diff --git a/SOURCES/0065-fix-rich-non-printable-characters-removed-from-rich-.patch b/SOURCES/0065-fix-rich-non-printable-characters-removed-from-rich-.patch
new file mode 100644
index 0000000..2e00d5b
--- /dev/null
+++ b/SOURCES/0065-fix-rich-non-printable-characters-removed-from-rich-.patch
@@ -0,0 +1,107 @@
+From dbce20e28a898c394274109904d471d84cfa7fea Mon Sep 17 00:00:00 2001
+From: Vrinda Punj <vpunj@redhat.com>
+Date: Fri, 13 Nov 2020 10:40:51 -0500
+Subject: [PATCH 65/66] fix(rich): non-printable characters removed from rich
+ rules
+
+Fixes: rhbz 1596304
+Fixes: #480
+
+(cherry picked from commit ac5960856991a00ddf7a558e31fd3248c8279a1f)
+(cherry picked from commit a55416ea5f79f1a7cb1a97b6ee39524a542a8663)
+---
+ src/firewall/core/rich.py           |  2 ++
+ src/firewall/functions.py           |  9 ++++++++-
+ src/tests/regression/regression.at  |  1 +
+ src/tests/regression/rhbz1596304.at | 23 +++++++++++++++++++++++
+ 4 files changed, 34 insertions(+), 1 deletion(-)
+ create mode 100644 src/tests/regression/rhbz1596304.at
+
+diff --git a/src/firewall/core/rich.py b/src/firewall/core/rich.py
+index 86c0c998a478..03bc194c2b28 100644
+--- a/src/firewall/core/rich.py
++++ b/src/firewall/core/rich.py
+@@ -307,6 +307,8 @@ class Rich_Rule(object):
+         if not rule_str:
+             raise FirewallError(errors.INVALID_RULE, 'empty rule')
+ 
++        rule_str = functions.stripNonPrintableCharacters(rule_str)
++
+         self.priority = 0
+         self.family = None
+         self.source = None
+diff --git a/src/firewall/functions.py b/src/firewall/functions.py
+index 6af220619f17..d20b702e047e 100644
+--- a/src/firewall/functions.py
++++ b/src/firewall/functions.py
+@@ -27,7 +27,7 @@ __all__ = [ "PY2", "getPortID", "getPortRange", "portStr", "getServiceName",
+             "check_single_address", "check_mac", "uniqify", "ppid_of_pid",
+             "max_zone_name_len", "checkUser", "checkUid", "checkCommand",
+             "checkContext", "joinArgs", "splitArgs",
+-            "b2u", "u2b", "u2b_if_py2" ]
++            "b2u", "u2b", "u2b_if_py2", "stripNonPrintableCharacters"]
+ 
+ import socket
+ import os
+@@ -42,6 +42,10 @@ from firewall.config import FIREWALLD_TEMPDIR, FIREWALLD_PIDFILE
+ 
+ PY2 = sys.version < '3'
+ 
++NOPRINT_TRANS_TABLE = {
++    i: None for i in range(0, sys.maxunicode + 1) if not chr(i).isprintable()
++}
++
+ def getPortID(port):
+     """ Check and Get port id from port string or port id using socket.getservbyname
+ 
+@@ -226,6 +230,9 @@ def checkIPnMask(ip):
+                 return False
+     return True
+ 
++def stripNonPrintableCharacters(rule_str):
++    return rule_str.translate(NOPRINT_TRANS_TABLE)
++
+ def checkIP6nMask(ip):
+     if "/" in ip:
+         addr = ip[:ip.index("/")]
+diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
+index 65540840f50e..c1e8620ee700 100644
+--- a/src/tests/regression/regression.at
++++ b/src/tests/regression/regression.at
+@@ -35,3 +35,4 @@ m4_include([regression/rhbz1483921.at])
+ m4_include([regression/rhbz1541077.at])
+ m4_include([regression/rhbz1855140.at])
+ m4_include([regression/rhbz1871298.at])
++m4_include([regression/rhbz1596304.at])
+diff --git a/src/tests/regression/rhbz1596304.at b/src/tests/regression/rhbz1596304.at
+new file mode 100644
+index 000000000000..98a33934e271
+--- /dev/null
++++ b/src/tests/regression/rhbz1596304.at
+@@ -0,0 +1,23 @@
++FWD_START_TEST([rich rules strip non-printable characters])
++AT_KEYWORDS(rich rhbz1596304)
++
++dnl source address contains a tab character
++FWD_CHECK([--permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="104.243.250.0/22	" port port=80 protocol=tcp accept'],0,ignore)
++FWD_RELOAD
++FWD_CHECK([--list-all | TRIM_WHITESPACE], 0, [m4_strip([dnl
++        public
++        target: default
++        icmp-block-inversion: no
++        interfaces:
++        sources:
++        services: cockpit dhcpv6-client ssh
++        ports:
++        protocols:
++        masquerade: no
++        forward-ports:
++        source-ports:
++        icmp-blocks:
++        rich rules:
++	rule family="ipv4" source address="104.243.250.0/22" port port="80" protocol="tcp" accept
++    ])])
++FWD_END_TEST
+-- 
+2.28.0
+
diff --git a/SOURCES/0066-fix-rich-limit-table-to-strip-non-printables-to-C0-a.patch b/SOURCES/0066-fix-rich-limit-table-to-strip-non-printables-to-C0-a.patch
new file mode 100644
index 0000000..793cc5e
--- /dev/null
+++ b/SOURCES/0066-fix-rich-limit-table-to-strip-non-printables-to-C0-a.patch
@@ -0,0 +1,38 @@
+From ff6e65737413d54b6f6964f72827a92fdbecc182 Mon Sep 17 00:00:00 2001
+From: Eric Garver <eric@garver.life>
+Date: Fri, 8 Jan 2021 13:38:15 -0500
+Subject: [PATCH 68/68] fix(rich): limit table to strip non-printables to C0
+ and C1
+
+Generating the table was taking an unreasonable amount of memory.
+Stripping C0 and C1 should cover most scenarios while limiting memory
+usage.
+
+Fixes: ac5960856991 ("fix(rich): non-printable characters removed from rich rules")
+(cherry picked from commit 015704b44f81d535a868fe28368f977cefd28638)
+(cherry picked from commit 629a53ef027146f8e4e486c40c8bde04cda830d3)
+---
+ src/firewall/functions.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/firewall/functions.py b/src/firewall/functions.py
+index d20b702e047e..1ea9f4309234 100644
+--- a/src/firewall/functions.py
++++ b/src/firewall/functions.py
+@@ -43,7 +43,12 @@ from firewall.config import FIREWALLD_TEMPDIR, FIREWALLD_PIDFILE
+ PY2 = sys.version < '3'
+ 
+ NOPRINT_TRANS_TABLE = {
+-    i: None for i in range(0, sys.maxunicode + 1) if not chr(i).isprintable()
++    # Limit to C0 and C1 code points. Building entries for all unicode code
++    # points requires too much memory.
++    # C0 = [0, 31]
++    # C1 = [127, 159]
++    #
++    i: None for i in range(0, 160) if not (i > 31 and i < 127)
+ }
+ 
+ def getPortID(port):
+-- 
+2.27.0
+
diff --git a/SOURCES/0067-fix-zone-add-source-with-mac-address.patch b/SOURCES/0067-fix-zone-add-source-with-mac-address.patch
new file mode 100644
index 0000000..b3762c1
--- /dev/null
+++ b/SOURCES/0067-fix-zone-add-source-with-mac-address.patch
@@ -0,0 +1,93 @@
+From 2871abfceceba37c6ba38aa0ef25e23a059294ec Mon Sep 17 00:00:00 2001
+From: Vrinda Punj <vpunj@redhat.com>
+Date: Wed, 18 Nov 2020 13:14:44 -0500
+Subject: [PATCH 67/68] fix(zone): add source with mac address
+
+nftables supports matching the destination MAC, but iptables does not.
+As such, lift the restriction from nftables. For iptables, gracefully
+ignore the scenarios in which we attempt to match destination MAC.
+
+Fixes: #703
+Fixes: df4aefcbe7b7 ("improvement(ipXtables): add utility function match sources")
+Fixes: 1582c5dd736a ("feat: nftables: convert to libnftables JSON interface")
+
+Co-authored-by: Eric Garver <eric@garver.life>
+(cherry picked from commit 20151fbb5c5104e3d4dbc4ea938b9a68bdbcf225)
+(cherry picked from commit 79bb113a2a108ce1c69dc7bc7af60297b8ec2ad0)
+---
+ src/firewall/core/ipXtables.py     |  4 ++++
+ src/firewall/core/nftables.py      |  2 --
+ src/tests/regression/gh703.at      | 23 +++++++++++++++++++++++
+ src/tests/regression/regression.at |  1 +
+ 4 files changed, 28 insertions(+), 2 deletions(-)
+ create mode 100644 src/tests/regression/gh703.at
+
+diff --git a/src/firewall/core/ipXtables.py b/src/firewall/core/ipXtables.py
+index 450e427c08b5..b28146edd060 100644
+--- a/src/firewall/core/ipXtables.py
++++ b/src/firewall/core/ipXtables.py
+@@ -814,6 +814,10 @@ class ip4tables(object):
+         else:
+             zone_dispatch_chain = "%s_ZONES" % (chain)
+ 
++        # iptables can not match destination MAC
++        if check_mac(address) and chain in ["POSTROUTING", "FORWARD_OUT", "OUTPUT"]:
++            return []
++
+         target = DEFAULT_ZONE_TARGET.format(chain=SHORTCUTS[chain], zone=zone)
+         action = "-g"
+ 
+diff --git a/src/firewall/core/nftables.py b/src/firewall/core/nftables.py
+index 0a73c2c2669d..a0a899dd3eef 100644
+--- a/src/firewall/core/nftables.py
++++ b/src/firewall/core/nftables.py
+@@ -1067,8 +1067,6 @@ class nftables(object):
+             return self._set_match_fragment(address[len("ipset:"):], True if "daddr" == addr_field else False, invert)
+         else:
+             if check_mac(address):
+-                if addr_field == "daddr":
+-                    raise FirewallError(INVALID_RULE, "%s._rule_addr_fragment()", (self.__class__))
+                 family = "ether"
+             elif check_single_address("ipv4", address):
+                 family = "ip"
+diff --git a/src/tests/regression/gh703.at b/src/tests/regression/gh703.at
+new file mode 100644
+index 000000000000..af724a7713a7
+--- /dev/null
++++ b/src/tests/regression/gh703.at
+@@ -0,0 +1,23 @@
++FWD_START_TEST([add source with mac address])
++AT_KEYWORDS(gh703)
++
++FWD_CHECK([--zone=home --add-source=34:7e:5c:3a:4c:32], 0, [ignore])
++
++NFT_LIST_RULES([ip], [nat_POSTROUTING_ZONES_SOURCE], 0, [dnl
++    table ip firewalld {
++        chain nat_POSTROUTING_ZONES_SOURCE {
++            ether daddr 34:7e:5c:3a:4c:32 goto nat_POST_home
++        }          
++    }          
++])
++NFT_LIST_RULES([ip6], [nat_POSTROUTING_ZONES_SOURCE], 0, [dnl
++    table ip6 firewalld {
++        chain nat_POSTROUTING_ZONES_SOURCE {
++            ether daddr 34:7e:5c:3a:4c:32 goto nat_POST_home
++        }          
++    }          
++])
++
++dnl NOTE: iptables does _not_ support matching mac destination.
++
++FWD_END_TEST
+diff --git a/src/tests/regression/regression.at b/src/tests/regression/regression.at
+index c1e8620ee700..7597a458076c 100644
+--- a/src/tests/regression/regression.at
++++ b/src/tests/regression/regression.at
+@@ -36,3 +36,4 @@ m4_include([regression/rhbz1541077.at])
+ m4_include([regression/rhbz1855140.at])
+ m4_include([regression/rhbz1871298.at])
+ m4_include([regression/rhbz1596304.at])
++m4_include([regression/gh703.at])
+-- 
+2.27.0
+
diff --git a/SOURCES/v1.0.0-0068-feat-service-add-galera-service.patch b/SOURCES/v1.0.0-0068-feat-service-add-galera-service.patch
new file mode 100644
index 0000000..0fa86fe
--- /dev/null
+++ b/SOURCES/v1.0.0-0068-feat-service-add-galera-service.patch
@@ -0,0 +1,55 @@
+From 8d0823923302da39bb1f28e55b907db29b03f664 Mon Sep 17 00:00:00 2001
+From: Vrinda Punj <vpunj@redhat.com>
+Date: Tue, 1 Dec 2020 11:58:19 -0500
+Subject: [PATCH 66/66] feat(service): add galera service Fixes: rhbz1696260
+
+(cherry picked from commit 11632147677464cb7121d17526ead242e68be041)
+---
+ config/Makefile.am         | 1 +
+ config/services/galera.xml | 9 +++++++++
+ po/POTFILES.in             | 1 +
+ 3 files changed, 11 insertions(+)
+ create mode 100644 config/services/galera.xml
+
+diff --git a/config/Makefile.am b/config/Makefile.am
+index 178c2358b117..4b849bd54e32 100644
+--- a/config/Makefile.am
++++ b/config/Makefile.am
+@@ -156,6 +156,7 @@ CONFIG_FILES = \
+ 	services/freeipa-replication.xml \
+ 	services/freeipa-trust.xml \
+ 	services/ftp.xml \
++	services/galera.xml \
+ 	services/ganglia-client.xml \
+ 	services/ganglia-master.xml \
+ 	services/git.xml \
+diff --git a/config/services/galera.xml b/config/services/galera.xml
+new file mode 100644
+index 000000000000..2305713fbcab
+--- /dev/null
++++ b/config/services/galera.xml
+@@ -0,0 +1,9 @@
++<?xml version="1.0" encoding="utf-8"?>
++<service>
++  <short>Galera</short>
++  <description>MariaDB-Galera Database Server</description>
++  <port protocol="tcp" port="3306"/>
++  <port protocol="tcp" port="4567"/>
++  <port protocol="tcp" port="4568"/>
++  <port protocol="tcp" port="4444"/>
++</service>
+diff --git a/po/POTFILES.in b/po/POTFILES.in
+index 8552b8eca4ab..27003c5ce1ef 100644
+--- a/po/POTFILES.in
++++ b/po/POTFILES.in
+@@ -88,6 +88,7 @@ config/services/freeipa-ldap.xml
+ config/services/freeipa-replication.xml
+ config/services/freeipa-trust.xml
+ config/services/ftp.xml
++config/services/galera.xml
+ config/services/ganglia-client.xml
+ config/services/ganglia-master.xml
+ config/services/git.xml
+-- 
+2.28.0
+
diff --git a/SPECS/firewalld.spec b/SPECS/firewalld.spec
index 2b33ca0..5dbf1cc 100644
--- a/SPECS/firewalld.spec
+++ b/SPECS/firewalld.spec
@@ -1,7 +1,7 @@
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
 Version: 0.8.2
-Release: 3%{?dist}
+Release: 6%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
 Source0: https://github.com/firewalld/firewalld/releases/download/v%{version}/firewalld-%{version}.tar.gz
@@ -69,6 +69,10 @@ Patch61: 0061-docs-dbus-fix-invalid-method-names.patch
 Patch62: 0062-docs-firewall-cmd-small-description-grammar-fix.patch
 Patch63: v0.9.0-0063-feat-service-add-collectd-service.patch
 Patch64: v0.9.0-0064-feat-service-Add-rpc-rquotad.service.patch
+Patch65: 0065-fix-rich-non-printable-characters-removed-from-rich-.patch
+Patch66: 0066-fix-rich-limit-table-to-strip-non-printables-to-C0-a.patch
+Patch67: 0067-fix-zone-add-source-with-mac-address.patch
+Patch68: v1.0.0-0068-feat-service-add-galera-service.patch
 
 BuildArch: noarch
 BuildRequires: autoconf
@@ -267,6 +271,15 @@ desktop-file-install --delete-original \
 %{_mandir}/man1/firewall-config*.1*
 
 %changelog
+* Fri Jan 29 2021 Eric Garver <egarver@redhat.com> - 0.8.2-6
+- feat(service): add galera service
+
+* Fri Jan 29 2021 Eric Garver <egarver@redhat.com> - 0.8.2-5
+- fix(zone): add source with mac address
+
+* Fri Jan 29 2021 Eric Garver <egarver@redhat.com> - 0.8.2-4
+- fix(rich): non-printable characters removed from rich
+
 * Mon Oct 26 2020 Eric Garver <egarver@redhat.com> - 0.8.2-3
 - fix(nftables): packet marks with masks
 - fix(nftables): icmp types with code == 0