diff --git a/tcpcrypt-firewalld.xml b/tcpcrypt-firewalld.xml
deleted file mode 100644
index 01ecbd0..0000000
--- a/tcpcrypt-firewalld.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<direct>
-  <chain ipv="ipv4" table="raw" chain="tcpcrypt"/>
-  <rule ipv="ipv4" table="raw" chain="tcpcrypt" priority="0">
-    -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
-  <rule ipv="ipv4" table="raw" chain="PREROUTING" priority="0">-j tcpcrypt</rule>
-
-  <chain ipv="ipv4" table="mangle" chain="tcpcrypt"/>
-  <rule ipv="ipv4" table="mangle" chain="tcpcrypt" priority="0">
-    -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666</rule>
-  <rule ipv="ipv4" table="mangle" chain="POSTROUTING" priority="0">-j tcpcrypt</rule>
-</direct>
diff --git a/tcpcrypt.spec b/tcpcrypt.spec
index 16ee275..050228a 100644
--- a/tcpcrypt.spec
+++ b/tcpcrypt.spec
@@ -4,14 +4,14 @@
 Summary: Opportunistically encrypt TCP connections
 Name: tcpcrypt
 Version: 0.5
-Release: 6%{?dist}
-License: BSD
+Release: 19%{?dist}
+# Automatically converted from old format: BSD - review is highly recommended.
+License: LicenseRef-Callaway-BSD
 Url: http://tcpcrypt.org/
 Source0: http://tcpcrypt.org//%{name}-%{version}.tar.gz
 SOURCE1: tmpfiles-tcpcrypt.conf
 SOURCE2: tcpcryptd.service
 SOURCE3: tcpcryptd-firewall
-SOURCE4: tcpcrypt-firewalld.xml
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
 BuildRequires: make
 BuildRequires:  gcc
@@ -22,9 +22,6 @@ BuildRequires: systemd
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
-Requires(pre): shadow-utils
-# we need to require it to install our file
-Requires: firewalld
 
 %description
 Provides a protocol that attempts to encrypt (almost) all of your
@@ -49,6 +46,11 @@ Contains libraries used by tcpcryptd server and tcpcrypt-aware applications
 %prep
 %autosetup
 
+# Create a sysusers.d config file
+cat >tcpcrypt.sysusers.conf <<EOF
+u tcpcryptd - 'tcpcrypt daemon account' /var/run/tcpcryptd -
+EOF
+
 %build
 sh bootstrap.sh
 %configure --disable-static --disable-rpath
@@ -62,8 +64,8 @@ mkdir -p %{buildroot}%{_sysconfdir}/tmpfiles.d/ %{buildroot}/run/tcpcryptd
 install -D -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/tcpcrypt.conf
 mkdir -p %{buildroot}%{_unitdir}
 install -m 0755 %{SOURCE2} %{buildroot}/%{_unitdir}/tcpcryptd.service
-# install firewalld policy needed for tracking and marking packets
-install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcpcryptd.xml
+
+install -m0644 -D tcpcrypt.sysusers.conf %{buildroot}%{_sysusersdir}/tcpcrypt.conf
 
 %files libs
 %doc README.markdown
@@ -80,8 +82,8 @@ install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcp
 %{_mandir}/man8/*
 %attr(0644,root,root) %{_tmpfilesdir}/tcpcrypt.conf
 %attr(0644,root,root) %{_unitdir}/tcpcryptd.service
-%attr(0644,root,root) %{_prefix}/lib/firewalld/services/tcpcryptd.xml
 %attr(0755,tcpcryptd,tcpcryptd) %dir /run/tcpcryptd
+%{_sysusersdir}/tcpcrypt.conf
 
 %files devel
 %{_libdir}/libtcpcrypt.so
@@ -90,11 +92,6 @@ install -D -m 0644 %{SOURCE4} %{buildroot}/%{_prefix}/lib/firewalld/services/tcp
 
 %ldconfig_scriptlets libs
 
-%pre
-getent group tcpcryptd >/dev/null || groupadd -r tcpcryptd
-getent passwd tcpcryptd >/dev/null || \
-useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \
--c "tcpcrypt daemon account" tcpcryptd || exit 0
 
 %post
 %systemd_post tcpcryptd.service
@@ -106,6 +103,45 @@ useradd -r -g tcpcryptd -d /var/run/tcpcryptd -s /sbin/nologin \
 %systemd_postun_with_restart tcpcryptd.service
 
 %changelog
+* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
+
+* Tue Feb 11 2025 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.5-18
+- Add sysusers.d config file to allow rpm to create users/groups automatically
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Wed Sep 04 2024 Miroslav Suchý <msuchy@redhat.com> - 0.5-16
+- convert license to SPDX
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-12
+- remove bash-isms from tcpcryptd-firewall
+
+* Thu Feb 23 2023 Eric Garver <eric@garver.life> - 0.5-11
+- remove broken firewalld service definition
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.5-7
+- Rebuilt with OpenSSL 3.0.0
+
 * Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-6
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
 
diff --git a/tcpcryptd-firewall b/tcpcryptd-firewall
index e598db8..33d1075 100755
--- a/tcpcryptd-firewall
+++ b/tcpcryptd-firewall
@@ -1,20 +1,7 @@
 #!/bin/sh
 
-# Check if we need to use firewalld or will handle rules directly with iptables
-
-
-systemctl status firewalld.service >/dev/null
-RETVAL=$?
-if [ $RETVAL  -eq 0 ]
-then
-   # use firewalld
-   firewall-cmd --reload
-   firewall-cmd --direct --get-rules ipv4 raw tcpcrypt
-   firewall-cmd --direct --get-rules ipv4 mangle tcpcrypt
-else
-   # use iptables manually
-
-if [ "$1" == "start" ]
+# use iptables manually
+if [ "$1" = "start" ]
 then
 	iptables -t raw -N tcpcrypt
 	iptables -t raw -A tcpcrypt -p tcp -m mark --mark 0x0/0x10 -j NFQUEUE --queue-num 666
@@ -26,7 +13,7 @@ then
  
 	# launch `tcpcryptd` with `-x 0x10`
 fi
-if [ "$1" == "stop" ]
+if [ "$1" = "stop" ]
 then
 	iptables -t raw -F tcpcrypt
 	iptables -t raw -D PREROUTING -j tcpcrypt
@@ -34,5 +21,3 @@ then
 	iptables -t mangle -F tcpcrypt
 	iptables -t mangle -D PREROUTING -j tcpcrypt
 fi
-
-fi