diff --git a/srcpkgs/ufw/files/ufw/finish b/srcpkgs/ufw/files/ufw/finish
index cbd2c1b2653..4c009e9c685 100755
--- a/srcpkgs/ufw/files/ufw/finish
+++ b/srcpkgs/ufw/files/ufw/finish
@@ -1,3 +1,3 @@
 #!/bin/sh
 set -e
-exec ufw disable > /dev/null 2>&1
+exec /usr/lib/ufw/ufw-init stop
diff --git a/srcpkgs/ufw/files/ufw/run b/srcpkgs/ufw/files/ufw/run
index 0158299a73c..41b6523de68 100755
--- a/srcpkgs/ufw/files/ufw/run
+++ b/srcpkgs/ufw/files/ufw/run
@@ -1,4 +1,4 @@
 #!/bin/sh
 set -e
-ufw enable > /dev/null 2>&1
+/usr/lib/ufw/ufw-init start quiet
 exec chpst -b ufw pause
diff --git a/srcpkgs/ufw/patches/0001-use-default-tcp-syncookies.patch b/srcpkgs/ufw/patches/0001-use-default-tcp-syncookies.patch
new file mode 100644
index 00000000000..fab037af0a1
--- /dev/null
+++ b/srcpkgs/ufw/patches/0001-use-default-tcp-syncookies.patch
@@ -0,0 +1,15 @@
+Origin: r972
+Description: don't override distribution defaults for TCP syncookies
+Index: ufw-0.35/conf/sysctl.conf
+===================================================================
+--- ufw-0.35.orig/conf/sysctl.conf
++++ ufw-0.35/conf/sysctl.conf
+@@ -39,7 +39,7 @@ net/ipv4/conf/all/log_martians=0
+
+ # Change to '1' to enable TCP/IP SYN cookies This disables TCP Window Scaling
+ # (http://lkml.org/lkml/2008/2/5/167)
+-net/ipv4/tcp_syncookies=0
++#net/ipv4/tcp_syncookies=1
+
+ #net/ipv4/tcp_fin_timeout=30
+ #net/ipv4/tcp_keepalive_intvl=1800
diff --git a/srcpkgs/ufw/patches/0002-lp1633698.patch b/srcpkgs/ufw/patches/0002-lp1633698.patch
new file mode 100644
index 00000000000..815def8a6d5
--- /dev/null
+++ b/srcpkgs/ufw/patches/0002-lp1633698.patch
@@ -0,0 +1,19 @@
+Origin: r962
+Description: adjust ufw6-before-output rules for echo-reply and echo-request
+Bug-Ubuntu: https://launchpad.net/bugs/1633698
+
+Index: ufw-0.35/conf/before6.rules
+===================================================================
+--- ufw-0.35.orig/conf/before6.rules
++++ ufw-0.35/conf/before6.rules
+@@ -77,8 +77,8 @@
+ -A ufw6-before-output -p icmpv6 --icmpv6-type time-exceeded -j ACCEPT
+ # codes 0-2
+ -A ufw6-before-output -p icmpv6 --icmpv6-type parameter-problem -j ACCEPT
+--A ufw6-before-input -p icmpv6 --icmpv6-type echo-request -j ACCEPT
+--A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
++-A ufw6-before-output -p icmpv6 --icmpv6-type echo-request -j ACCEPT
++-A ufw6-before-output -p icmpv6 --icmpv6-type echo-reply -j ACCEPT
+ -A ufw6-before-output -p icmpv6 --icmpv6-type router-solicitation -m hl --hl-eq 255 -j ACCEPT
+ -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-advertisement -m hl --hl-eq 255 -j ACCEPT
+ -A ufw6-before-output -p icmpv6 --icmpv6-type neighbor-solicitation -m hl --hl-eq 255 -j ACCEPT
diff --git a/srcpkgs/ufw/template b/srcpkgs/ufw/template
index 52b039c43a9..9c1326d8a8e 100644
--- a/srcpkgs/ufw/template
+++ b/srcpkgs/ufw/template
@@ -1,7 +1,7 @@
 # Template file for 'ufw'
 pkgname=ufw
 version=0.35
-revision=5
+revision=6
 hostmakedepends="python iptables"
 depends="$hostmakedepends"
 noarch=yes
@@ -9,9 +9,10 @@ pycompile_module="ufw"
 short_desc="Uncomplicated Firewall"
 maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="https://launchpad.net/ufw"
-license="GPL-3"
+license="GPL-3.0-only"
 distfiles="http://launchpad.net/ufw/${version}/${version}/+download/ufw-${version}.tar.gz"
 checksum=662f865bc83bf8aa1a40a6fe578bc2ce796ff60a1be2c1103def7db1b91f8509
+patch_args="-p1"
 conf_files="
  /etc/ufw/after.init
  /etc/ufw/after.rules