diff --git a/SOURCES/firewalld-0.4.3.2-support_sctp_and_dccp_rhbz#1429808.patch b/SOURCES/firewalld-0.4.3.2-support_sctp_and_dccp_rhbz#1429808.patch
new file mode 100644
index 0000000..9e4e23c
--- /dev/null
+++ b/SOURCES/firewalld-0.4.3.2-support_sctp_and_dccp_rhbz#1429808.patch
@@ -0,0 +1,392 @@
+diff -up firewalld-0.4.3.2/doc/xml/firewalld.service.xml.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/doc/xml/firewalld.service.xml
+--- firewalld-0.4.3.2/doc/xml/firewalld.service.xml.support_sctp_and_dccp_rhbz#1429808	2016-06-02 14:02:31.000000000 +0200
++++ firewalld-0.4.3.2/doc/xml/firewalld.service.xml	2017-04-13 12:23:16.775979161 +0200
+@@ -136,7 +136,7 @@
+ 	  <term>protocol="<replaceable>string</replaceable>"</term>
+           <listitem>
+ 	    <para>
+-              The protocol value can either be <option>tcp</option> or <option>udp</option>.
++              The protocol value can either be <option>tcp</option>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
+ 	    </para>
+ 	  </listitem>
+ 	</varlistentry>
+@@ -185,7 +185,7 @@
+ 	  <term>protocol="<replaceable>string</replaceable>"</term>
+           <listitem>
+ 	    <para>
+-              The protocol value can either be <option>tcp</option> or <option>udp</option>.
++              The protocol value can either be <option>tcp</option>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
+ 	    </para>
+ 	  </listitem>
+ 	</varlistentry>
+diff -up firewalld-0.4.3.2/doc/xml/firewalld.zone.xml.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/doc/xml/firewalld.zone.xml
+--- firewalld-0.4.3.2/doc/xml/firewalld.zone.xml.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:13.992969009 +0200
++++ firewalld-0.4.3.2/doc/xml/firewalld.zone.xml	2017-04-13 12:26:33.882698141 +0200
+@@ -73,24 +73,24 @@
+   [ &lt;interface name="<replaceable>string</replaceable>"/&gt; ]
+   [ &lt;source address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]"|mac="<replaceable>MAC</replaceable>"|ipset="<replaceable>ipset</replaceable>"/&gt; ]
+   [ &lt;service name="<replaceable>string</replaceable>"/&gt; ]
+-  [ &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/&gt; ]
++  [ &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; ]
+   [ &lt;protcol value="<replaceable>protocol</replaceable>"/&gt; ]
+   [ &lt;icmp-block name="<replaceable>string</replaceable>"/&gt; ]
+   [ &lt;icmp-block-inversion/&gt; ]
+   [ &lt;masquerade/&gt; ]
+-  [ &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>ipv4address</replaceable>"]/&gt; ]
+-  [ &lt;source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/&gt; ]
++  [ &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>ipv4address</replaceable>"]/&gt; ]
++  [ &lt;source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; ]
+   [
+     &lt;rule [family="<literal>ipv4</literal>|<literal>ipv6</literal>"]&gt;
+     [ &lt;source address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]"|mac="<replaceable>MAC</replaceable>"|ipset="<replaceable>ipset</replaceable>" [invert="<replaceable>True</replaceable>"]/&gt; ]
+     [ &lt;destination address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]" [invert="<replaceable>True</replaceable>"]/&gt; ]
+     [
+       &lt;service name="<replaceable>string</replaceable>"/&gt; |
+-      &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/&gt; |
++      &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; |
+       &lt;protocol value="<replaceable>protocol</replaceable>"/&gt; |
+       &lt;icmp-block name="<replaceable>icmptype</replaceable>"/&gt; |
+       &lt;masquerade/&gt; |
+-      &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/&gt;
++      &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/&gt;
+     ]
+     [ &lt;log [prefix="<replaceable>prefixtext</replaceable>"] [level="<literal>emerg</literal>|<literal>alert</literal>|<literal>crit</literal>|<literal>err</literal>|<literal>warn</literal>|<literal>notice</literal>|<literal>info</literal>|<literal>debug</literal>"]&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/log&gt; ]
+     [ &lt;audit&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/audit&gt; ]
+@@ -248,10 +248,10 @@
+ 	</varlistentry>
+ 
+ 	<varlistentry>
+-	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>"</term>
++	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"</term>
+           <listitem>
+ 	    <para>
+-	      The protocol can either be <replaceable>tcp</replaceable> or <replaceable>udp</replaceable>.
++	      The protocol can either be <replaceable>tcp</replaceable>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
+ 	    </para>
+ 	  </listitem>
+ 	</varlistentry>
+@@ -328,10 +328,10 @@
+ 	  </varlistentry>
+ 
+ 	  <varlistentry>
+-	    <term>protocol="<literal>tcp</literal>|<literal>udp</literal>"</term>
++	    <term>protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"</term>
+             <listitem>
+ 	      <para>
+-		The protocol can either be <replaceable>tcp</replaceable> or <replaceable>udp</replaceable>.
++		The protocol can either be <replaceable>tcp</replaceable>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
+ 	      </para>
+ 	    </listitem>
+ 	  </varlistentry>
+@@ -381,10 +381,10 @@
+ 	</varlistentry>
+ 
+ 	<varlistentry>
+-	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>"</term>
++	  <term>protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"</term>
+           <listitem>
+ 	    <para>
+-	      The protocol can either be <replaceable>tcp</replaceable> or <replaceable>udp</replaceable>.
++	      The protocol can either be <replaceable>tcp</replaceable>, <option>udp</option>, <option>sctp</option> or <option>dccp</option>.
+ 	    </para>
+ 	  </listitem>
+ 	</varlistentry>
+@@ -405,12 +405,12 @@
+   [ &lt;destination address="<replaceable>address</replaceable>[/<replaceable>mask</replaceable>]" [invert="<replaceable>True</replaceable>"]/&gt; ]
+   [
+     &lt;service name="<replaceable>string</replaceable>"/&gt; |
+-    &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/&gt; |
++    &lt;port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; |
+     &lt;protocol value="<replaceable>protocol</replaceable>"/&gt; |
+     &lt;icmp-block name="<replaceable>icmptype</replaceable>"/&gt; |
+     &lt;masquerade/&gt; |
+-    &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/&gt; |
+-    &lt;source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>"/&gt; |
++    &lt;forward-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>" [to-port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]"] [to-addr="<replaceable>address</replaceable>"]/&gt; |
++    &lt;source-port port="<replaceable>portid</replaceable>[-<replaceable>portid</replaceable>]" protocol="<literal>tcp</literal>|<literal>udp</literal>|<literal>sctp</literal>|<literal>dccp</literal>"/&gt; |
+   ]
+   [ &lt;log [prefix="<replaceable>prefixtext</replaceable>"] [level="<literal>emerg</literal>|<literal>alert</literal>|<literal>crit</literal>|<literal>err</literal>|<literal>warn</literal>|<literal>notice</literal>|<literal>info</literal>|<literal>debug</literal>"]/&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/log&gt; ]
+   [ &lt;audit&gt; [&lt;limit value="<replaceable>rate</replaceable>/<replaceable>duration</replaceable>"/&gt;] &lt;/audit&gt; ]
+diff -up firewalld-0.4.3.2/src/firewall/command.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/command.py
+--- firewalld-0.4.3.2/src/firewall/command.py.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.019969107 +0200
++++ firewalld-0.4.3.2/src/firewall/command.py	2017-04-13 12:23:16.782979187 +0200
+@@ -261,9 +261,10 @@ class FirewallCommand(object):
+                                 "portid[-portid]%sprotocol" % separator)
+         if not check_port(port):
+             raise FirewallError(errors.INVALID_PORT, port)
+-        if proto not in [ "tcp", "udp" ]:
++        if proto not in [ "tcp", "udp", "sctp", "dccp" ]:
+             raise FirewallError(errors.INVALID_PROTOCOL,
+-                                "'%s' not in {'tcp'|'udp'}" % proto)
++                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
++                                proto)
+         return (port, proto)
+ 
+     def parse_forward_port(self, value):
+@@ -295,9 +296,10 @@ class FirewallCommand(object):
+ 
+         if not check_port(port):
+             raise FirewallError(errors.INVALID_PORT, port)
+-        if protocol not in [ "tcp", "udp" ]:
++        if protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
+             raise FirewallError(errors.INVALID_PROTOCOL,
+-                                "'%s' not in {'tcp'|'udp'}" % protocol)
++                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
++                                protocol)
+         if toport and not check_port(toport):
+             raise FirewallError(errors.INVALID_PORT, toport)
+         if toaddr and not check_single_address("ipv4", toaddr):
+diff -up firewalld-0.4.3.2/src/firewall-config.glade.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall-config.glade
+--- firewalld-0.4.3.2/src/firewall-config.glade.support_sctp_and_dccp_rhbz#1429808	2016-06-29 12:04:52.000000000 +0200
++++ firewalld-0.4.3.2/src/firewall-config.glade	2017-04-13 12:23:16.781979183 +0200
+@@ -1144,6 +1144,8 @@
+                     <items>
+                       <item>tcp</item>
+                       <item>udp</item>
++                      <item>sctp</item>
++                      <item>dccp</item>
+                     </items>
+                     <signal name="changed" handler="onForwardChanged" swapped="no"/>
+                   </object>
+@@ -8074,6 +8076,8 @@
+                     <items>
+                       <item>tcp</item>
+                       <item>udp</item>
++                      <item>sctp</item>
++                      <item>dccp</item>
+                     </items>
+                     <signal name="changed" handler="onPortChanged" swapped="no"/>
+                   </object>
+@@ -8475,6 +8479,7 @@
+                       <item translatable="yes">- Select -</item>
+                       <item>ah</item>
+                       <item>esp</item>
++                      <item>dccp</item>
+                       <item>ddp</item>
+                       <item>icmp</item>
+                       <item>igmp</item>
+diff -up firewalld-0.4.3.2/src/firewall/core/fw.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/fw.py
+--- firewalld-0.4.3.2/src/firewall/core/fw.py.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.022969118 +0200
++++ firewalld-0.4.3.2/src/firewall/core/fw.py	2017-04-13 12:23:16.782979187 +0200
+@@ -915,9 +915,10 @@ class Firewall(object):
+     def check_tcpudp(self, protocol):
+         if not protocol:
+             raise FirewallError(errors.MISSING_PROTOCOL)
+-        if protocol not in [ "tcp", "udp" ]:
++        if protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
+             raise FirewallError(errors.INVALID_PROTOCOL,
+-                                "'%s' not in {'tcp'|'udp'}" % protocol)
++                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
++                                protocol)
+ 
+     def check_ip(self, ip):
+         if not functions.checkIP(ip):
+diff -up firewalld-0.4.3.2/src/firewall/core/fw_test.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/fw_test.py
+--- firewalld-0.4.3.2/src/firewall/core/fw_test.py.support_sctp_and_dccp_rhbz#1429808	2016-04-19 16:36:12.000000000 +0200
++++ firewalld-0.4.3.2/src/firewall/core/fw_test.py	2017-04-13 12:23:16.783979190 +0200
+@@ -421,9 +421,10 @@ class Firewall_test(object):
+     def check_tcpudp(self, protocol):
+         if not protocol:
+             raise FirewallError(errors.MISSING_PROTOCOL)
+-        if not protocol in [ "tcp", "udp" ]:
++        if not protocol in [ "tcp", "udp", "sctp", "dccp" ]:
+             raise FirewallError(errors.INVALID_PROTOCOL,
+-                                "'%s' not in {'tcp'|'udp'}" % protocol)
++                                "'%s' not in {'tcp'|'udp'|'sctp'|'dccp'}" % \
++                                protocol)
+ 
+     def check_ip(self, ip):
+         if not functions.checkIP(ip):
+diff -up firewalld-0.4.3.2/src/firewall/core/io/io_object.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/io/io_object.py
+--- firewalld-0.4.3.2/src/firewall/core/io/io_object.py.support_sctp_and_dccp_rhbz#1429808	2016-05-30 00:02:39.000000000 +0200
++++ firewalld-0.4.3.2/src/firewall/core/io/io_object.py	2017-04-13 12:23:16.783979190 +0200
+@@ -285,9 +285,10 @@ def check_port(port):
+                             "'%s' is invalid port range" % port)
+ 
+ def check_tcpudp(protocol):
+-    if protocol not in [ "tcp", "udp" ]:
++    if protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
+         raise FirewallError(errors.INVALID_PROTOCOL,
+-                            "'%s' not from {'tcp'|'udp'}" % protocol)
++                            "'%s' not from {'tcp'|'udp'|'sctp'|'dccp'}" % \
++                            protocol)
+ 
+ def check_protocol(protocol):
+     if not functions.checkProtocol(protocol):
+diff -up firewalld-0.4.3.2/src/firewall/core/rich.py.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/firewall/core/rich.py
+--- firewalld-0.4.3.2/src/firewall/core/rich.py.support_sctp_and_dccp_rhbz#1429808	2016-05-19 17:30:27.000000000 +0200
++++ firewalld-0.4.3.2/src/firewall/core/rich.py	2017-04-13 12:23:16.783979190 +0200
+@@ -561,7 +561,7 @@ class Rich_Rule(object):
+         elif type(self.element) == Rich_Port:
+             if not functions.check_port(self.element.port):
+                 raise FirewallError(errors.INVALID_PORT, self.element.port)
+-            if self.element.protocol not in [ "tcp", "udp" ]:
++            if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
+                 raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol)
+ 
+         # protocol
+@@ -589,7 +589,7 @@ class Rich_Rule(object):
+         elif type(self.element) == Rich_ForwardPort:
+             if not functions.check_port(self.element.port):
+                 raise FirewallError(errors.INVALID_PORT, self.element.port)
+-            if self.element.protocol not in [ "tcp", "udp" ]:
++            if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
+                 raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol)
+             if self.element.to_port == "" and self.element.to_address == "":
+                 raise FirewallError(errors.INVALID_PORT, self.element.to_port)
+@@ -609,7 +609,7 @@ class Rich_Rule(object):
+         elif type(self.element) == Rich_SourcePort:
+             if not functions.check_port(self.element.port):
+                 raise FirewallError(errors.INVALID_PORT, self.element.port)
+-            if self.element.protocol not in [ "tcp", "udp" ]:
++            if self.element.protocol not in [ "tcp", "udp", "sctp", "dccp" ]:
+                 raise FirewallError(errors.INVALID_PROTOCOL, self.element.protocol)
+ 
+         # other element and not empty?
+diff -up firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh
+--- firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.015969093 +0200
++++ firewalld-0.4.3.2/src/tests/firewall-cmd_test.sh	2017-04-13 12:23:16.784979194 +0200
+@@ -339,6 +339,15 @@ assert_good " --query-port=111-222/udp -
+ assert_good "--remove-port 111-222/udp"
+ assert_bad  " --query-port=111-222/udp"
+ 
++assert_good "   --add-port=5000/sctp"
++assert_good " --query-port=5000/sctp --zone=${default_zone}"
++assert_good "--remove-port 5000/sctp"
++assert_bad  " --query-port=5000/sctp"
++assert_good "   --add-port=222/dccp"
++assert_good " --query-port=222/dccp --zone=${default_zone}"
++assert_good "--remove-port 222/dccp"
++assert_bad  " --query-port=222/dccp"
++
+ assert_bad  "--permanent    --add-port=666" # no protocol
+ assert_bad  "--permanent    --add-port=666/dummy" # bad protocol
+ assert_good "--permanent    --add-port=666/tcp"
+@@ -348,6 +357,15 @@ assert_good "--permanent  --query-port=1
+ assert_good "--permanent --remove-port 111-222/udp"
+ assert_bad  "--permanent  --query-port=111-222/udp"
+ 
++assert_good "--permanent    --add-port=5000/sctp"
++assert_good "--permanent  --query-port=5000/sctp --zone=${default_zone}"
++assert_good "--permanent --remove-port 5000/sctp"
++assert_bad  "--permanent  --query-port=5000/sctp"
++assert_good "--permanent    --add-port=222/dccp"
++assert_good "--permanent  --query-port=222/dccp --zone=${default_zone}"
++assert_good "--permanent --remove-port 222/dccp"
++assert_bad  "--permanent  --query-port=222/dccp"
++
+ assert_good "   --add-port=80/tcp --add-port 443-444/udp"
+ assert_good " --query-port=80/tcp --zone=${default_zone}"
+ assert_good " --query-port=443-444/udp"
+@@ -488,6 +506,10 @@ assert_good "   --add-forward-port=port=
+ assert_good " --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
+ assert_good "--remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
+ assert_bad  " --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
++assert_good "   --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
++assert_good " --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
++assert_good "--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
++assert_bad  " --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
+ 
+ assert_bad  "--permanent         --add-forward-port=666" # no protocol
+ assert_good "--permanent    --add-forward-port=port=11:proto=tcp:toport=22 --zone=${default_zone}"
+@@ -499,6 +521,10 @@ assert_good "--permanent    --add-forwar
+ assert_good "--permanent  --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
+ assert_good "--permanent --remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
+ assert_bad  "--permanent  --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
++assert_good "--permanent    --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
++assert_good "--permanent  --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
++assert_good "--permanent --remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
++assert_bad  "--permanent  --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
+ 
+ assert_good "   --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200"
+ assert_good " --query-forward-port=port=100:proto=tcp:toport=200"
+@@ -598,6 +624,18 @@ assert_good "--permanent --icmptype=${my
+ assert_good "--permanent --icmptype=${myicmp} --remove-destination=ipv4"
+ assert_bad "--permanent --icmptype=${myicmp} --query-destination=ipv4"
+ 
++# test sctp and dccp ports
++assert_good "--permanent --service=${myservice} --add-port=666/sctp"
++assert_good "--permanent --service=${myservice} --remove-port=666/sctp"
++assert_good "--permanent --service=${myservice} --remove-port 666/sctp"
++assert_bad  "--permanent --service=${myservice} --query-port=666/sctp"
++assert_good "--permanent --service=${myservice} --add-port=999/dccp"
++assert_good "--permanent --service=${myservice} --remove-port=999/dccp"
++assert_good "--permanent --service=${myservice} --remove-port 999/dccp"
++assert_bad  "--permanent --service=${myservice} --query-port=999/dccp"
++assert_good "--permanent --service=${myservice} --add-port=666/sctp"
++assert_good "--permanent --service=${myservice} --add-port=999/dccp"
++
+ # add them to zone
+ assert_good "--permanent --zone=${myzone} --add-service=${myservice}"
+ assert_good "--permanent --zone=${myzone} --add-icmp-block=${myicmp}"
+@@ -886,7 +924,9 @@ good_rules=(
+  'rule family="ipv4" source address="192.168.1.0/24" masquerade'
+  'rule family="ipv4" destination address="192.168.1.0/24" masquerade' # masquerade & destination
+  'rule family="ipv6" masquerade'
+- 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"')
++ 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"'
++ 'rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"'
++ 'rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"')
+ 
+ for (( i=0;i<${#good_rules[@]};i++)); do
+   rule=${good_rules[${i}]}
+diff -up firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808 firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh
+--- firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh.support_sctp_and_dccp_rhbz#1429808	2017-04-13 12:23:14.015969093 +0200
++++ firewalld-0.4.3.2/src/tests/firewall-offline-cmd_test.sh	2017-04-13 12:23:16.784979194 +0200
+@@ -332,6 +332,15 @@ assert_good " --query-port=111-222/udp -
+ assert_good "--remove-port 111-222/udp"
+ assert_bad  " --query-port=111-222/udp"
+ 
++assert_good "   --add-port=5000/sctp"
++assert_good " --query-port=5000/sctp --zone=${default_zone}"
++assert_good "--remove-port 5000/sctp"
++assert_bad  " --query-port=5000/sctp"
++assert_good "   --add-port=222/dccp"
++assert_good " --query-port=222/dccp --zone=${default_zone}"
++assert_good "--remove-port 222/dccp"
++assert_bad  " --query-port=222/dccp"
++
+ assert_good "   --add-port=80/tcp --add-port 443-444/udp"
+ assert_good " --query-port=80/tcp --zone=${default_zone}"
+ assert_good " --query-port=443-444/udp"
+@@ -409,6 +418,10 @@ assert_good "   --add-forward-port=port=
+ assert_good " --query-forward-port port=55:proto=tcp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
+ assert_good "--remove-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
+ assert_bad  " --query-forward-port=port=55:proto=tcp:toport=66:toaddr=7.7.7.7"
++assert_good "   --add-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
++assert_good " --query-forward-port port=66:proto=sctp:toport=66:toaddr=7.7.7.7 --zone=${default_zone}"
++assert_good "--remove-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
++assert_bad  " --query-forward-port=port=66:proto=sctp:toport=66:toaddr=7.7.7.7"
+ 
+ assert_good "   --add-forward-port=port=88:proto=udp:toport=99 --add-forward-port port=100:proto=tcp:toport=200"
+ assert_good " --query-forward-port=port=100:proto=tcp:toport=200"
+@@ -495,6 +508,18 @@ assert_good "--icmptype=${myicmp} --quer
+ assert_good "--icmptype=${myicmp} --remove-destination=ipv4"
+ assert_bad "--icmptype=${myicmp} --query-destination=ipv4"
+ 
++# test sctp and dccp ports
++assert_good "--service=${myservice} --add-port=666/sctp"
++assert_good "--service=${myservice} --remove-port=666/sctp"
++assert_good "--service=${myservice} --remove-port 666/sctp"
++assert_bad  "--service=${myservice} --query-port=666/sctp"
++assert_good "--service=${myservice} --add-port=999/dccp"
++assert_good "--service=${myservice} --remove-port=999/dccp"
++assert_good "--service=${myservice} --remove-port 999/dccp"
++assert_bad  "--service=${myservice} --query-port=999/dccp"
++assert_good "--service=${myservice} --add-port=666/sctp"
++assert_good "--service=${myservice} --add-port=999/dccp"
++
+ # add them to zone
+ assert_good "--zone=${myzone} --add-service=${myservice}"
+ assert_good "--zone=${myzone} --add-icmp-block=${myicmp}"
+@@ -668,7 +693,9 @@ good_rules=(
+  'rule family="ipv6" source address="1:2:3:4:6::" icmp-block name="redirect" log prefix="redirect" level="info" limit value="4/m"'
+  'rule family="ipv4" source address="192.168.1.0/24" masquerade'
+  'rule family="ipv6" masquerade'
+- 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"')
++ 'rule forward-port port="2222" to-port="22" to-addr="192.168.100.2" protocol="tcp" family="ipv4" source address="192.168.2.100"'
++ 'rule forward-port port="66" to-port="666" to-addr="192.168.100.2" protocol="sctp" family="ipv4" source address="192.168.2.100"'
++ 'rule forward-port port="99" to-port="999" to-addr="1::2:3:4:7" protocol="dccp" family="ipv6" source address="1:2:3:4:6::"')
+ 
+ for (( i=0;i<${#good_rules[@]};i++)); do
+   rule=${good_rules[${i}]}
diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec
index 8ed92e5..9a3682d 100644
--- a/SPECS/firewalld.spec
+++ b/SPECS/firewalld.spec
@@ -8,7 +8,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.4.3.2
-Release: 8.1%{?dist}.2
+Release: 8.1%{?dist}.3
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://fedorahosted.org/released/firewalld/%{name}-%{version}.tar.bz2
@@ -35,6 +35,7 @@ Patch20: firewalld-0.4.3.2-translation_update_rhbz#1273296.patch
 Patch21: firewalld-0.4.3.2-exclude_firewallctl_rhbz#1374799.patch
 Patch22: firewalld-0.4.3.2-no_blanked_zone_rhbz#1381314.patch
 Patch23: firewalld-0.4.3.2-fix_log_denied_rhbz#1402932.patch
+Patch24: firewalld-0.4.3.2-support_sctp_and_dccp_rhbz#1429808.patch
 
 BuildArch: noarch
 BuildRequires: desktop-file-utils
@@ -168,6 +169,7 @@ firewalld.
 %patch21 -p1 -b .exclude_firewallctl_rhbz#1374799
 %patch22 -p1 -b .no_blanked_zone_rhbz#1381314
 %patch23 -p1 -b .fix_log_denied_rhbz#1402932
+%patch24 -p1 -b .support_sctp_and_dccp_rhbz#1429808
 
 %if 0%{?with_python3}
 rm -rf %{py3dir}
@@ -356,6 +358,10 @@ fi
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Thu Apr 13 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-8.1.el7_3.3
+- Add support for sctp and dccp in ports, source-ports and forward-ports
+  (RHBZ#1429808) (RHBZ#1442977)
+
 * Wed Feb  8 2017 Thomas Woerner <twoerner@redhat.com> - 0.4.3.2-8.1.el7_3.2
 - Fix LOG rule placement for LogDenied (RHBZ#1402932, RHBZ#1421205)