diff --git a/.sync.yml b/.sync.yml
@@ -24,7 +24,7 @@ Gemfile:
       - gem: 'mocha'
         version: '~> 1.10.0'
     ':system_tests':
-      - gem: 'beaker-vagrant'
+      - gem: 'simp-beaker-helpers'
 
 .rubocop.yml:
   default_configs:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,25 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v4.2.3](https://github.com/voxpupuli/puppet-firewalld/tree/v4.2.3) (2020-03-09)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-firewalld/compare/v4.2.2...v4.2.3)
+
+**Fixed bugs:**
+
+- Service filename bugfix [\#266](https://github.com/voxpupuli/puppet-firewalld/pull/266) ([trevor-vaughan](https://github.com/trevor-vaughan))
+
+**Closed issues:**
+
+- firewalld::custom\_service creates files with invalid names [\#265](https://github.com/voxpupuli/puppet-firewalld/issues/265)
+- The firewalld\_version fact is incorrect when firewalld is not running [\#263](https://github.com/voxpupuli/puppet-firewalld/issues/263)
+
+**Merged pull requests:**
+
+- Convert `firewalld_zone` docs to puppet-strings [\#268](https://github.com/voxpupuli/puppet-firewalld/pull/268) ([alexjfisher](https://github.com/alexjfisher))
+- Convert `firewalld_service` docs to puppet-strings [\#267](https://github.com/voxpupuli/puppet-firewalld/pull/267) ([alexjfisher](https://github.com/alexjfisher))
+- Fix the firewalld\_version fact [\#264](https://github.com/voxpupuli/puppet-firewalld/pull/264) ([trevor-vaughan](https://github.com/trevor-vaughan))
+
 ## [v4.2.2](https://github.com/voxpupuli/puppet-firewalld/tree/v4.2.2) (2020-02-16)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-firewalld/compare/v4.2.1...v4.2.2)

diff --git a/Gemfile b/Gemfile
@@ -62,7 +62,7 @@ group :system_tests do
   gem 'rbnacl-libsodium',                   :require => false
   gem 'bcrypt_pbkdf',                       :require => false
   gem 'ed25519',                            :require => false
-  gem 'beaker-vagrant',                     :require => false
+  gem 'simp-beaker-helpers',                :require => false
 end
 
 group :release do

diff --git a/REFERENCE.md b/REFERENCE.md
@@ -5,7 +5,9 @@
 
 **Classes**
 
-* [`firewalld`](#firewalld): == Class: firewalld  Manage the firewalld service  See the README.md for usage instructions for the firewalld_zone and firewalld_rich_rule ty
+* [`firewalld`](#firewalld): Manage the firewalld service
+* [`firewalld::reload`](#firewalldreload): A common point for triggering an intermediary firewalld reload using firewall-cmd
+* [`firewalld::reload::complete`](#firewalldreloadcomplete): A common point for triggering an intermediary firewalld full reload using firewall-cmd
 
 **Defined types**
 
@@ -20,16 +22,16 @@
 * [`firewalld_ipset`](#firewalld_ipset): Configure IPsets in Firewalld  Example:     firewalld_ipset {'internal net':         ensure   => 'present',         type     => 'hash:net',  
 * [`firewalld_port`](#firewalld_port): Assigns a port to a specific firewalld zone. firewalld_port will autorequire the firewalld_zone specified in the zone parameter so there is n
 * [`firewalld_rich_rule`](#firewalld_rich_rule): Manages firewalld rich rules.  firewalld_rich_rules will autorequire the firewalld_zone specified in the zone parameter so there is no need t
-* [`firewalld_service`](#firewalld_service): Assigns a service to a specific firewalld zone.     firewalld_service will autorequire the firewalld_zone specified in the zone parameter and
-* [`firewalld_zone`](#firewalld_zone): Creates and manages firewald zones. Note that setting ensure => 'absent' to the built in firewalld zones will not work, and will generate an 
+* [`firewalld_service`](#firewalld_service): Assigns a service to a specific firewalld zone.
+* [`firewalld_zone`](#firewalld_zone): Creates and manages firewalld zones.
 
-## Classes
+**Functions**
 
-### firewalld
+* [`firewalld::safe_filename`](#firewalldsafe_filename): Returns a string that is safe for firewalld filenames
 
-== Class: firewalld
+## Classes
 
-Manage the firewalld service
+### firewalld
 
 See the README.md for usage instructions for the firewalld_zone and
 firewalld_rich_rule types
@@ -48,8 +50,6 @@ firewalld_rich_rule types
      install_gui => true,
    }
 
-
-
 === Authors
 
 Craig Dunn <craig@craigdunn.org>
@@ -260,6 +260,14 @@ Data type: `Optional[Enum['yes', 'no']]`
 
 
 
+Default value: `undef`
+
+##### `firewall_backend`
+
+Data type: `Optional[Enum['iptables', 'nftables']]`
+
+
+
 Default value: `undef`
 
 ##### `default_service_zone`
@@ -286,6 +294,14 @@ Data type: `Optional[String]`
 
 Default value: `undef`
 
+### firewalld::reload
+
+A common point for triggering an intermediary firewalld reload using firewall-cmd
+
+### firewalld::reload::complete
+
+A common point for triggering an intermediary firewalld full reload using firewall-cmd
+
 ## Defined types
 
 ### firewalld::custom_service
@@ -825,16 +841,22 @@ handle pruning of rules
 ### firewalld_service
 
 Assigns a service to a specific firewalld zone.
-    firewalld_service will autorequire the firewalld_zone specified in the zone parameter and the firewalld::custom_service
-specified in the service parameter, so there is no need to add dependencies for this
 
-    Example:
+`firewalld_service` will autorequire the `firewalld_zone` specified in the
+`zone` parameter and the `firewalld::custom_service` specified in the `service`
+parameter. There is no need to manually add dependencies for this.
 
-        firewalld_service {'Allow SSH in the public Zone':
-            ensure  => 'present',
-            zone    => 'public',
-            service => 'ssh',
-        }
+#### Examples
+
+##### Allowing SSH
+
+```puppet
+firewalld_service {'Allow SSH in the public Zone':
+    ensure  => present,
+    zone    => 'public',
+    service => 'ssh',
+}
+```
 
 #### Properties
 
@@ -868,22 +890,27 @@ Name of the zone to which you want to add the service
 
 ### firewalld_zone
 
-Creates and manages firewald zones.
-Note that setting ensure => 'absent' to the built in firewalld zones will
+Creates and manages firewalld zones.
+
+Note that setting `ensure => 'absent'` to the built in firewalld zones will
 not work, and will generate an error. This is a limitation of firewalld itself, not the module.
 
-Example:
+#### Examples
 
-  firewalld_zone { 'restricted':
-    ensure           => present,
-    target           => '%%REJECT%%',
-    interfaces       => [],
-    sources          => [],
-    purge_rich_rules => true,
-    purge_services   => true,
-    purge_ports      => true,
-    icmp_blocks      => 'router-advertisement'
-  }
+##### Create a zone called `restricted`
+
+```puppet
+firewalld_zone { 'restricted':
+  ensure           => present,
+  target           => '%%REJECT%%',
+  interfaces       => [],
+  sources          => [],
+  purge_rich_rules => true,
+  purge_services   => true,
+  purge_ports      => true,
+  icmp_blocks      => 'router-advertisement'
+}
+```
 
 #### Properties
 
@@ -963,3 +990,108 @@ Description of the zone to add
 
 Short description of the zone to add
 
+## Functions
+
+### firewalld::safe_filename
+
+Type: Puppet Language
+
+Returns a string that is safe for firewalld filenames
+
+#### Examples
+
+##### Regular Filename
+
+```puppet
+$filename = 'B@d Characters!'
+firewalld::safe_filename($orig_string)
+
+Result => 'B_d_Characters_'
+```
+
+##### Filename with Options
+
+```puppet
+$filename = 'B@d Characters!.txt'
+firewalld::safe_filename(
+  $filename,
+  {
+    'replacement_string' => '--',
+    'file_extension'     => '.txt'
+  }
+)
+
+Result => 'B--d--Characters--.txt'
+```
+
+#### `firewalld::safe_filename(String[1] $filename, Struct[
+    {
+      'replacement_string' => Pattern[/[\w-]/],
+      'file_extension'     => Optional[String[1]]
+    }
+  ] $options = { 'replacement_string' => '_'})`
+
+The firewalld::safe_filename function.
+
+Returns: `String` Processed string
+
+##### Examples
+
+###### Regular Filename
+
+```puppet
+$filename = 'B@d Characters!'
+firewalld::safe_filename($orig_string)
+
+Result => 'B_d_Characters_'
+```
+
+###### Filename with Options
+
+```puppet
+$filename = 'B@d Characters!.txt'
+firewalld::safe_filename(
+  $filename,
+  {
+    'replacement_string' => '--',
+    'file_extension'     => '.txt'
+  }
+)
+
+Result => 'B--d--Characters--.txt'
+```
+
+##### `filename`
+
+Data type: `String[1]`
+
+The String to process
+
+##### `options`
+
+Data type: `Struct[
+    {
+      'replacement_string' => Pattern[/[\w-]/],
+      'file_extension'     => Optional[String[1]]
+    }
+  ]`
+
+Various processing options
+
+Options:
+
+* **file_extension** `String[1]`: This will be stripped from the end of the string prior to processing and
+re-added afterwards
+
+##### `options`
+
+Data type: `String[1]`
+
+replacement_string
+The String to use when replacing invalid characters
+
+Options:
+
+* **file_extension** `String[1]`: This will be stripped from the end of the string prior to processing and
+re-added afterwards
+
diff --git a/functions/safe_filename.pp b/functions/safe_filename.pp
@@ -0,0 +1,72 @@
+# @summary Returns a string that is safe for firewalld filenames
+#
+# @example Regular Filename
+#   $filename = 'B@d Characters!'
+#   firewalld::safe_filename($orig_string)
+#
+#   Result => 'B_d_Characters_'
+#
+# @example Filename with Options
+#   $filename = 'B@d Characters!.txt'
+#   firewalld::safe_filename(
+#     $filename,
+#     {
+#       'replacement_string' => '--',
+#       'file_extension'     => '.txt'
+#     }
+#   )
+#
+#   Result => 'B--d--Characters--.txt'
+#
+# @param filename
+#   The String to process
+#
+# @param options
+#   Various processing options
+#
+# @param options [String[1]] replacement_string
+#   The String to use when replacing invalid characters
+#
+# @option options [String[1]] file_extension
+#   This will be stripped from the end of the string prior to processing and
+#   re-added afterwards
+#
+# @return [String]
+#   Processed string
+#
+function firewalld::safe_filename(
+  String[1] $filename,
+  Struct[
+    {
+      'replacement_string' => Pattern[/[\w-]/],
+      'file_extension'     => Optional[String[1]]
+    }
+  ]         $options  = { 'replacement_string' => '_'}
+) {
+
+  $_badchar_regex = '[^\w-]'
+
+  # If we have an extension defined
+  if $options['file_extension'] {
+
+    # See if the string ends with the extension
+    $_extension_length = length($options['file_extension'])
+    if $filename[-($_extension_length), -1] == $options['file_extension'] {
+
+      # And extract the base filename
+      $_basename = $filename[0, -($_extension_length) - 1]
+    }
+  }
+
+  # If we extraced a base filename substitute on that and re-add the file extension
+  if defined('$_basename') {
+    sprintf('%s%s',
+      regsubst($_basename, $_badchar_regex, $options['replacement_string'], 'G'),
+      $options['file_extension']
+    )
+  }
+  # Otherwise, just substitute on the original filename
+  else {
+    regsubst($filename, $_badchar_regex, $options['replacement_string'], 'G')
+  }
+}