diff --git a/CHANGELOG.md b/CHANGELOG.md
diff --git a/HISTORY.md b/HISTORY.md
diff --git a/Rakefile b/Rakefile
@@ -48,6 +48,7 @@ if Bundler.rubygems.find_name('github_changelog_generator').any?
     raise "Set CHANGELOG_GITHUB_TOKEN environment variable eg 'export CHANGELOG_GITHUB_TOKEN=valid_token_here'" if Rake.application.top_level_tasks.include? "changelog" and ENV['CHANGELOG_GITHUB_TOKEN'].nil?
     config.user = "#{changelog_user}"
     config.project = "#{changelog_project}"
+    config.since_tag = "v3.0.0"
     config.future_release = "#{changelog_future_release}"
     config.exclude_labels = ['maintenance']
     config.header = "# Change log\n\nAll notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org)."

diff --git a/lib/puppet/provider/firewall/ip6tables.rb b/lib/puppet/provider/firewall/ip6tables.rb
@@ -143,6 +143,7 @@ def self.iptables_save(*args)
     proto: '-p',
     queue_num: '--queue-num',
     queue_bypass: '--queue-bypass',
+    random_fully: '--random-fully',
     rdest: '--rdest',
     reap: '--reap',
     recent: '-m recent',
@@ -222,6 +223,7 @@ def self.iptables_save(*args)
     :log_tcp_sequence,
     :log_tcp_options,
     :log_ip_options,
+    :random_fully,
     :rsource,
     :rdest,
     :reap,
@@ -308,7 +310,7 @@ def self.iptables_save(*args)
                     :icmp, :hop_limit, :limit, :burst, :length, :recent, :rseconds, :reap,
                     :rhitcount, :rttl, :rname, :mask, :rsource, :rdest, :ipset, :string, :string_hex, :string_algo,
                     :string_from, :string_to, :jump, :nflog_group, :nflog_prefix, :nflog_range, :nflog_threshold, :clamp_mss_to_pmtu, :gateway, :todest,
-                    :tosource, :toports, :checksum_fill, :log_level, :log_prefix, :log_uid, :log_tcp_sequence, :log_tcp_options, :log_ip_options,
+                    :tosource, :toports, :checksum_fill, :log_level, :log_prefix, :log_uid, :log_tcp_sequence, :log_tcp_options, :log_ip_options, :random_fully,
                     :reject, :set_mss, :set_dscp, :set_dscp_class, :mss, :queue_num, :queue_bypass,
                     :set_mark, :match_mark, :connlimit_above, :connlimit_mask, :connmark, :time_start, :time_stop, :month_days, :week_days, :date_start, :date_stop, :time_contiguous, :kernel_timezone,
                     :src_cc, :dst_cc, :hashlimit_upto, :hashlimit_above, :hashlimit_name, :hashlimit_burst,

diff --git a/lib/puppet/type/firewall.rb b/lib/puppet/type/firewall.rb
@@ -1850,6 +1850,13 @@ def should_to_s(value)
       MAC Source
     PUPPETCODE
     newvalues(%r{^([0-9a-f]{2}[:]){5}([0-9a-f]{2})$}i)
+    facter_os_name = Facter.fact(:os).value['name'].downcase
+    facter_os_release = Facter.fact(:os).value['release']['major'].to_i
+    if facter_os_name == 'sles' && facter_os_release == 15
+      munge do |value|
+        _value = value.downcase
+      end
+    end
   end
 
   newproperty(:physdev_in, required_features: :iptables) do

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-firewall",
-  "version": "3.0.1",
+  "version": "3.0.2",
   "author": "puppetlabs",
   "summary": "Manages Firewalls such as iptables",
   "license": "Apache-2.0",
@@ -76,6 +76,6 @@
     }
   ],
   "template-url": "https://github.com/puppetlabs/pdk-templates.git#main",
-  "template-ref": "heads/main-0-g03daa92",
-  "pdk-version": "2.1.0"
+  "template-ref": "heads/main-0-g2381db6",
+  "pdk-version": "2.1.1"
 }
diff --git a/spec/acceptance/firewall_attributes_exceptions_spec.rb b/spec/acceptance/firewall_attributes_exceptions_spec.rb
@@ -337,14 +337,14 @@ class { '::firewall': }
           }
       PUPPETCODE
       it 'applies' do
-        apply_manifest(pp88, catch_failures: true)
+        idempotent_apply(pp88)
       end
       it 'contains the rule' do
         run_shell('iptables-save') do |r|
           if os[:family] == 'redhat' && os[:release].start_with?('5')
             expect(r.stdout).to match(%r{-A INPUT -s 10.1.5.28 -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"})
           else
-            expect(r.stdout).to match(%r{-A INPUT -s 10.1.5.28\/(32|255\.255\.255\.255) -p tcp -m mac --mac-source 0A:1B:3C:4D:5E:6F -m comment --comment "610 - test"})
+            expect(r.stdout).to match(%r{-A INPUT -s 10.1.5.28\/(32|255\.255\.255\.255) -p tcp -m mac --mac-source 0(a|A):1(b|B):3(c|C):4(d|D):5(e|E):6(f|F) -m comment --comment "610 - test"})
           end
         end
       end

diff --git a/spec/fixtures/ip6tables/conversion_hash.rb b/spec/fixtures/ip6tables/conversion_hash.rb
@@ -41,6 +41,14 @@
       string_hex: '|0000FF0001|',
       string_algo: 'bm',
     },
+  },
+  'random-fully' => {
+    line: '-A KUBE-POSTROUTING -m comment --comment "kubernetes service traffic requiring SNAT" -j MASQUERADE --random-fully',
+    table: 'filter',
+    provider: 'ip6tables',
+    params: {
+      random_fully: 'true',
+    }
   }
 }.freeze