
+ 
++static const struct option options[] = {
++	{.name = "noflush", .has_arg = 0, .val = 'n'},
++	{ 0 }
++};
++
+ static struct ebt_u_replace replace[3];
+ void ebt_early_init_once();
+ 
+ #define OPT_KERNELDATA  0x800 /* Also defined in ebtables.c */
+ 
++static void print_usage()
++{
++	fprintf(stderr, "Usage: ebtables-restore [ --noflush ]\n");
++	exit(1);
++}
++
+ static void copy_table_names()
+ {
+ 	strcpy(replace[0].name, "filter");
+@@ -41,11 +53,20 @@ static void copy_table_names()
+ int main(int argc_, char *argv_[])
+ {
+ 	char *argv[EBTD_ARGC_MAX], cmdline[EBTD_CMDLINE_MAXLN];
+-	int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace;
++	int i, offset, quotemode = 0, argc, table_nr = -1, line = 0, whitespace, c, flush = 1;
+ 	char ebtables_str[] = "ebtables";
+ 
+-	if (argc_ != 1)
+-		ebtrest_print_error("options are not supported");
++	while ((c = getopt_long(argc_, argv_, "n", options, NULL)) != -1) {
++		switch(c) {
++			case 'n':
++				flush = 0;
++				break;
++			default:
++				print_usage();
++				break;
++		}
++	}
++
+ 	ebt_silent = 0;
+ 	copy_table_names();
+ 	ebt_early_init_once();
+@@ -68,7 +89,7 @@ int main(int argc_, char *argv_[])
+ 				ebtrest_print_error("table '%s' was not recognized", cmdline+1);
+ 			table_nr = i;
+ 			replace[table_nr].command = 11;
+-			ebt_get_kernel_table(&replace[table_nr], 1);
++			ebt_get_kernel_table(&replace[table_nr], flush);
+ 			replace[table_nr].command = 0;
+ 			replace[table_nr].flags = OPT_KERNELDATA; /* Prevent do_command from initialising replace */
+ 			continue;
diff --git a/SOURCES/ebtables-2.0.10-norootinst.patch b/SOURCES/ebtables-2.0.10-norootinst.patch
new file mode 100644
index 0000000..0017720
--- /dev/null
+++ b/SOURCES/ebtables-2.0.10-norootinst.patch
@@ -0,0 +1,66 @@
+diff -up ebtables-v2.0.10-1/Makefile.orig ebtables-v2.0.10-1/Makefile
+--- ebtables-v2.0.10-1/Makefile.orig	2011-07-10 05:28:52.000000000 -0400
++++ ebtables-v2.0.10-1/Makefile	2011-07-11 10:45:00.323426448 -0400
+@@ -157,31 +157,31 @@ tmp3:=$(shell printf $(PIPE) | sed 's/\/
+ scripts: ebtables-save ebtables.sysv ebtables-config
+ 	cat ebtables-save | sed 's/__EXEC_PATH__/$(tmp1)/g' > ebtables-save_
+ 	mkdir -p $(DESTDIR)$(BINDIR)
+-	install -m 0755 -o root -g root ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
++	install -m 0755 ebtables-save_ $(DESTDIR)$(BINDIR)/ebtables-save
+ 	cat ebtables.sysv | sed 's/__EXEC_PATH__/$(tmp1)/g' | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables.sysv_
+ 	if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(INITDIR); fi
+-	if test -d $(DESTDIR)$(INITDIR); then install -m 0755 -o root -g root ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
++	if test -d $(DESTDIR)$(INITDIR); then install -m 0755 ebtables.sysv_ $(DESTDIR)$(INITDIR)/ebtables; fi
+ 	cat ebtables-config | sed 's/__SYSCONFIG__/$(tmp2)/g' > ebtables-config_
+ 	if [ "$(DESTDIR)" != "" ]; then mkdir -p $(DESTDIR)$(SYSCONFIGDIR); fi
+-	if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 -o root -g root ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
++	if test -d $(DESTDIR)$(SYSCONFIGDIR); then install -m 0600 ebtables-config_ $(DESTDIR)$(SYSCONFIGDIR)/ebtables-config; fi
+ 	rm -f ebtables-save_ ebtables.sysv_ ebtables-config_
+ 
+ tmp4:=$(shell printf $(LOCKFILE) | sed 's/\//\\\//g')
+ $(MANDIR)/man8/ebtables.8: ebtables.8
+ 	mkdir -p $(DESTDIR)$(@D)
+ 	sed -e 's/$$(VERSION)/$(PROGVERSION)/' -e 's/$$(DATE)/$(PROGDATE)/' -e 's/$$(LOCKFILE)/$(tmp4)/' ebtables.8 > ebtables.8_
+-	install -m 0644 -o root -g root ebtables.8_ $(DESTDIR)$@
++	install -m 0644 ebtables.8_ $(DESTDIR)$@
+ 	rm -f ebtables.8_
+ 
+ $(DESTDIR)$(ETHERTYPESFILE): ethertypes
+ 	mkdir -p $(@D)
+-	install -m 0644 -o root -g root $< $@
++	install -m 0644 $< $@
+ 
+ .PHONY: exec
+ exec: ebtables ebtables-restore
+ 	mkdir -p $(DESTDIR)$(BINDIR)
+-	install -m 0755 -o root -g root $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
+-	install -m 0755 -o root -g root ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
++	install -m 0755 $(PROGNAME) $(DESTDIR)$(BINDIR)/$(PROGNAME)
++	install -m 0755 ebtables-restore $(DESTDIR)$(BINDIR)/ebtables-restore
+ 
+ .PHONY: install
+ install: $(MANDIR)/man8/ebtables.8 $(DESTDIR)$(ETHERTYPESFILE) exec scripts
+@@ -205,18 +205,18 @@ release:
+ 	rm -f extensions/ebt_inat.c
+ 	rm -rf $(CVSDIRS)
+ 	mkdir -p include/linux/netfilter_bridge
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/netfilter_bridge.h include/linux/
+ # To keep possible compile error complaints about undefined ETH_P_8021Q
+ # off my back
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/if_ether.h include/linux/
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/types.h include/linux/
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		$(KERNEL_INCLUDES)/linux/netfilter_bridge/*.h \
+ 		include/linux/netfilter_bridge/
+-	install -m 0644 -o root -g root \
++	install -m 0644 \
+ 		include/ebtables.h include/linux/netfilter_bridge/
+ 	make clean
+ 	touch *
diff --git a/SOURCES/ebtables-2.0.9-lsb.patch b/SOURCES/ebtables-2.0.9-lsb.patch
new file mode 100644
index 0000000..721deea
--- /dev/null
+++ b/SOURCES/ebtables-2.0.9-lsb.patch
@@ -0,0 +1,106 @@
+diff -up ebtables-v2.0.9-1/ebtables.sysv.lsb ebtables-v2.0.9-1/ebtables.sysv
+--- ebtables-v2.0.9-1/ebtables.sysv.lsb	2010-01-15 11:39:31.000000000 +0100
++++ ebtables-v2.0.9-1/ebtables.sysv	2010-01-15 12:52:24.000000000 +0100
+@@ -18,9 +18,9 @@ source /etc/sysconfig/network
+ # Check that networking is up.
+ [ ${NETWORKING} = "no" ] && exit 0
+ 
+-[ -x __EXEC_PATH__/ebtables ] || exit 1
+-[ -x __EXEC_PATH__/ebtables-save ] || exit 1
+-[ -x __EXEC_PATH__/ebtables-restore ] || exit 1
++[ -x __EXEC_PATH__/ebtables ] || exit 5
++[ -x __EXEC_PATH__/ebtables-save ] || exit 5
++[ -x __EXEC_PATH__/ebtables-restore ] || exit 5
+ 
+ RETVAL=0
+ prog="ebtables"
+@@ -39,6 +39,7 @@ config=__SYSCONFIG__/$prog-config
+ [ -f "$config" ] && . "$config"
+ 
+ start() {
++	[ "$EUID" != "0" ] && exit 4
+ 	echo -n $"Starting $desc ($prog): "
+ 	if [ "$EBTABLES_BINARY_FORMAT" = "yes" ]; then
+ 		for table in $(ls __SYSCONFIG__/ebtables.* 2>/dev/null | sed -e 's/.*ebtables\.//' -e '/save/d' ); do
+@@ -50,7 +51,7 @@ start() {
+ 
+ 	if [ $RETVAL -eq 0 ]; then
+ 		success "$prog startup"
+-		rm -f /var/lock/subsys/$prog
++		touch "/var/lock/subsys/$prog"
+ 	else
+ 		failure "$prog startup"
+ 	fi
+@@ -58,6 +59,7 @@ start() {
+ }
+ 
+ stop() {
++	[ "$EUID" != "0" ] && exit 4
+ 	echo -n $"Stopping $desc ($prog): "
+ 	for table in $(grep '^ebtable_' /proc/modules | sed -e 's/ebtable_\([^ ]*\).*/\1/'); do
+ 		__EXEC_PATH__/ebtables -t $table --init-table || RETVAL=1
+@@ -71,7 +73,7 @@ stop() {
+ 
+ 	if [ $RETVAL -eq 0 ]; then
+ 		success "$prog shutdown"
+-		rm -f /var/lock/subsys/$prog
++		rm -f "/var/lock/subsys/$prog"
+ 	else
+ 		failure "$prog shutdown"
+ 	fi
+@@ -79,11 +81,13 @@ stop() {
+ }
+ 
+ restart() {
++	[ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
+ 	stop
+ 	start
+ }
+ 
+ save() {
++	[ "$EUID" != "0" ] && exit 4
+ 	echo -n $"Saving $desc ($prog): "
+ 	if [ "$EBTABLES_TEXT_FORMAT" = "yes" ]; then
+ 		if [ -e __SYSCONFIG__/ebtables ]; then
+@@ -116,30 +120,34 @@ save() {
+ 
+ case "$1" in
+   start)
++	[ -f "/var/lock/subsys/$prog" ] && exit 0
+ 	start
+ 	;;
+   stop)
+ 	[ "$EBTABLES_SAVE_ON_STOP" = "yes" ] && save
+ 	stop
+ 	;;
+-  restart|reload)
+-	[ "$EBTABLES_SAVE_ON_RESTART" = "yes" ] && save
++  restart|force-reload)
+ 	restart
+ 	;;
+-  condrestart)
+-	[ -e /var/lock/subsys/$prog ] && restart
+-	RETVAL=$?
++  reload)
++	[ ! -f "/var/lock/subsys/$prog" ] && exit 7
++	restart
++	;;
++  condrestart|try-restart)
++	[ ! -e "/var/lock/subsys/$prog" ] && exit 0
++	restart
+ 	;;
+   save)
+ 	save
+ 	;;
+   status)
++	[ -f "/var/lock/subsys/$prog" ] && RETVAL=0 || RETVAL=3
+ 	__EXEC_PATH__/ebtables-save
+-	RETVAL=$?
+ 	;;
+   *)
+ 	echo $"Usage $0 {start|stop|restart|condrestart|save|status}"
+-	RETVAL=1
++	RETVAL=2
+ esac
+ 
+ exit $RETVAL
diff --git a/SOURCES/ebtables-save b/SOURCES/ebtables-save
new file mode 100755
index 0000000..2d7fc4e
--- /dev/null
+++ b/SOURCES/ebtables-save
@@ -0,0 +1,43 @@
+#!/bin/bash
+
+EBTABLES="/sbin/ebtables"
+
+[ -x "$EBTABLES" ] || exit 1
+
+echo "# Generated by ebtables-save v1.0 on $(date)"
+
+cnt=""
+[ "x$EBTABLES_SAVE_COUNTER" = "xyes" ] && cnt="--Lc"
+
+for table_name in $(grep -E '^ebtable_' /proc/modules | cut -f1 -d' ' | sed s/ebtable_//); do
+    table=$($EBTABLES -t $table_name -L $cnt)
+    [ $? -eq 0 ] || { echo "$table"; exit -1; }
+
+    chain=""
+    rules=""
+    while read line; do
+	[ -z "$line" ] && continue
+
+	case "$line" in 
+	    Bridge\ table:\ *)
+		echo "*${line:14}"
+		;;
+	    Bridge\ chain:\ *)
+		chain="${line:14}"
+		chain="${chain%%,*}"
+		policy="${line##*policy: }"
+		echo ":$chain $policy"
+		;;
+	    *)
+		if [ "$cnt" = "--Lc" ]; then
+		    line=${line/, pcnt \=/ -c}
+		    line=${line/-- bcnt \=/}
+		fi
+		rules="$rules-A $chain $line\n"
+		;;
+	esac
+    done <<EOF
+$table
+EOF
+    echo -e $rules
+done
diff --git a/SOURCES/ebtables.service b/SOURCES/ebtables.service
new file mode 100644
index 0000000..e0b0162
--- /dev/null
+++ b/SOURCES/ebtables.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Ethernet Bridge Filtering tables
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/libexec/ebtables start
+ExecStop=/usr/libexec/ebtables stop
+
+[Install]
+WantedBy=multi-user.target
diff --git a/SOURCES/ebtables.systemd b/SOURCES/ebtables.systemd
new file mode 100644
index 0000000..bf06d8a
--- /dev/null
+++ b/SOURCES/ebtables.systemd
@@ -0,0 +1,74 @@
+#!/bin/bash
+
+RETVAL=0
+
+initialize() {
+  # Initialize $TYPE tables
+  echo -n $"  $TYPE tables: "
+  if [ -r /etc/sysconfig/ebtables.$TYPE ]; then
+    /sbin/ebtables -t $TYPE --atomic-file /etc/sysconfig/ebtables.$TYPE --atomic-commit > /dev/null || RETVAL=1
+  else
+    echo -n "not configured"
+  fi
+  if [ $RETVAL -eq 0 ]; then
+    echo -n $"[  OK  ]"
+    echo -ne "\r"
+  else
+    echo -n $"[FAILED]"
+    echo -ne "\r"
+  fi
+}
+
+case $1 in
+  start)
+   # Initialize	filter tables
+   TYPE=filter
+   initialize
+ 
+   # Initialize NAT tables
+   echo
+   TYPE=nat
+   initialize
+
+   # Initialize broute tables
+   echo
+   TYPE=broute
+   initialize
+  ;;
+  stop)
+    /sbin/ebtables -t filter --init-table || RETVAL=1
+    /sbin/ebtables -t nat --init-table || RETVAL=1
+    /sbin/ebtables -t broute --init-table || RETVAL=1
+
+    for mod in $(grep -E '^(ebt|ebtable)_' /proc/modules | cut -f1 -d' ') ebtables; do
+       /sbin/rmmod $mod || RETVAL=1
+    done
+
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  save)
+    echo -n $"Saving Ethernet bridge filtering (ebtables): "
+    /sbin/ebtables -t filter --atomic-file /etc/sysconfig/ebtables.filter --atomic-save || RETVAL=1
+    /sbin/ebtables -t nat --atomic-file /etc/sysconfig/ebtables.nat --atomic-save || RETVAL=1
+    /sbin/ebtables -t broute --atomic-file /etc/sysconfig/ebtables.broute --atomic-save || RETVAL=1
+    if [ $RETVAL -eq 0 ]; then
+      echo -n $"[  OK  ]"
+      echo -ne "\r"
+    else
+      echo -n $"[FAILED]"
+      echo -ne "\r"
+    fi
+  ;;
+  *)
+    echo "usage: ${0##*/} {start|stop|save}" >&2
+    exit 1
+  ;;
+esac
+
+# vim:set ts=2 sw=2 ft=sh et:
diff --git a/SPECS/ebtables.spec b/SPECS/ebtables.spec
new file mode 100644
index 0000000..5c1751e
--- /dev/null
+++ b/SPECS/ebtables.spec
@@ -0,0 +1,268 @@
+%global ebminor 4
+
+Name:			ebtables
+Version:		2.0.10
+Release:		16%{?dist}
+Summary:		Ethernet Bridge frame table administration tool
+License:		GPLv2+
+Group:			System Environment/Base
+URL:			http://ebtables.sourceforge.net/
+Source0:		http://downloads.sourceforge.net/ebtables/ebtables-v%{version}-%{ebminor}.tar.gz
+Source1:		ebtables-save
+Source2:		ebtables.systemd
+Source3:		ebtables.service
+Patch0:			ebtables-2.0.10-norootinst.patch
+Patch3:			ebtables-2.0.9-lsb.patch
+Patch4:			ebtables-2.0.10-linkfix.patch
+Patch5:			ebtables-2.0.0-audit.patch
+Patch6:			ebtables-2.0.10-noflush.patch
+Patch7:			ebtables-2.0.10-lockdirfix.patch
+Patch8:			ebtables-2.0.10-flock.patch
+BuildRequires:		systemd-units
+Requires(post):		systemd
+Requires(preun):	systemd
+Requires(postun):	systemd
+
+%description
+Ethernet bridge tables is a firewalling tool to transparently filter network
+traffic passing a bridge. The filtering possibilities are limited to link
+layer filtering and some basic filtering on higher network layers.
+
+This tool is the userspace control for the bridge and ebtables kernel
+components.
+
+The ebtables tool can be used together with the other Linux filtering tools,
+like iptables. There are no known incompatibility issues.
+
+%prep
+%setup -q -n ebtables-v%{version}-%{ebminor}
+%patch0 -p1 -b .norootinst
+%patch3 -p1 -b .lsb
+# extension modules need to link to libebtc.so for ebt_errormsg
+%patch4 -p1 -b .linkfix
+%patch5 -p1 -b .AUDIT
+%patch6 -p1 -b .noflush
+%patch7 -p1 -b .lockdir
+%patch8 -p1 -b .flock
+
+# Convert to UTF-8
+f=THANKS; iconv -f iso-8859-1 -t utf-8 $f -o $f.utf8 ; mv $f.utf8 $f
+
+%build
+make %{?_smp_mflags} CFLAGS="${RPM_OPT_FLAGS}" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}" LDFLAGS="${RPM_LD_FLAGS} -Wl,-z,now"
+
+%install
+mkdir -p %{buildroot}%{_initrddir}
+mkdir -p %{buildroot}%{_unitdir}
+install -m 644 -p %{SOURCE3} %{buildroot}%{_unitdir}/
+mkdir -p %{buildroot}%{_libexecdir}
+install -m0755 %{SOURCE2} %{buildroot}%{_libexecdir}/ebtables
+mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
+make DESTDIR="%{buildroot}" LIBDIR="/%{_lib}/ebtables" BINDIR="/sbin" MANDIR="%{_mandir}" install
+touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.filter
+touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.nat
+touch %{buildroot}%{_sysconfdir}/sysconfig/ebtables.broute
+
+# Do not need the sysvinit
+rm -rf %{buildroot}%{_initrddir}
+
+# install ebtables-save bash script
+rm -f %{buildroot}/sbin/ebtables-save
+install %{SOURCE1} %{buildroot}/sbin/ebtables-save
+
+# move libebtc.so into the ldpath
+mv %{buildroot}/%{_lib}/ebtables/libebtc.so %{buildroot}/%{_lib}/
+
+%post
+%systemd_post ebtables.service
+/sbin/ldconfig
+
+%preun
+%systemd_preun ebtables.service
+
+%postun
+%systemd_postun_with_restart ebtables.service
+/sbin/ldconfig
+
+%files
+%defattr(-, root, root, 0755)
+%doc ChangeLog COPYING THANKS
+%doc %{_mandir}/man8/ebtables.8*
+%config(noreplace) %{_sysconfdir}/ethertypes
+%config(noreplace) %{_sysconfdir}/sysconfig/ebtables-config
+%{_unitdir}/ebtables.service
+%{_libexecdir}/ebtables
+/%{_lib}/libebtc.so
+/%{_lib}/ebtables/
+/sbin/ebtables*
+%ghost %{_sysconfdir}/sysconfig/ebtables.filter
+%ghost %{_sysconfdir}/sysconfig/ebtables.nat
+%ghost %{_sysconfdir}/sysconfig/ebtables.broute
+
+%changelog
+* Wed Oct 25 2017 Phil Sutter <psutter@redhat.com> - 2.0.10-16
+- Fix for potentially stale lock files (RHBZ#1495893)
+
+* Thu Jun 30 2016 Thomas Woerner <twoerner@redhat.com> - 2.0.10-15
+- Backported lockdirfix to use (/var)/run from Fedora (RHBZ#1346376)
+
+* Tue May 17 2016 Thomas Woerner <twoerner@redhat.com> - 2.0.10-14
+- Fixed persmissions of ebtables.service (RHBZ#1288586)
+- Added upstream patch to add noflush option to ebtables-restore (RHBZ#1334271)
+
+* Tue Mar 04 2014 Jiri Popelka <jpopelka@redhat.com> - 2.0.10-13
+- do not eviscerate -fstack-protector(-strong) from CFLAGS (#1070801)
+
+* Fri Jan 24 2014 Daniel Mach <dmach@redhat.com> - 2.0.10-12
+- Mass rebuild 2014-01-24
+
+* Tue Jan  7 2014 Thomas Woerner <twoerner@redhat.com> - 2.0.10-11
+- fixed rebuild problem, using MY_CFLAGS from latest fedora package
+  (RHBZ#1048855)
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.0.10-10
+- Mass rebuild 2013-12-27
+
+* Tue Nov  5 2013 Thomas Woerner <twoerner@redhat.com> - 2.0.10-9
+- fixed missing systemd unit file (RHBZ#818953)
+  merged fedora patches from Tom Callaway
+- fixed NETWORK test in the init script (RHBZ#1026784)
+- fixed needed rpmdiff failures (RHBZ#883988)
+
+* Thu Mar 21 2013 Tom Callaway <spot@fedoraproject.org> - 2.0.10-8
+- add audit module
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.10-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.10-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Apr  5 2012 Tom Callaway <spot@fedoraproject.org> - 2.0.10-5
+- update to 2.0.10-4 (upstream numbering is goofy)
+- fix missing symbol issue with extension modules (bz810006)
+
+* Thu Feb 16 2012 Thomas Woerner <twoerner@redhat.com> - 2.0.10-4
+- replaced ebtables-save perl script by bash script to get rid of the perl 
+  requirement
+
+* Fri Jan 13 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.10-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Thu Aug 11 2011 Tom Callaway <spot@fedoraproject.org> - 2.0.10-2
+- update to 2.0.10-2
+
+* Mon Jul 11 2011 Tom Callaway <spot@fedoraproject.org> - 2.0.10-1
+- update to 2.0.10-1
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.9-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Mon Feb 15 2010 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.9-5
+- update to 2.0.9-2
+
+* Fri Jan 29 2010 Thomas Woerner <twoerner@redhat.com> - 2.0.9-4
+- moved ebtables modules to /lib[64]/ebtables (rhbz#558886)
+
+* Fri Jan 15 2010 Thomas Woerner <twoerner@redhat.com> - 2.0.9-3
+- fixed init script to be lsb conform (rhbz#536828)
+- fixed download link according to package review
+
+* Wed Aug 19 2009 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.9-2
+- fix source0 url
+
+* Mon Jul 27 2009 Tom "spot" Callaway <tcallawa@redhat.com> - 2.0.9-1
+- update to 2.0.9
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.8-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Tue Feb 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.8-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Tue Feb 19 2008 Fedora Release Engineering <rel-eng@fedoraproject.org> - 2.0.8-5
+- Autorebuild for GCC 4.3
+
+* Sun Oct 28 2007 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-4
+- bump to 2.0.8-2 from upstream
+- keep _libdir/ebtables, even though upstream just moved away from it.
+
+* Thu Aug 23 2007 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-3
+- use _libdir/ebtables to match upstream RPATH (bugzilla 248865)
+- correct license tag
+- use upstream init script
+- enable build-id
+- use cflags for all compiles
+- be sane with DESTDIR
+
+* Mon Jul  9 2007 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-2
+- remove "Fedora Core" reference in spec
+
+* Mon Jul  2 2007 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-1
+- final 2.0.8 release
+
+* Wed Jan 17 2007 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.8.rc3
+- fix release order
+
+* Wed Jan 17 2007 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.1.rc3
+- bump to rc3
+
+* Thu Oct 05 2006 Christian Iseli <Christian.Iseli@licr.org> 2.0.8-0.7.rc2
+ - rebuilt for unwind info generation, broken in gcc-4.1.1-21
+
+* Mon Sep 18 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.6.rc2
+- fix versioning
+
+* Thu Sep 14 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.3.rc2
+- fix bugzilla 206257
+
+* Tue Sep 12 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.2.rc2
+- fix for FC-6
+
+* Mon Apr 24 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.1.rc2
+- bump to rc2
+
+* Sun Apr  2 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.5.rc1
+- learn to use "install" correctly. :/
+
+* Sun Apr  2 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.4.rc1
+- package up the shared libs too
+
+* Wed Mar 29 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.3.rc1
+- use -fPIC
+
+* Wed Mar 29 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.2.rc1
+- broken tagging
+
+* Tue Jan 10 2006 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.8-0.1.rc1
+- bump to 2.0.8-rc1
+
+* Mon Jul  4 2005 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.6-7
+- buildsystem error requires artificial release bump
+
+* Mon Jul  4 2005 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.6-6
+- actually touch ghosted files
+
+* Fri Jul  1 2005 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.6-5
+- fix sysv file
+
+* Fri Jul  1 2005 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.6-4
+- remove INSTALL file
+- add some text to description, correct typos
+- fix %%postun
+- add PreReqs
+- add %%ghost config files
+
+* Tue May 31 2005 Tom "spot" Callaway <tcallawa@redhat.com> 2.0.6-3
+- reworked for Fedora Extras
+- add gcc4 fix
+- move init file into SOURCE1
+
+* Thu Dec 02 2004 Dag Wieers <dag@wieers.com> - 2.0.6-2
+- Added patch for gcc 3.4. (Nigel Smith)
+
+* Tue Apr 27 2004 Dag Wieers <dag@wieers.com> - 2.0.6-2
+- Cosmetic changes.
+
+* Tue Apr 27 2004 Dag Wieers <dag@wieers.com> - 2.0.6-1
+- Initial package. (using DAR)