diff --git a/.github/workflows/spec.yml b/.github/workflows/spec.yml
@@ -0,0 +1,129 @@
+name: "Spec Tests"
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+  pull_request:
+
+env:
+  HONEYCOMB_WRITEKEY: 7f3c63a70eecc61d635917de46bea4e6
+  HONEYCOMB_DATASET: litmus tests
+
+jobs:
+  setup_matrix:
+    name: "Setup Test Matrix"
+    runs-on: ubuntu-20.04
+    outputs:
+      spec_matrix: ${{ steps.get-matrix.outputs.spec_matrix }}
+
+    steps:
+      - name: "Honeycomb: Start recording"
+        uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1
+        with:
+          apikey: ${{ env.HONEYCOMB_WRITEKEY }}
+          dataset: ${{ env.HONEYCOMB_DATASET }}
+          job-status: ${{ job.status }}
+
+      - name: "Honeycomb: Start first step"
+        run: |
+          echo STEP_ID=setup-environment >> $GITHUB_ENV
+          echo STEP_START=$(date +%s) >> $GITHUB_ENV
+
+      - name: Checkout Source
+        uses: actions/checkout@v2
+        if: ${{ github.repository_owner == 'puppetlabs' }}
+
+      - name: Activate Ruby 2.7
+        uses: ruby/setup-ruby@v1
+        if: ${{ github.repository_owner == 'puppetlabs' }}
+        with:
+          ruby-version: "2.7"
+          bundler-cache: true
+
+      - name: Print bundle environment
+        if: ${{ github.repository_owner == 'puppetlabs' }}
+        run: |
+          echo ::group::bundler environment
+          buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env
+          echo ::endgroup::
+
+      - name: "Honeycomb: Record Setup Environment time"
+        if: ${{ github.repository_owner == 'puppetlabs' }}
+        run: |
+          buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Environment'
+          echo STEP_ID=Setup-Acceptance-Test-Matrix >> $GITHUB_ENV
+          echo STEP_START=$(date +%s) >> $GITHUB_ENV
+
+      - name: Setup Spec Test Matrix
+        id: get-matrix
+        run: |
+          if [ '${{ github.repository_owner }}' == 'puppetlabs' ]; then
+            buildevents cmd $TRACE_ID $STEP_ID matrix_from_metadata -- bundle exec matrix_from_metadata_v2
+          else
+            echo  "::set-output name=spec_matrix::{}"
+          fi
+
+      - name: "Honeycomb: Record Setup Test Matrix time"
+        if: ${{ always() }}
+        run: |
+          buildevents step $TRACE_ID $STEP_ID $STEP_START 'Setup Test Matrix'
+
+  Spec:
+    name: "Spec Tests (Puppet: ${{matrix.puppet_version}}, Ruby Ver: ${{matrix.ruby_version}})"
+    needs:
+      - setup_matrix
+    if: ${{ needs.setup_matrix.outputs.spec_matrix != '{}' }}
+
+    runs-on: ubuntu-20.04
+    strategy:
+      fail-fast: false
+      matrix: ${{fromJson(needs.setup_matrix.outputs.spec_matrix)}}
+
+    env:
+      BUILDEVENT_FILE: '../buildevents.txt'
+      PUPPET_GEM_VERSION: ${{ matrix.puppet_version }}
+      FACTER_GEM_VERSION: 'https://github.com/puppetlabs/facter#main'
+
+    steps:
+      - run: |
+          echo "SANITIZED_PUPPET_VERSION=$(echo '${{ matrix.puppet_version }}' | sed 's/~> //g')" >> $GITHUB_ENV
+
+      - run: |
+          echo 'puppet_version=${{ env.SANITIZED_PUPPET_VERSION }}' >> $BUILDEVENT_FILE
+
+      - name: "Honeycomb: Start first step"
+        run: |
+          echo "STEP_ID=${{ env.SANITIZED_PUPPET_VERSION }}-spec" >> $GITHUB_ENV
+          echo STEP_START=$(date +%s) >> $GITHUB_ENV
+
+      - name: "Honeycomb: Start recording"
+        uses: puppetlabs/kvrhdn-gha-buildevents@pdk-templates-v1
+        with:
+          apikey: ${{ env.HONEYCOMB_WRITEKEY }}
+          dataset: ${{ env.HONEYCOMB_DATASET }}
+          job-status: ${{ job.status }}
+          matrix-key: ${{ env.SANITIZED_PUPPET_VERSION }}
+
+      - name: Checkout Source
+        uses: actions/checkout@v2
+
+      - name: "Activate Ruby ${{ matrix.ruby_version }}"
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{matrix.ruby_version}}
+          bundler-cache: true
+
+      - name: Print bundle environment
+        run: |
+          echo ::group::bundler environment
+          buildevents cmd $TRACE_ID $STEP_ID 'bundle env' -- bundle env
+          echo ::endgroup::
+
+      - name: Run Static & Syntax Tests
+        run: |
+          buildevents cmd $TRACE_ID $STEP_ID 'static_syntax_checks Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop
+      
+      - name: Run parallel_spec tests
+        run: |
+          buildevents cmd $TRACE_ID $STEP_ID 'rake parallel_spec Puppet ${{ matrix.puppet_version }}, Ruby ${{ matrix.ruby_version }}' -- bundle exec rake parallel_spec
diff --git a/.gitignore b/.gitignore
@@ -25,3 +25,4 @@
 .project
 .envrc
 /inventory.yaml
+/spec/fixtures/litmus_inventory.yaml
diff --git a/.gitpod.yml b/.gitpod.yml
@@ -6,4 +6,4 @@ tasks:
 
 vscode:
   extensions:
-    - puppet.puppet-vscode@1.0.0:oSzfTkDf6Cmc1jOjgW33VA==
+    - puppet.puppet-vscode@1.2.0:f5iEPbmOj6FoFTOV6q8LTg==
diff --git a/.pdkignore b/.pdkignore
@@ -25,7 +25,9 @@
 .project
 .envrc
 /inventory.yaml
+/spec/fixtures/litmus_inventory.yaml
 /appveyor.yml
+/.editorconfig
 /.fixtures.yml
 /Gemfile
 /.gitattributes
@@ -42,3 +44,4 @@
 /spec/
 /.vscode/
 /.sync.yml
+/.devcontainer/
diff --git a/.sync.yml b/.sync.yml
@@ -1,36 +1,6 @@
 ---
 ".gitlab-ci.yml":
   delete: true
-".travis.yml":
-  dist: trusty # acceptance tests have stopped working on newer versions - probably related to docker behaviour
-  global_env:
-    - HONEYCOMB_WRITEKEY="7f3c63a70eecc61d635917de46bea4e6",HONEYCOMB_DATASET="litmus tests"
-  deploy_to_forge:
-    enabled: false
-  branches:
-    - release
-  use_litmus: true
-  litmus:
-    provision_list:
-      - ---travis_el
-      - travis_deb
-      - travis_el7
-    complex:
-      - collection:
-          puppet_collection:
-            - puppet6
-          provision_list:
-            - travis_ub_6
-      - collection:
-          puppet_collection:
-            - puppet6
-          provision_list:
-            - travis_el8
-          dist: xenial
-  simplecov: true
-  notifications:
-    slack:
-      secure: Ohw1KtRtFAeTQNL/8slgJ7lZ8PYCiooE6i9NWR+fCGNcAzU1LGhacnXqgXD6JCX53zdv8mkkd31AsrGWmx+iFueZkSYdAz+pEXduyRI9Rm6cTotlaGAB7NK+KgjEky7gmRao3EuogYbX7qIpzNaZ4rGUrjWSSeSDCSgGCEwblXk=
 appveyor.yml:
   delete: true
 Gemfile:
@@ -45,8 +15,15 @@ spec/spec_helper.rb:
 .gitpod.yml:
   unmanaged: false
 .github/workflows/nightly.yml:
-  unmanaged: false
+  unmanaged: true
 .github/workflows/pr_test.yml:
-  unmanaged: false
+  unmanaged: true
 .github/workflows/auto_release.yml:
   unmanaged: false
+.github/workflows/spec.yml:
+  checks: 'syntax lint metadata_lint check:symlinks check:git_ignore check:dot_underscore check:test_file rubocop'
+  unmanaged: false
+.github/workflows/release.yml:
+  unmanaged: false
+.travis.yml:
+  delete: true
diff --git a/.travis.yml b/.travis.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,15 @@
 
 All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org).
 
+## [v3.0.1](https://github.com/puppetlabs/puppetlabs-firewall/tree/v3.0.1) (2021-06-21)
+
+[Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v3.0.0...v3.0.1)
+
+### Fixed
+
+- Fixed link to REFERENCE.md [\#993](https://github.com/puppetlabs/puppetlabs-firewall/pull/993) ([Samgarr](https://github.com/Samgarr))
+- Update README.md [\#986](https://github.com/puppetlabs/puppetlabs-firewall/pull/986) ([arjenz](https://github.com/arjenz))
+
 ## [v3.0.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v3.0.0) (2021-03-01)
 
 [Full Changelog](https://github.com/puppetlabs/puppetlabs-firewall/compare/v2.8.1...v3.0.0)
@@ -39,7 +48,7 @@ All notable changes to this project will be documented in this file. The format
 
 ### Added
 
-- \(IAC-1190\) add `ignore\_foreign` when purging firewallchains [\#948](https://github.com/puppetlabs/puppetlabs-firewall/pull/948) ([DavidS](https://github.com/DavidS))
+- \(IAC-1190\) add `ignore_foreign` when purging firewallchains [\#948](https://github.com/puppetlabs/puppetlabs-firewall/pull/948) ([DavidS](https://github.com/DavidS))
 
 ## [v2.6.0](https://github.com/puppetlabs/puppetlabs-firewall/tree/v2.6.0) (2020-10-01)
 

diff --git a/Gemfile b/Gemfile
@@ -45,16 +45,6 @@ gems['puppet'] = location_for(puppet_version)
 gems['facter'] = location_for(facter_version) if facter_version
 gems['hiera'] = location_for(hiera_version) if hiera_version
 
-if Gem.win_platform? && puppet_version =~ %r{^(file:///|git://)}
-  # If we're using a Puppet gem on Windows which handles its own win32-xxx gem
-  # dependencies (>= 3.5.0), set the maximum versions (see PUP-6445).
-  gems['win32-dir'] =      ['<= 0.4.9', require: false]
-  gems['win32-eventlog'] = ['<= 0.6.5', require: false]
-  gems['win32-process'] =  ['<= 0.7.5', require: false]
-  gems['win32-security'] = ['<= 0.2.5', require: false]
-  gems['win32-service'] =  ['0.8.8', require: false]
-end
-
 gems.each do |gem_name, gem_params|
   gem gem_name, *gem_params
 end

diff --git a/README.md b/README.md
@@ -279,7 +279,7 @@ class profile::apache {
 
 Firewall rules may be inverted by prefixing the value of a parameter by "! ". If the value is an array, then every item in the array must be prefixed as iptables does not understand inverting a single value.
 
-Parameters that understand inversion are: connmark, ctstate, destination, dport, dst\_range, dst\_type, iniface, outiface, port, proto, source, sport, src\_range, src\_type, and state.
+Parameters that understand inversion are: connmark, ctstate, destination, dport, dst\_range, dst\_type, iniface, outiface, port, proto, source, sport, src\_range and src\_type.
 
 Examples:
 
@@ -400,7 +400,7 @@ Or
 
 ## Reference
 
-For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-firewall/blob//REFERENCE.md). For information on the facts, see below.
+For information on the classes and types, see the [REFERENCE.md](https://github.com/puppetlabs/puppetlabs-firewall/blob/main/REFERENCE.md). For information on the facts, see below.
 
 Facts:
 

diff --git a/locales/config.yaml b/locales/config.yaml
diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-firewall",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "author": "puppetlabs",
   "summary": "Manages Firewalls such as iptables",
   "license": "Apache-2.0",
@@ -76,6 +76,6 @@
     }
   ],
   "template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
-  "template-ref": "heads/main-0-g44cc7ed",
-  "pdk-version": "1.18.1"
+  "template-ref": "heads/main-0-g03daa92",
+  "pdk-version": "2.1.0"
 }
diff --git a/spec/acceptance/class_spec.rb b/spec/acceptance/class_spec.rb
@@ -9,7 +9,7 @@
     end
   end
 
-  it 'runs successfully' do
+  it 'runs successfully', unless: os[:family] == 'redhat' && os[:release].to_i == 6 do
     pp = "class { 'firewall': }"
     idempotent_apply(pp)
   end
@@ -19,7 +19,7 @@
     idempotent_apply(pp)
   end
 
-  it 'ensure => running:' do
+  it 'ensure => running:', unless: os[:family] == 'redhat' && os[:release].to_i == 6 do
     pp = "class { 'firewall': ensure => running }"
     idempotent_apply(pp)
   end

diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
@@ -48,6 +48,18 @@
   c.after(:suite) do
     RSpec::Puppet::Coverage.report!(0)
   end
+
+  # Filter backtrace noise
+  backtrace_exclusion_patterns = [
+    %r{spec_helper},
+    %r{gems},
+  ]
+
+  if c.respond_to?(:backtrace_exclusion_patterns)
+    c.backtrace_exclusion_patterns = backtrace_exclusion_patterns
+  elsif c.respond_to?(:backtrace_clean_patterns)
+    c.backtrace_clean_patterns = backtrace_exclusion_patterns
+  end
 end
 
 # Ensures that a module is defined

diff --git a/spec/spec_helper_acceptance_local.rb b/spec/spec_helper_acceptance_local.rb
@@ -55,6 +55,20 @@ def fetch_os_name
   # To enable tests on abs/vmpooler machines just set to `true` this flag
   c.filter_run_excluding condition_parameter_test: false
   c.before :suite do
+    if ['centos', 'oraclelinux', 'scientific'].include?(fetch_os_name) && [6, 7].include?(os[:release].to_i)
+      LitmusHelper.instance.run_shell('yum update -y')
+      LitmusHelper.instance.run_shell('depmod -a')
+      ['filter', 'nat', 'mangle', 'raw'].each do |t|
+        LitmusHelper.instance.run_shell("modprobe iptable_#{t}")
+        LitmusHelper.instance.run_shell("modprobe ip6table_#{t}")
+      end
+      LitmusHelper.instance.run_shell('touch /etc/sysconfig/iptables')
+      LitmusHelper.instance.run_shell('touch /etc/sysconfig/ip6tables')
+    end
+    if os[:family] == 'debian'
+      LitmusHelper.instance.run_shell('apt-get update -y')
+      LitmusHelper.instance.run_shell('apt-get install kmod') if os[:release].to_i == 10
+    end
     if fetch_os_name == 'centos' && os[:release].to_i == 8
       pp = <<-PUPPETCODE
         package { 'iptables-services':