diff --git a/.gitignore b/.gitignore
index cf4f630..6ca1317 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 /tcpcrypt-bb990b1bfb0e411f0613abdaf3b71fdce50a82cf.tar.gz
 /tcpcrypt-0.4.tar.gz
+/tcpcrypt-0.5.tar.gz
diff --git a/sources b/sources
index b4cefa3..6a603fb 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-b2d9f68a680ea4f4cd86c81fb6a813c0  tcpcrypt-0.4.tar.gz
+SHA512 (tcpcrypt-0.5.tar.gz) = aa7068e24c16449e84cc06450bbbac0a245df4f7883eef3c5cc10afb3592f194d42103d06e3e072ad997d09835545fa71bfecd57209ee45c07433f64fb6f0048
diff --git a/tcpcrypt-firewalld.xml b/tcpcrypt-firewalld.xml
deleted file mode 100644
index 01ecbd0..0000000
--- a/tcpcrypt-firewalld.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<direct>
-  <chain ipv="ipv4" table="raw" chain="tcpcrypt"/>
-  <rule ipv="ipv4" table="raw" chain="tcpcrypt" priority="0">
-    -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
-  <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-j tcpcrypt</rule>
-
-  <chain ipv="ipv4" table="mangle" chain="tcpcrypt"/>
-  <rule ipv="ipv4" table="mangle" chain="tcpcrypt" priority="0">
-    -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
-  <rule ipv="ipv4" table="mangle" chain="POSTROUTING" priority="0">-j tcpcrypt</rule>
-</direct>
diff --git a/tcpcrypt.spec b/tcpcrypt.spec
index 614029e..050228a 100644
--- a/tcpcrypt.spec
+++ b/tcpcrypt.spec
@@ -3,30 +3,25 @@
 
 Summary: Opportunistically encrypt TCP connections
 Name: tcpcrypt
-Version: 0.4
-Release: 4%{?dist}
-Group: System Environment/Libraries
-License: BSD
+Version: 0.5
+Release: 19%{?dist}
+# Automatically converted from old format: BSD - review is highly recommended.
+License: LicenseRef-Callaway-BSD
 Url: http://tcpcrypt.org/
 Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz
 SOURCE1: tmpfiles-tcpcrypt.conf
 SOURCE2: tcpcryptd.service
 SOURCE3: tcpcryptd-firewall
-SOURCE4: tcpcrypt-firewalld.xml
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+BuildRequires: make
+BuildRequires:  gcc
 BuildRequires: openssl-devel libnetfilter_queue-devel libcap-devel
 BuildRequires: libnetfilter_conntrack-devel libpcap-devel
-%if %{snapshot}
 BuildRequires: libtool autoconf automake
-%endif
-
 BuildRequires: systemd
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-Requires(pre): shadow-utils
-# we need to require it to install our file
-Requires: firewalld
 
 %description
 Provides a protocol that attempts to encrypt (almost) all of your
@@ -37,7 +32,6 @@ end does not support
 
 %package devel
 Summary: Development package that includes the tcpcrypt header files
-Group: Development/Libraries
 Requires: %{name}%{?_isa} = %{version}-%{release}
 
 %description devel
@@ -45,40 +39,42 @@ The devel package contains the tcpcrypt library and the include files
 
 %package libs
 Summary: Libraries used by tcpcryptd server and tcpcrypt-aware applications
-Group: Applications/System
-Requires(post): /sbin/ldconfig
-Requires(postun): /sbin/ldconfig
 
 %description libs
 Contains libraries used by tcpcryptd server and tcpcrypt-aware applications
 
 %prep
-%setup -q
+%autosetup
+
+# Create a sysusers.d config file
+cat >tcpcrypt.sysusers.conf <<EOF
+u tcpcryptd - 'tcpcrypt daemon account' /var/run/tcpcryptd -
+EOF
 
 %build
-%if %{snapshot}
-./bootstrap.sh
-%endif
+sh bootstrap.sh
 %configure --disable-static --disable-rpath
-make %{?_smp_mflags}
+%make_build
 
 %install
-make DESTDIR=%{buildroot} INSTALL="%{__install} -p" install
+%make_install
 install -m 0755 %{SOURCE3} %{buildroot}/%{_bindir}
 rm %{buildroot}%{_libdir}/*.la
 mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/tcpcryptd
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/tcpcrypt.conf
 mkdir -p %{buildroot}%{_unitdir}
 install -m 0755 %{SOURCE2} %{buildroot}/%{_unitdir}/tcpcryptd.service
-# install firewalld policy needed for tracking and marking packets
-install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcpcryptd.xml
+
+install -m0644 -D tcpcrypt.sysusers.conf %{buildroot}%{_sysusersdir}/tcpcrypt.conf
 
 %files libs
-%doc README.markdown LICENSE
+%doc README.markdown
+%license LICENSE
 %{_libdir}/libtcpcrypt.so.*
 
 %files
-%doc README.markdown LICENSE
+%doc README.markdown
+%license LICENSE
 %{_bindir}/tcnetstat
 %{_bindir}/tcpcryptd
 %{_bindir}/tcpcryptd-firewall
@@ -86,22 +82,16 @@ install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcp
 %{_mandir}/man8/*
 %attr(0644,root,root) %{_tmpfilesdir}/tcpcrypt.conf
 %attr(0644,root,root) %{_unitdir}/tcpcryptd.service
-%attr(0644,root,root) %{_prefix}/lib/firewalld/services/tcpcryptd.xml
 %attr(0755,tcpcryptd,tcpcryptd) %dir /run/tcpcryptd
+%{_sysusersdir}/tcpcrypt.conf
 
 %files devel
 %{_libdir}/libtcpcrypt.so
 %dir %{_includedir}/tcpcrypt
 %{_includedir}/tcpcrypt/*.h
 
-%post libs -p /sbin/ldconfig
-%postun libs -p /sbin/ldconfig
+%ldconfig_scriptlets libs
 
-%pre
-getent group tcpcryptd >/dev/null || groupadd -r tcpcryptd
-getent passwd tcpcryptd >/dev/null || \
-useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \
--c "tcpcrypt daemon account" tcpcryptd || exit 0
 
 %post
 %systemd_post tcpcryptd.service
@@ -113,6 +103,76 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \
 %systemd_postun_with_restart tcpcryptd.service
 
 %changelog
+* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.5-18
+- Add sysusers.d config file to allow rpm to create users/groups automatically
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Wed Sep 04 2024 Miroslav Suchý <msuchy@redhat.com> - 0.5-16
+- convert license to SPDX
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-12
+- remove bash-isms from tcpcryptd-firewall
+
+* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-11
+- remove broken firewalld service definition
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.5-7
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.5-5
+- Rebuilt for updated systemd-rpm-macros
+  See https://pagure.io/fesco/issue/2583.
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jan 31 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Sun Aug 04 2019 Filipe Rosset <rosset.filipe@gmail.com> - 0.5-1
+- Update to 0.5 plus spec cleanup and modernization
+
+* Sat Jul 27 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Sun Feb 03 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.4-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 
diff --git a/tcpcryptd-firewall b/tcpcryptd-firewall
index e598db8..33d1075 100755
--- a/tcpcryptd-firewall
+++ b/tcpcryptd-firewall
@@ -1,20 +1,7 @@
 #!/bin/sh
 
-# Check if we need to use firewalld or will handle rules directly with iptables
-
-
-systemctl status firewalld.service >/dev/null
-RETVAL=$?
-if [ $RETVAL  -eq 0 ]
-then
-   # use firewalld
-   firewall-cmd --reload
-   firewall-cmd --direct --get-rules ipv4 raw tcpcrypt
-   firewall-cmd --direct --get-rules ipv4 mangle tcpcrypt
-else
-   # use iptables manually
-
-if [ "$1" == "start" ]
+# use iptables manually
+if [ "$1" = "start" ]
 then
 	iptables -t raw -N tcpcrypt
 	iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
@@ -26,7 +13,7 @@ then
  
 	# launch `tcpcryptd` with `-x 0x10`
 fi
-if [ "$1" == "stop" ]
+if [ "$1" = "stop" ]
 then
 	iptables -t raw -F tcpcrypt
 	iptables -t raw -D PREROUTING -j tcpcrypt
@@ -34,5 +21,3 @@ then
 	iptables -t mangle -F tcpcrypt
 	iptables -t mangle -D PREROUTING -j tcpcrypt
 fi
-
-fi