diff --git a/SOURCES/iptables.init b/SOURCES/iptables.init
index 80f6ccd..b1c991b 100755
--- a/SOURCES/iptables.init
+++ b/SOURCES/iptables.init
@@ -29,7 +29,7 @@ IPV=${IPTABLES%tables} # ip for ipv4 | ip6 for ipv6
 [ "$IPV" = "ip" ] && _IPV="ipv4" || _IPV="ipv6"
 PROC_IPTABLES_NAMES=/proc/net/${IPV}_tables_names
 VAR_SUBSYS_IPTABLES=/var/lock/subsys/$IPTABLES
-RESTORECON=/bin/restorecon
+RESTORECON=$(which restorecon 2>/dev/null)
 [ ! -x "$RESTORECON" ] && RESTORECON=/bin/true
 
 # only usable for root
@@ -191,7 +191,7 @@ load_sysctl() {
         echo -n $"Loading sysctl settings: "
         ret=0
         for item in $IPTABLES_SYSCTL_LOAD_LIST; do
-            fgrep $item /etc/sysctl.conf | sysctl -p - >/dev/null
+            fgrep -hs $item /etc/sysctl.d/* | sysctl -p - >/dev/null
             let ret+=$?;
         done
         [ $ret -eq 0 ] && success || failure
diff --git a/SPECS/iptables.spec b/SPECS/iptables.spec
index b3adc32..f30613c 100644
--- a/SPECS/iptables.spec
+++ b/SPECS/iptables.spec
@@ -7,7 +7,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 Version: 1.4.21
-Release: 18.3%{?dist}
+Release: 24%{?dist}
 Source: http://www.netfilter.org/projects/iptables/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -276,17 +276,26 @@ done
 
 
 %changelog
-* Tue Feb 13 2018 Phil Sutter - 1.4.21-18.3
-- Fix incorrect ip6tables.service unit syntax (RHBZ#1538549)
+* Fri Nov 17 2017 Phil Sutter - 1.4.21-24
+- Fix fgrep call over multiple files in iptables.init
 
-* Mon Sep 18 2017 Phil Sutter - 1.4.21-18.2
+* Fri Oct 20 2017 Phil Sutter - 1.4.21-23
+- Fix incorrect ip6tables.service unit syntax (RHBZ#1486803)
+
+* Fri Oct 06 2017 Phil Sutter - 1.4.21-22
+- Search for restorecon binary using which (RHBZ#1406860)
+
+* Thu Sep 07 2017 Phil Sutter - 1.4.21-21
+- Scan /etc/sysctl.d for items in IPTABLES_SYSCTL_LOAD_LIST (RHBZ#1402021)
+
+* Thu Aug 31 2017 Phil Sutter - 1.4.21-20
 - Prevent iptables.service and ip6tables.service from running in parallel
-  (RHBZ#1491963)
-- Don't restart services upon upgrade (RHBZ#1491961)
+  (RHBZ#1486803)
+- Don't restart services upon upgrade (RHBZ#1380141)
 
-* Mon Aug 14 2017 Thomas Woerner <twoerner@redhat.com> 1.4.21-18.1
+* Thu Aug 10 2017 Thomas Woerner <twoerner@redhat.com> 1.4.21-19
 - Use wait option for restore calls to fix failing service starts
-  (RHBZ#1481207)
+  (RHBZ#1477413)
 
 * Mon Apr 24 2017 Thomas Woerner <twoerner@redhat.com> 1.4.21-18
 - Add support for --wait options to restore commands (RHBZ#1438597)