diff --git a/ChangeLog b/ChangeLog
index 0e2210b7..bbad4e89 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -49,6 +49,9 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
      to Should- rc init fields
 
 - New Features:
+  Edgar Hoch
+	 * action.d/firewall-cmd-direct-new.conf - action for firewalld
+     from https://bugzilla.redhat.com/show_bug.cgi?id=979622
   Andy Fragen and Daniel Black
    * filter.d/osx-ipfw.conf - ipfw action for OSX based on random rule
      numbers.
@@ -86,6 +89,8 @@ ver. 0.8.11 (2013/XX/XXX) - loves-unittests
    * filter.d/gssftpd - anchored regex at start
    * filter.d/sogo-auth - anchor regex at start
    * filter.d/mysqld-auth.conf - mysql can use syslog
+   * filter.d/postfix-sasl - renamed from sasl, anchor at start and base on
+     syslog
    * fail2ban-regex - now generates http://www.debuggex.com urls for debugging
 	 	 regular expressions with the -D parameter.
    * filter.d/sshd - regex enhancements to support openssh-6.3. Closes Debian
diff --git a/config/action.d/complain.conf b/config/action.d/complain.conf
index 57f19135..ad14a87e 100644
--- a/config/action.d/complain.conf
+++ b/config/action.d/complain.conf
@@ -78,7 +78,7 @@ logpath = /dev/null
 
 # Option:  mailcmd
 # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
-# Values:  CMD  Default: mail -s
+# Values:  CMD
 #
 mailcmd = mail -s
 
@@ -89,7 +89,7 @@ mailcmd = mail -s
 #          Appear to come from a different address - the '--' indicates
 #          arguments to be passed to Sendmail:
 #              -- -f me@example.com
-# Values:  [ STRING ]  Default: (empty)
+# Values:  [ STRING ]
 #
 mailargs =
 
diff --git a/config/action.d/dshield.conf b/config/action.d/dshield.conf
index 29ed3043..a0041986 100644
--- a/config/action.d/dshield.conf
+++ b/config/action.d/dshield.conf
@@ -106,7 +106,7 @@ actionunban = if [ -f <tmpfile>.first ]; then
 # Option:  port
 # Notes.:  The target port for the attack (numerical). MUST be provided in the
 #          jail config, as it cannot be detected here.
-# Values:  [ NUM ]  Default: ???
+# Values:  [ NUM ]
 #
 port = ???
 
@@ -114,7 +114,7 @@ port = ???
 # Notes.:  Your DShield user ID. Should be provided either in the jail config or
 #          in a .local file.
 #          Register at https://secure.dshield.org/register.html
-# Values:  [ NUM ]  Default: 0
+# Values:  [ NUM ]
 #
 userid = 0
 
@@ -137,7 +137,7 @@ protocol = tcp
 # Notes.:  How many lines to buffer before making a report. Regardless of this,
 #          reports are sent a minimum of <minreportinterval> apart, or if the
 #          buffer contains an event over <maxbufferage> old, or on shutdown
-# Values:  [ NUM ]  Default: 50
+# Values:  [ NUM ]
 #
 lines = 50
 
@@ -145,7 +145,7 @@ lines = 50
 # Notes.:  Minimum period (in seconds) that must elapse before we submit another
 #          batch of reports. DShield request a minimum of 1 hour (3600 secs)
 #          between reports.
-# Values:  [ NUM ]  Default: 3600
+# Values:  [ NUM ]
 #
 minreportinterval = 3600
 
@@ -154,27 +154,27 @@ minreportinterval = 3600
 #          submit the batch, even if we haven't reached <lines> yet. Note that
 #          this is only checked on each ban/unban, and that we always send
 #          anything in the buffer on shutdown. Must be greater than
-# Values:  [ NUM ]  Default: 21600 (6 hours)
+# Values:  [ NUM ]
 #
 maxbufferage = 21600
 
 # Option:  srcport
 # Notes.:  The source port of the attack. You're unlikely to have this info, so
 #          you can leave the default
-# Values:  [ NUM ]  Default: ???
+# Values:  [ NUM ]
 #
 srcport = ???
 
 # Option:  tcpflags
 # Notes.:  TCP flags on attack. You're unlikely to have this info, so you can
 #          leave empty
-# Values:  [ STRING ]  Default: (empty)
+# Values:  [ STRING ]
 #
 tcpflags =
 
 # Option:  mailcmd
 # Notes.:  Your system mail command. Is passed 2 args: subject and recipient
-# Values:  CMD  Default: mail -s
+# Values:  CMD
 #
 mailcmd = mail -s
 
@@ -186,19 +186,19 @@ mailcmd = mail -s
 #          the one configured at DShield - the '--' indicates arguments to be
 #          passed to Sendmail):
 #              -- -f me@example.com
-# Values:  [ STRING ]  Default: (empty)
+# Values:  [ STRING ]
 #
 mailargs =
 
 # Option:  dest
 # Notes.:  Destination e-mail address for reports
-# Values:  [ STRING ]  Default: reports@dshield.org
+# Values:  [ STRING ]
 #
 dest = reports@dshield.org
 
 # Option:  tmpfile
 # Notes.:  Base name of temporary files used for buffering
-# Values:  [ STRING ]  Default: /var/run/fail2ban/tmp-dshield
+# Values:  [ STRING ]
 #
 tmpfile = /var/run/fail2ban/tmp-dshield
 
diff --git a/config/action.d/firewall-cmd-direct-new.conf b/config/action.d/firewall-cmd-direct-new.conf
new file mode 100644
index 00000000..ac06aa57
--- /dev/null
+++ b/config/action.d/firewall-cmd-direct-new.conf
@@ -0,0 +1,58 @@
+# Fail2Ban configuration file
+#
+# Author: Edgar Hoch
+# Copied from iptables-new.conf and modified for use with firewalld by Edgar Hoch.
+#  It uses "firewall-cmd" instead of "iptables".
+#  firewall-cmd is based on the command of version firewalld-0.3.4-1.fc19.
+
+[INCLUDES]
+
+before = iptables-blocktype.conf
+
+[Definition]
+
+actionstart = firewall-cmd --direct --add-chain ipv4 filter fail2ban-<name>
+              firewall-cmd --direct --add-rule ipv4 filter fail2ban-<name> 1000 -j RETURN
+              firewall-cmd --direct --add-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+
+# The following rule does not work, because firewalld keeps its own database of firewall rules.
+# firewall-cmd --direct --passthrough ipv4 -F fail2ban-<name>
+# The better rule would be the following, but firewall-cmd has not implemented this command with firewalld-0.3.3-2.fc19 .
+# firewall-cmd --direct --flush-chain ipv4 filter fail2ban-<name>
+# The following is a workaround using a loop to implement the --flush-chain command.
+# https://fedorahosted.org/firewalld/ticket/10
+
+actionstop = firewall-cmd --direct --remove-rule ipv4 filter <chain> 0 -m state --state NEW -p <protocol> --dport <port> -j fail2ban-<name>
+             ( IFS='|' ; for r in $( firewall-cmd --direct --get-rules ipv4 filter fail2ban-<name> | tr '\n' '|' ) ; do eval firewall-cmd --direct --remove-rule ipv4 filter fail2ban-<name> $r ; done )
+             firewall-cmd --direct --remove-chain ipv4 filter fail2ban-<name>
+
+actioncheck = firewall-cmd --direct --get-chains ipv4 filter | grep -q 'fail2ban-<name>[ \t]'
+
+actionban = firewall-cmd --direct --add-rule ipv4 filter fail2ban-<name> 0 -s <ip> -j <blocktype>
+
+actionunban = firewall-cmd --direct --remove-rule ipv4 filter fail2ban-<name> 0 -s <ip> -j <blocktype>
+
+[Init]
+
+# Default name of the chain
+#
+name = default
+
+# Option:  port
+# Notes.:  specifies port to monitor
+# Values:  [ NUM | STRING ]
+#
+port = ssh
+
+# Option:  protocol
+# Notes.:  internally used by config reader for interpolations.
+# Values:  [ tcp | udp | icmp | all ]
+#
+protocol = tcp
+
+# Option:  chain
+# Notes    specifies the iptables chain to which the fail2ban rules should be
+#          added
+# Values:  [ STRING ]
+#
+chain = INPUT_direct
diff --git a/config/action.d/pf.conf b/config/action.d/pf.conf
index d82cbb12..edcaa175 100644
--- a/config/action.d/pf.conf
+++ b/config/action.d/pf.conf
@@ -56,7 +56,7 @@ actionunban = /sbin/pfctl -t <tablename> -T delete <ip>/32
 [Init]
 # Option:  tablename
 # Notes.:  The pf table name.
-# Values:  [ STRING ]  Default: fail2ban
+# Values:  [ STRING ]
 #
 tablename = fail2ban
 
diff --git a/config/fail2ban.conf b/config/fail2ban.conf
index 4094c8cd..2c487e51 100644
--- a/config/fail2ban.conf
+++ b/config/fail2ban.conf
@@ -11,24 +11,24 @@
 
 [Definition]
 
-# Option:  loglevel
-# Notes.:  Set the log level output.
-#          1 = ERROR
-#          2 = WARN
-#          3 = INFO
-#          4 = DEBUG
-# Values:  NUM  Default:  3
+# Option: loglevel
+# Notes.: Set the log level output.
+#         1 = ERROR
+#         2 = WARN
+#         3 = INFO
+#         4 = DEBUG
+# Values: [ NUM ]  Default: 1
 #
 loglevel = 3
 
-# Option:  logtarget
-# Notes.:  Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
-#          Only one log target can be specified.
-#          If you change logtarget from the default value and you are
-#          using logrotate -- also adjust or disable rotation in the
-#          corresponding configuration file
-#          (e.g. /etc/logrotate.d/fail2ban on Debian systems)
-# Values:  STDOUT STDERR SYSLOG file  Default:  /var/log/fail2ban.log
+# Option: logtarget
+# Notes.: Set the log target. This could be a file, SYSLOG, STDERR or STDOUT.
+#         Only one log target can be specified.
+#         If you change logtarget from the default value and you are
+#         using logrotate -- also adjust or disable rotation in the
+#         corresponding configuration file
+#         (e.g. /etc/logrotate.d/fail2ban on Debian systems)
+# Values: [ STDOUT | STDERR | SYSLOG | FILE ]  Default: STDERR
 #
 logtarget = /var/log/fail2ban.log
 
@@ -36,14 +36,14 @@ logtarget = /var/log/fail2ban.log
 # Notes.: Set the socket file. This is used to communicate with the daemon. Do
 #         not remove this file when Fail2ban runs. It will not be possible to
 #         communicate with the server afterwards.
-# Values: FILE  Default:  /var/run/fail2ban/fail2ban.sock
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.sock
 #
 socket = /var/run/fail2ban/fail2ban.sock
 
 # Option: pidfile
 # Notes.: Set the PID file. This is used to store the process ID of the
 #         fail2ban server.
-# Values: FILE  Default:  /var/run/fail2ban/fail2ban.pid
+# Values: [ FILE ]  Default: /var/run/fail2ban/fail2ban.pid
 #
 pidfile = /var/run/fail2ban/fail2ban.pid
 
diff --git a/config/filter.d/postfix-sasl.conf b/config/filter.d/postfix-sasl.conf
new file mode 100644
index 00000000..c720abc1
--- /dev/null
+++ b/config/filter.d/postfix-sasl.conf
@@ -0,0 +1,16 @@
+# Fail2Ban configuration file
+#
+# Author: Yaroslav Halchenko
+#
+#
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+_daemon = postfix/smtpd
+
+failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
+
diff --git a/config/filter.d/sasl.conf b/config/filter.d/sasl.conf
deleted file mode 100644
index 6c4aeba7..00000000
--- a/config/filter.d/sasl.conf
+++ /dev/null
@@ -1,22 +0,0 @@
-# Fail2Ban configuration file
-#
-# Author: Yaroslav Halchenko
-#
-#
-
-[Definition]
-
-# Option: failregex
-# Notes.: regex to match the password failures messages in the logfile. The
-#          host must be matched by a group named "host". The tag "<HOST>" can
-#          be used for standard IP/hostname matching and is only an alias for
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
-# Values: TEXT
-#
-failregex = (?i): warning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
-
-# Option:  ignoreregex
-# Notes.:  regex to ignore. If this regex matches, the line is ignored.
-# Values:  TEXT
-#
-ignoreregex = 
diff --git a/config/jail.conf b/config/jail.conf
index e6a89cba..594dfc3b 100644
--- a/config/jail.conf
+++ b/config/jail.conf
@@ -92,7 +92,7 @@ maxretry = 6
 [sasl-iptables]
 
 enabled  = false
-filter   = sasl
+filter   = postfix-sasl
 backend  = polling
 action   = iptables[name=sasl, port=smtp, protocol=tcp]
            sendmail-whois[name=sasl, dest=you@example.com]
diff --git a/testcases/files/logs/sasl b/testcases/files/logs/postfix-sasl
similarity index 100%
rename from testcases/files/logs/sasl
rename to testcases/files/logs/postfix-sasl