diff --git a/.gitignore b/.gitignore
index a304dbd..c644d3f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -38,3 +38,4 @@
 /firewalld-0.4.1.tar.bz2
 /firewalld-0.4.1.2.tar.bz2
 /firewalld-0.4.2.tar.bz2
+/firewalld-0.4.3.1.tar.bz2
diff --git a/firewalld.spec b/firewalld.spec
index 010f0a8..faad38c 100644
--- a/firewalld.spec
+++ b/firewalld.spec
@@ -7,7 +7,7 @@
 
 Summary: A firewall daemon with D-Bus interface providing a dynamic firewall
 Name: firewalld
-Version: 0.4.2
+Version: 0.4.3.1
 Release: 1%{?dist}
 URL:     http://www.firewalld.org
 License: GPLv2+
@@ -42,8 +42,17 @@ Requires: python3-firewall  = %{version}-%{release}
 %else #0%{?use_python3}
 Requires: python-firewall  = %{version}-%{release}
 %endif #0%{?use_python3}
-%if 0%{?fedora} == 21
-Requires: firewalld-config
+%if 0%{?fedora} == 23
+Conflicts: selinux-policy < 3.13.1-158.21
+%endif
+%if 0%{?fedora} == 24
+Conflicts: selinux-policy < 3.13.1-191.3
+%endif
+%if 0%{?fedora} > 24
+Conflicts: selinux-policy < 3.13.1-199
+%endif
+%if 0%{?rhel} > 7
+Conflicts: selinux-policy < 3.13.1-81
 %endif
 
 %if 0%{?fedora} > 21
@@ -109,7 +118,7 @@ Requires: PyQt4
 Requires: pygobject3-base
 %endif
 Requires: libnotify
-Requires: NetworkManager-glib
+Requires: NetworkManager-libnm
 Requires: dbus-x11
 
 %description -n firewall-applet
@@ -126,49 +135,13 @@ Requires: python3-gobject
 %else
 Requires: pygobject3-base
 %endif
-Requires: NetworkManager-glib
+Requires: NetworkManager-libnm
 Requires: dbus-x11
 
 %description -n firewall-config
 The firewall configuration application provides an configuration interface for 
 firewalld.
 
-%if 0%{?fedora} == 21
-%package config-standard
-Summary: Firewalld standard configuration settings
-Requires: firewalld = %{version}-%{release}
-Provides: firewalld-config
-Conflicts: system-release-server
-Conflicts: firewalld-config-server
-Conflicts: system-release-workstation
-Conflicts: firewalld-config-workstation
-
-%description config-standard
-Standard product firewalld configuration settings.
-
-%package config-server
-Summary: Firewalld server configuration settings
-Provides: firewalld-config
-Requires: firewalld = %{version}-%{release}
-Requires: system-release-server
-Conflicts: firewalld-config-workstation
-Conflicts: firewalld-config-standard
-
-%description config-server
-Server product specific firewalld configuration settings.
-
-%package config-workstation
-Summary: Firewalld workstation configuration settings
-Provides: firewalld-config
-Requires: firewalld = %{version}-%{release}
-Requires: system-release-workstation
-Conflicts: firewalld-config-server
-Conflicts: firewalld-config-standard
-
-%description config-workstation
-Workstation product specific firewalld configuration settings.
-%endif
-
 %prep
 %setup -q
 %if 0%{?fedora}
@@ -316,55 +289,12 @@ fi
 /usr/bin/gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || :
 /usr/bin/glib-compile-schemas %{_datadir}/glib-2.0/schemas &> /dev/null || :
 
-%if 0%{?fedora} == 21
-%post config-standard
-if [ $1 -eq 1 ]; then # Initial installation
-    # link standard config
-    rm -f %{_sysconfdir}/firewalld/firewalld.conf
-    ln -sf firewalld-standard.conf %{_sysconfdir}/firewalld/firewalld.conf || :
-fi
-
-%triggerin config-standard -- firewalld
-if [ $1 -eq 1 ]; then
-    # link server policy
-    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
-fi
-
-%post config-server
-if [ $1 -eq 1 ]; then # Initial installation
-    # link server config
-    rm -f %{_sysconfdir}/firewalld/firewalld.conf
-    ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || :
-fi
-
-%triggerin config-server -- firewalld
-if [ $1 -eq 1 ]; then
-    # link server policy
-    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-    ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
-fi
-
-%post config-workstation
-if [ $1 -eq 1 ]; then # Initial installation
-    # link workstation config
-    rm -f %{_sysconfdir}/firewalld/firewalld.conf
-    ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || :
-fi
-
-%triggerin config-workstation -- firewalld
-if [ $1 -eq 1 ]; then
-    # link desktop policy
-    rm -f %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-    ln -sf org.fedoraproject.FirewallD1.desktop.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
-fi
-%endif
-
 %files -f %{name}.lang
 %doc COPYING README
 %{_sbindir}/firewalld
 %{_bindir}/firewall-cmd
 %{_bindir}/firewall-offline-cmd
+%{_bindir}/firewallctl
 %dir %{_datadir}/bash-completion/completions
 %{_datadir}/bash-completion/completions/firewall-cmd
 %{_prefix}/lib/firewalld/icmptypes/*.xml
@@ -374,9 +304,6 @@ fi
 %{_prefix}/lib/firewalld/xmlschema/check.sh
 %{_prefix}/lib/firewalld/xmlschema/*.xsd
 %attr(0750,root,root) %dir %{_sysconfdir}/firewalld
-%if 0%{?fedora} <= 20
-%config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
-%endif
 %if 0%{?fedora} > 21
 %ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
 %config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
@@ -396,13 +323,11 @@ fi
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/FirewallD.conf
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy
 %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy
-%if 0%{?fedora} <= 20
-%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-%endif
 %if 0%{?fedora} > 21
 %ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
 %endif
 %{_mandir}/man1/firewall*cmd*.1*
+%{_mandir}/man1/firewallctl*.1*
 %{_mandir}/man1/firewalld*.1*
 %{_mandir}/man5/firewall*.5*
 
@@ -471,24 +396,84 @@ fi
 %{_datadir}/glib-2.0/schemas/org.fedoraproject.FirewallConfig.gschema.xml
 %{_mandir}/man1/firewall-config*.1*
 
-%if 0%{?fedora} == 21
-%files config-standard
-%config(noreplace) %{_sysconfdir}/firewalld/firewalld-standard.conf
-%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
-%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-
-%files config-server
-%config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
-%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
-%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-
-%files config-workstation
-%config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
-%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
-%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
-%endif
-
 %changelog
+* Tue Jun 28 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.3.1-1
+- New firewalld release 0.4.3.1
+- firewall.command: Fix python3 DBusException message not interable error
+- src/Makefile.am: Fix path in firewall-[offline-]cmd_test.sh while installing
+- firewallctl: Do not trace back on list command without further arguments
+- firewallctl (man1): Added remaining sections zone, service, ..
+- firewallctl: Added runtime-to-permanent, interface and source parser,
+  IndividualCalls setting
+- firewall.server.config: Allow to set IndividualCalls property in config
+  interface
+- Fix missing icmp rules for some zones
+- runProg: Fix issue with running programs
+- firewall-offline-cmd: Fix issues with missing system-config-firewall
+- firewall.core.ipXtables: Split up source and dest addresses for transaction
+- firewall.server.config: Log error in case of loading malformed files in
+  watcher
+- Install and package the firewallctl man page
+- New firewallctl utility (RHBZ#1147959)
+- doc.xml.seealso: Show firewalld.dbus in See Also sections
+- firewall.core.fw_config: Create backup on zone, service, ipset and icmptype
+  removal (RHBZ#1339251)
+- {zone,service,ipset,icmptype}_writer: Do not fail on failed backup
+- firewall-[offline-]cmd: Fix --new-X-from-file options for files in cwd
+- firewall-cmd: Dropped duplicate setType call in --new-ipset
+- radius service: Support also tcp ports (RBZ#1219717)
+- xmlschemas: Support source-port, protocol, icmp-block-inversion and ipset
+  sources
+- config.xmlschema.service.xsd: Fix service destination conflicts
+  (RHBZ#1296573)
+- firewall-cmd, firewalld man: Information about new NetworkManager and ifcfg
+- firewall.command: Only print summary and description in print_X_info with
+  verbose
+- firewall.command: print_msg should be able to print empty lines
+- firewall-config: No processing of runtime passthroughs signals in permanent
+- Landspace.io fixes and pylint calm downs
+- firewall.core.io.zone: Add zone_reader and zone_writer to __all__, pylint
+  fixes
+- firewall-config: Fixed titles of command and context dialogs, also entry
+  lenths
+- firewall-config: pylint calm downs
+- firewall.core.fw_zone: Fix use of MAC source in rich rules without ipv limit
+- firewall-config: Use self.active_zoens in conf_zone_added_cb
+- firewall.command: New parse_port, extended parse methods with more checks
+- firewall.command: Fixed parse_port to use the separator in the split call
+- firewall.command: New [de]activate_exception_handler, raise error in parse_X
+- services ha: Allow corosync-qnetd port
+- firewall-applet: Support for kde5-nm-connection-editor
+- tests/firewall-offline-cmd_test.sh: New tests for service and icmptype
+  modifications
+- firewall-offline-cmd: Use FirewallCommand for simplification and sequence
+  options
+- tests/firewall-cmd_test.sh: New tests for service and icmptype modifications
+- firewall-cmd: Fixed set, remove and query destination options for services
+- firewall.core.io.service: Source ports have not been checked in _check_config
+- firewall.core.fw_zone: Method check_source_port is not used, removed
+- firewall.core.base: Added default to ZONE_TARGETS
+- firewall.client: Allow to remove ipv:address pair for service destinations
+- tests/firewall-offline-cmd_test.sh: There is no timeout option in permanent
+- firewall-cmd: Landscape.io fixes, pylint calm downs
+- firewall-cmd: Use FirewallCommand for simplification and sequence options
+- firewall.command: New FirewallCommand for command line client simplification
+- New services: kshell, rsh, ganglia-master, ganglia-client
+- firewalld: Cleanup of unused imports, do not translate some deamon messages
+- firewalld: With fd close interation in runProg, it is not needed here anymore
+- firewall.core.prog: Add fd close iteration to runProg
+- firewall.core.fw_nm: Hide NM typelib import, new nm_get_dbus_interface
+  function
+- firewalld.spec: Require NetworkManager-libnm instead of NetworkManager-glib
+- firewall-config: New add/remove ipset entries from file, remove all entries
+- firewall-applet: Fix tooltip after applet start with connection to firewalld
+- firewall-config: Select new zone, service or icmptype if the view was empty
+- firewalld.spec: Added build requires for iptables, ebtables and ipset
+- Adding nf_conntrack_sip module to the service SIP
+- firewall: core: fw_ifcfg: Quickly return if ifcfg directory does not exist
+- Drop unneeded python shebangs
+- Translation updates
+
 * Mon May 30 2016 Thomas Woerner <twoerner@redhat.com> - 0.4.2-1
 - New module to search for and change ifcfg files for interfaces not under
   control of NM
diff --git a/sources b/sources
index 0350e5b..fd707c1 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-f0a24194b017a7d11eafa22e85829cc9  firewalld-0.4.1.2.tar.bz2
-21983c929bd5061df73408a11cb3a8fd  firewalld-0.4.2.tar.bz2
+9152e7c2c84caf24530b8581a5ad463d  firewalld-0.4.3.1.tar.bz2