diff --git a/iptables-1.4.2-debian-howtos.tar.bz2 b/iptables-1.4.2-debian-howtos.tar.bz2
deleted file mode 100644
index b097b39..0000000
--- a/iptables-1.4.2-debian-howtos.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c1142b9bafeb94336e23a47731dae7d2295d8c53f0f81edf927f0799e9b63e97
-size 57562
diff --git a/iptables-1.4.2.tar.bz2 b/iptables-1.4.2.tar.bz2
deleted file mode 100644
index fe5433d..0000000
--- a/iptables-1.4.2.tar.bz2
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7b21e1e8b12a08d7ee54f83a9070950961a0a3c7d8cbeabe496a2bc4fb806c65
-size 435891
diff --git a/iptables-1.4.3-howtos.tar.bz2 b/iptables-1.4.3-howtos.tar.bz2
new file mode 100644
index 0000000..2ce1918
--- /dev/null
+++ b/iptables-1.4.3-howtos.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d8c28e765de073bb75759ba8a4ae87c972ac805e4638d6addcc740cf75472cab
+size 67369
diff --git a/iptables-1.4.3.2.tar.bz2 b/iptables-1.4.3.2.tar.bz2
new file mode 100644
index 0000000..44d15ee
--- /dev/null
+++ b/iptables-1.4.3.2.tar.bz2
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:dec9b2248ba6824825011b73034bb43ca97d9c2d02e4024dc01549afd09ed3b1
+size 432131
diff --git a/iptables-batch.patch b/iptables-batch.patch
index 741683e..daaca75 100644
--- a/iptables-batch.patch
+++ b/iptables-batch.patch
@@ -1,6 +1,8 @@
---- Makefile.am
-+++ Makefile.am
-@@ -31,6 +31,11 @@
+Index: Makefile.am
+===================================================================
+--- Makefile.am.orig	2009-04-06 13:09:17.000000000 +0200
++++ Makefile.am	2009-04-20 14:34:45.000000000 +0200
+@@ -44,6 +44,11 @@ iptables_save_SOURCES     = iptables-sav
  iptables_save_LDFLAGS     = ${iptables_LDFLAGS}
  iptables_save_LDADD       = ${iptables_LDADD}
  
@@ -10,9 +12,9 @@
 +iptables_batch_LDADD      = ${iptables_LDADD}
 +
  # iptables-multi, semi-static
- iptables_static_SOURCES   = ${iptables_multi_SOURCES}
+ iptables_static_SOURCES   = ${iptables_multi_SOURCES} xtables.c
  iptables_static_CFLAGS    = ${iptables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-@@ -58,6 +63,11 @@
+@@ -71,6 +76,11 @@ ip6tables_save_SOURCES    = ip6tables-sa
  ip6tables_save_LDFLAGS    = ${ip6tables_LDFLAGS}
  ip6tables_save_LDADD      = ${ip6tables_LDADD}
  
@@ -22,24 +24,29 @@
 +ip6tables_batch_LDADD     = ${ip6tables_LDADD}
 +
  # iptables-multi, semi-static
- ip6tables_static_SOURCES    = ${ip6tables_multi_SOURCES}
+ ip6tables_static_SOURCES    = ${ip6tables_multi_SOURCES} xtables.c
  ip6tables_static_CFLAGS     = ${ip6tables_multi_CFLAGS} -DNO_SHARED_LIBS=1
-@@ -82,8 +92,8 @@
- sbin_PROGRAMS += iptables-static ip6tables-static
+@@ -94,10 +104,10 @@ endif
  endif
  if ENABLE_SHARED
--sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save \
--                 ip6tables ip6tables-multi ip6tables-restore ip6tables-save
-+sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save iptables-batch \
-+                 ip6tables ip6tables-multi ip6tables-restore ip6tables-save ip6tables-batch
+ if ENABLE_IPV4
+-sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save
++sbin_PROGRAMS += iptables iptables-multi iptables-restore iptables-save iptables-batch
+ endif
+ if ENABLE_IPV6
+-sbin_PROGRAMS += ip6tables ip6tables-multi ip6tables-restore ip6tables-save
++sbin_PROGRAMS += ip6tables ip6tables-multi ip6tables-restore ip6tables-save ip6tables-batch
+ endif
  endif
  
- iptables.8: ${srcdir}/iptables.8.in extensions/matches4.man extensions/targets4.man
---- iptables-batch.c
-+++ iptables-batch.c
-@@ -0,0 +1,450 @@
+Index: iptables-batch.c
+===================================================================
+--- /dev/null	1970-01-01 00:00:00.000000000 +0000
++++ iptables-batch.c	2009-04-21 14:02:54.000000000 +0200
+@@ -0,0 +1,466 @@
 +/*
 + * Author: Ludwig Nussel <ludwig.nussel@suse.de>
++ * Update for iptables 1.4.3.x: Petr Uzel <petr.uzel@suse.cz>
 + *
 + * Based on the ipchains code by Paul Russell and Michael Neuling
 + *
@@ -84,6 +91,14 @@
 +#endif
 +#include <xtables.h>
 +
++#ifdef IP6T
++#define prog_name ip6tables_globals.program_name
++#define prog_ver ip6tables_globals.program_version
++#else
++#define prog_name iptables_globals.program_name
++#define prog_ver iptables_globals.program_version
++#endif
++
 +static char* errstr = NULL;
 +
 +static unsigned current_line = 0;
@@ -219,9 +234,9 @@
 +{
 +	char* name;
 +#ifdef IP6T
-+	ip6tc_handle_t handle;
++	struct ip6tc_handle *handle;
 +#else
-+	iptc_handle_t handle;
++	struct iptc_handle *handle;
 +#endif
 +};
 +
@@ -343,17 +358,17 @@
 +		if(tables[i].handle)
 +		{
 +#ifdef IP6T
-+			if(!ip6tc_commit(&tables[i].handle))
-+			{
++			ret = ip6tc_commit(tables[i].handle);
++			if (!ret)
 +				fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, ip6tc_strerror(errno));
-+				ret = 0;
-+			}
++			ip6tc_free(tables[i].handle);
++			tables[i].handle = NULL;
 +#else
-+			if(!iptc_commit(&tables[i].handle))
-+			{
++			ret = iptc_commit(tables[i].handle);
++			if (!ret)
 +				fprintf(stderr, "commit failed on table %s: %s\n", tables[i].name, iptc_strerror(errno));
-+				ret = 0;
-+			}
++			iptc_free(tables[i].handle);
++			tables[i].handle = NULL;
 +#endif
 +		}
 +	}
@@ -364,7 +379,7 @@
 +static void
 +help(void)
 +{
-+	fprintf(stderr, "Usage: %s [FILE]\n\n", program_name);
++	fprintf(stderr, "Usage: %s [FILE]\n\n", prog_name);
 +	puts("Read iptables commands from FILE, commit them at EOF\n");
 +	puts("In addition to normal iptables calls the commands");
 +	puts("'commit' and 'exit' are understood.");
@@ -375,6 +390,7 @@
 +main(int argc, char *argv[])
 +{
 +	int ret = 1;
++	int c;
 +	int numtok;
 +	size_t llen = 0;
 +	char* iline = NULL;
@@ -384,14 +400,23 @@
 +	FILE* fp = stdin;
 +
 +#ifdef IP6T
-+	program_name = "ip6tables-batch";
++	prog_name = "ip6tables-batch";
 +#else
-+	program_name = "iptables-batch";
++	prog_name = "iptables-batch";
 +#endif
-+	lib_dir = getenv("XTABLES_LIBDIR");
-+	if (!lib_dir)
-+		lib_dir = XTABLES_LIBDIR;
-+	program_version = XTABLES_VERSION;
++
++#ifdef IP6T
++	c = xtables_init_all(&ip6tables_globals, NFPROTO_IPV6);
++#else
++	c = xtables_init_all(&iptables_globals, NFPROTO_IPV4);
++#endif
++
++	if(c < 0) {
++		fprintf(stderr, "%s/%s Failed to initialize xtables\n",
++				prog_name,
++				prog_ver);
++		exit(1);
++	}
 +
 +#ifdef NO_SHARED_LIBS
 +	init_extensions();
@@ -483,8 +508,5 @@
 +		}
 +	}
 +
-+	if(ret)
-+		ret = do_commit();
-+
 +	exit(!ret);
 +}
diff --git a/iptables.changes b/iptables.changes
index e07f487..8424a70 100644
--- a/iptables.changes
+++ b/iptables.changes
@@ -1,3 +1,22 @@
+-------------------------------------------------------------------
+Tue Apr 21 14:15:16 CEST 2009 - puzel@suse.cz
+
+- update to 1.4.3.2
+  - numerous documentation updates and bugfixes
+  - set of changes to move some of the iptables functionality to a shared
+	library for tc and m_ipt
+  - make libiptc available as shared library (closes bnc#487629)
+  - IPv6 support for the recent match
+  - TPROXY support
+  - SCTP/DCCP NAT support
+
+- INCOMPATIBILITY: This release starts enforcing the deprecation of NAT
+  filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will
+  cause an error instead of a warning from now on.
+
+- rework iptables-batch.patch (libiptc interface has changed)
+- update howtos
+
 -------------------------------------------------------------------
 Fri Jan 16 14:57:14 CET 2009 - prusnak@suse.cz
 
diff --git a/iptables.spec b/iptables.spec
index 6981396..415a5fd 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -1,5 +1,5 @@
 #
-# spec file for package iptables (Version 1.4.2)
+# spec file for package iptables (Version 1.4.3.2)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
@@ -21,11 +21,12 @@
 Name:           iptables
 License:        GPL v2 or later
 Group:          Productivity/Networking/Security
-Version:        1.4.2
+Version:        1.4.3.2
 Release:        1
 Summary:        IP Packet Filter Administration
 Source0:        %{name}-%{version}.tar.bz2
-Source1:        %{name}-%{version}-debian-howtos.tar.bz2
+# http://netfilter.org/documentation/index.html#documentation-howto
+Source1:        %{name}-1.4.3-howtos.tar.bz2
 Patch0:         %{name}-batch.patch
 Url:            http://www.iptables.org
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
@@ -74,6 +75,7 @@ make
 %install
 make DESTDIR=$RPM_BUILD_ROOT install
 rm -f $RPM_BUILD_ROOT%{_libdir}/libxtables.la
+rm -f $RPM_BUILD_ROOT%{_libdir}/libiptc.la
 
 %clean
 rm -rf $RPM_BUILD_ROOT
@@ -100,8 +102,23 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/*.a
 %{_libdir}/*.so
 %{_libdir}/pkgconfig/xtables.pc
+%{_libdir}/pkgconfig/libiptc.pc
 
 %changelog
+* Tue Apr 21 2009 puzel@suse.cz
+- update to 1.4.3.2
+  - numerous documentation updates and bugfixes
+  - set of changes to move some of the iptables functionality to a shared
+  library for tc and m_ipt
+  - make libiptc available as shared library (closes bnc#487629)
+  - IPv6 support for the recent match
+  - TPROXY support
+  - SCTP/DCCP NAT support
+- INCOMPATIBILITY: This release starts enforcing the deprecation of NAT
+  filtering that was added in 1.4.2-rc1, filtering rules in the NAT tables will
+  cause an error instead of a warning from now on.
+- rework iptables-batch.patch (libiptc interface has changed)
+- update howtos
 * Fri Jan 16 2009 prusnak@suse.cz
 - updated to 1.4.2
   * remove dependency on libiptc headers