diff --git a/package/iptables/0001-ebtables-vlan-fix-userspace-kernel-headers-collision.patch b/package/iptables/0001-ebtables-vlan-fix-userspace-kernel-headers-collision.patch
new file mode 100644
index 0000000000..37c6f96af4
--- /dev/null
+++ b/package/iptables/0001-ebtables-vlan-fix-userspace-kernel-headers-collision.patch
@@ -0,0 +1,45 @@
+From 51d374ba41ae4f1bb851228c06b030b83dd2092f Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Tue, 13 Nov 2018 19:22:08 +0200
+Subject: [PATCH] ebtables: vlan: fix userspace/kernel headers collision
+
+Build with musl libc fails because of conflicting struct ethhdr
+definitions:
+
+In file included from .../sysroot/usr/include/net/ethernet.h:10:0,
+                 from ../iptables/nft-bridge.h:8,
+                 from libebt_vlan.c:18:
+.../sysroot/usr/include/netinet/if_ether.h:107:8: error: redefinition of ‘struct ethhdr’
+ struct ethhdr {
+        ^~~~~~
+In file included from libebt_vlan.c:16:0:
+.../sysroot/usr/include/linux/if_ether.h:160:8: note: originally defined here
+ struct ethhdr {
+        ^~~~~~
+
+Include the userspace header first for the definition suppression logic
+to do the right thing.
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+Upstream status: commit 51d374ba41ae
+
+ extensions/libebt_vlan.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/extensions/libebt_vlan.c b/extensions/libebt_vlan.c
+index 4a2eb7126895..be269c6cdb4c 100644
+--- a/extensions/libebt_vlan.c
++++ b/extensions/libebt_vlan.c
+@@ -12,6 +12,7 @@
+ #include <getopt.h>
+ #include <ctype.h>
+ #include <xtables.h>
++#include <netinet/if_ether.h>
+ #include <linux/netfilter_bridge/ebt_vlan.h>
+ #include <linux/if_ether.h>
+ #include "iptables/nft.h"
+-- 
+2.19.1
+
diff --git a/package/iptables/0001-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch b/package/iptables/0001-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch
deleted file mode 100644
index 966cbe31ab..0000000000
--- a/package/iptables/0001-extensions-libxt_bpf-Fix-build-with-old-kernel-versi.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 5beb1582d13d3bfdd0d2b277f5f3154b2fbf4a8e Mon Sep 17 00:00:00 2001
-From: Hauke Mehrtens <hauke@hauke-m.de>
-Date: Tue, 27 Feb 2018 16:56:55 +0100
-Subject: [PATCH] extensions: libxt_bpf: Fix build with old kernel versions
-
-In kernel 3.18 the union bpf_attr does not have a pathname attribute and
-BPF_OBJ_GET is also not defined in these versions.
-This was added in Linux commit b2197755b263 ("bpf: add support for
-persistent maps/progs"). Check for the BPF_FS_MAGIC define which was
-also added in this Linux commit and only activate this code in case we
-find that define.
-
-This fixes a build problem with Linux 3.18.
-Netfilter bug: #1231
-
-Fixes: f17f9ace8a8 ("extensions: libxt_bpf: support ebpf pinned objects")
-Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
-Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-Signed-off-by: Baruch Siach <baruch@tkos.co.il>
----
-Patch status: upstream commit 5beb1582d13d
-
- extensions/libxt_bpf.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/extensions/libxt_bpf.c b/extensions/libxt_bpf.c
-index 9510c190f315..92958247c756 100644
---- a/extensions/libxt_bpf.c
-+++ b/extensions/libxt_bpf.c
-@@ -22,6 +22,7 @@
- #include <linux/bpf.h>
- #endif
- 
-+#include <linux/magic.h>
- #include <linux/unistd.h>
- 
- #define BCODE_FILE_MAX_LEN_B	1024
-@@ -62,7 +63,7 @@ static const struct xt_option_entry bpf_opts_v1[] = {
- 
- static int bpf_obj_get(const char *filepath)
- {
--#if defined HAVE_LINUX_BPF_H && defined __NR_bpf
-+#if defined HAVE_LINUX_BPF_H && defined __NR_bpf && defined BPF_FS_MAGIC
- 	union bpf_attr attr;
- 
- 	memset(&attr, 0, sizeof(attr));
--- 
-2.16.1
-
diff --git a/package/iptables/0002-xtables-monitor-fix-build-with-older-glibc.patch b/package/iptables/0002-xtables-monitor-fix-build-with-older-glibc.patch
new file mode 100644
index 0000000000..18dbc28f91
--- /dev/null
+++ b/package/iptables/0002-xtables-monitor-fix-build-with-older-glibc.patch
@@ -0,0 +1,77 @@
+From 7c8791edac3e74f6ce0bf21f98bc820db8e55e62 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Fri, 16 Nov 2018 07:23:32 +0200
+Subject: [PATCH] xtables-monitor: fix build with older glibc
+
+glibc older than 2.19 only expose BSD style fields of struct tcphdr when
+_BSD_SOURCE is define. Current glibc however, warn that _BSD_SOURCE is
+deprecated. Migrate to the GNU style of tcphdr fields to make the code
+compatible with any glibc version.
+
+Fix the following build failure:
+
+xtables-monitor.c: In function 'trace_print_packet':
+xtables-monitor.c:406:43: error: 'const struct tcphdr' has no member named 'th_sport'
+    printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport));
+                                           ^
+xtables-monitor.c:406:66: error: 'const struct tcphdr' has no member named 'th_dport'
+    printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport));
+                                                                  ^
+...
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+Upstream status: commit 7c8791edac3e74
+
+ iptables/xtables-monitor.c | 30 ++++++++++++++----------------
+ 1 file changed, 14 insertions(+), 16 deletions(-)
+
+diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
+index 3b1ca777a28a..5d1611122df5 100644
+--- a/iptables/xtables-monitor.c
++++ b/iptables/xtables-monitor.c
+@@ -403,26 +403,24 @@ static void trace_print_packet(const struct nftnl_trace *nlt, struct cb_arg *arg
+ 		case IPPROTO_UDP:
+ 			if (len < 4)
+ 				break;
+-			printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport));
++			printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest));
+ 			break;
+ 		case IPPROTO_TCP:
+ 			if (len < sizeof(*tcph))
+ 				break;
+-			printf("SPORT=%d DPORT=%d ", ntohs(tcph->th_sport), ntohs(tcph->th_dport));
+-			if (tcph->th_flags & (TH_FIN|TH_SYN|TH_RST|TH_PUSH|TH_ACK|TH_URG)) {
+-				if (tcph->th_flags & TH_SYN)
+-					printf("SYN ");
+-				if (tcph->th_flags & TH_ACK)
+-					printf("ACK ");
+-				if (tcph->th_flags & TH_FIN)
+-					printf("FIN ");
+-				if (tcph->th_flags & TH_RST)
+-					printf("RST ");
+-				if (tcph->th_flags & TH_PUSH)
+-					printf("PSH ");
+-				if (tcph->th_flags & TH_URG)
+-					printf("URG ");
+-			}
++			printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest));
++			if (tcph->syn)
++				printf("SYN ");
++			if (tcph->ack)
++				printf("ACK ");
++			if (tcph->fin)
++				printf("FIN ");
++			if (tcph->rst)
++				printf("RST ");
++			if (tcph->psh)
++				printf("PSH ");
++			if (tcph->urg)
++				printf("URG ");
+ 			break;
+ 		default:
+ 			break;
+-- 
+2.19.1
+
diff --git a/package/iptables/0003-include-fix-build-with-kernel-headers-before-4.2.patch b/package/iptables/0003-include-fix-build-with-kernel-headers-before-4.2.patch
new file mode 100644
index 0000000000..c5cd6437f0
--- /dev/null
+++ b/package/iptables/0003-include-fix-build-with-kernel-headers-before-4.2.patch
@@ -0,0 +1,51 @@
+From 8d9d7e4b9ef4c6e6abab2cf35c747d7ca36824bd Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Fri, 16 Nov 2018 09:30:33 +0200
+Subject: [PATCH] include: fix build with kernel headers before 4.2
+
+Commit 672accf1530 (include: update kernel netfilter header files)
+updated linux/netfilter.h and brought with it the update from kernel
+commit a263653ed798 (netfilter: don't pull include/linux/netfilter.h
+from netns headers). This triggers conflict of headers that is fixed in
+kernel commit 279c6c7fa64f (api: fix compatibility of linux/in.h with
+netinet/in.h) included in kernel version 4.2. For earlier kernel headers
+we need a workaround that prevents the headers conflict.
+
+Fixes the following build failure:
+
+In file included from .../sysroot/usr/include/netinet/ip.h:25:0,
+                 from ../include/libiptc/ipt_kernel_headers.h:8,
+                 from ../include/libiptc/libiptc.h:6,
+                 from libip4tc.c:29:
+.../sysroot/usr/include/linux/in.h:26:3: error: redeclaration of enumerator ‘IPPROTO_IP’
+   IPPROTO_IP = 0,  /* Dummy protocol for TCP  */
+   ^
+.../sysroot/usr/include/netinet/in.h:33:5: note: previous definition of ‘IPPROTO_IP’ was here
+     IPPROTO_IP = 0,    /* Dummy protocol for TCP.  */
+     ^~~~~~~~~~
+
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+Upstream status: commit 8d9d7e4b9ef4c6
+
+ include/linux/netfilter.h | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
+index c3f087ac680c..bacf8cd92116 100644
+--- a/include/linux/netfilter.h
++++ b/include/linux/netfilter.h
+@@ -3,7 +3,9 @@
+ 
+ #include <linux/types.h>
+ 
++#ifndef _NETINET_IN_H
+ #include <linux/in.h>
++#endif
+ #include <linux/in6.h>
+ #include <limits.h>
+ 
+-- 
+2.19.1
+
diff --git a/package/iptables/0004-xtables-monitor-fix-build-with-musl-libc.patch b/package/iptables/0004-xtables-monitor-fix-build-with-musl-libc.patch
new file mode 100644
index 0000000000..0b6358b255
--- /dev/null
+++ b/package/iptables/0004-xtables-monitor-fix-build-with-musl-libc.patch
@@ -0,0 +1,44 @@
+From 90b0d3abfc0b4150b198eb17080d75acc5838a59 Mon Sep 17 00:00:00 2001
+From: Baruch Siach <baruch@tkos.co.il>
+Date: Sat, 17 Nov 2018 22:20:08 +0200
+Subject: [PATCH] xtables-monitor: fix build with musl libc
+
+Commit 7c8791edac3 ("xtables-monitor: fix build with older glibc")
+changed the code to use GNU style tcphdr fields. Unfortunately, musl
+libc requires _GNU_SOURCE definition to expose these fields.
+
+Fix the following build failure:
+
+xtables-monitor.c: In function ‘trace_print_packet’:
+xtables-monitor.c:406:43: error: ‘const struct tcphdr’ has no member named ‘source’
+    printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest));
+                                           ^~
+xtables-monitor.c:406:64: error: ‘const struct tcphdr’ has no member named ‘dest’
+    printf("SPORT=%d DPORT=%d ", ntohs(tcph->source), ntohs(tcph->dest));
+                                                                ^~
+...
+
+Cc: Florian Westphal <fw@strlen.de>
+Signed-off-by: Baruch Siach <baruch@tkos.co.il>
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+Upstream status: commit 90b0d3abfc0b
+
+ iptables/xtables-monitor.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/iptables/xtables-monitor.c b/iptables/xtables-monitor.c
+index 5d1611122df5..f835c5e503e0 100644
+--- a/iptables/xtables-monitor.c
++++ b/iptables/xtables-monitor.c
+@@ -9,6 +9,7 @@
+  * This software has been sponsored by Sophos Astaro <http://www.sophos.com>
+  */
+ 
++#define _GNU_SOURCE
+ #include <stdlib.h>
+ #include <time.h>
+ #include <string.h>
+-- 
+2.19.1
+
diff --git a/package/iptables/iptables.hash b/package/iptables/iptables.hash
index 8b191797fb..d84bd3af98 100644
--- a/package/iptables/iptables.hash
+++ b/package/iptables/iptables.hash
@@ -1,3 +1,4 @@
-# From ftp://ftp.netfilter.org/pub/iptables/iptables-1.6.2.tar.bz2.{md5sum,sha1sum}
-md5	7d2b7847e4aa8832a18437b8a4c1873d	iptables-1.6.2.tar.bz2
-sha1	6279effbf8f2c7ff53d19ae13308f8a6e6a60dd9	iptables-1.6.2.tar.bz2
+# From https://netfilter.org/projects/iptables/downloads.html
+sha256 a3778b50ed1a3256f9ca975de82c2204e508001fc2471238c8c97f3d1c4c12af  iptables-1.8.2.tar.bz2
+# Locally calculated
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
diff --git a/package/iptables/iptables.mk b/package/iptables/iptables.mk
index 49a537f608..54494937af 100644
--- a/package/iptables/iptables.mk
+++ b/package/iptables/iptables.mk
@@ -4,9 +4,9 @@
 #
 ################################################################################
 
-IPTABLES_VERSION = 1.6.2
+IPTABLES_VERSION = 1.8.2
 IPTABLES_SOURCE = iptables-$(IPTABLES_VERSION).tar.bz2
-IPTABLES_SITE = http://ftp.netfilter.org/pub/iptables
+IPTABLES_SITE = https://netfilter.org/projects/iptables/files
 IPTABLES_INSTALL_STAGING = YES
 IPTABLES_DEPENDENCIES = host-pkgconf \
 	$(if $(BR2_PACKAGE_LIBNETFILTER_CONNTRACK),libnetfilter_conntrack)