diff -Naur ufw-0.36.2/conf/sysctl.conf ufw-0.36.2.new/conf/sysctl.conf
--- ufw-0.36.2/conf/sysctl.conf	2023-05-18 15:07:39.000000000 +0200
+++ ufw-0.36.2.new/conf/sysctl.conf	2024-01-14 16:12:55.612511548 +0100
@@ -46,7 +46,7 @@
 
 # normally allowing tcp_sack is ok, but if going through OpenBSD 3.8 RELEASE or
 # earlier pf firewall, should set this to 0
-net/ipv4/tcp_sack=1
+#net/ipv4/tcp_sack=1
 
 # Uncomment this to turn off ipv6 autoconfiguration
 #net/ipv6/conf/default/autoconf=0
diff -Naur ufw-0.36.2/setup.py ufw-0.36.2.new/setup.py
--- ufw-0.36.2/setup.py	2023-05-18 15:07:39.000000000 +0200
+++ ufw-0.36.2.new/setup.py	2024-01-14 16:12:43.550419573 +0100
@@ -54,7 +54,7 @@
             return
 
         real_confdir = os.path.join('/etc')
-        real_statedir = os.path.join('/lib', 'ufw')
+        real_statedir = os.path.join('/usr/lib', 'ufw')
         real_prefix = self.prefix
         if self.home != None:
             real_confdir = self.home + real_confdir
@@ -113,7 +113,7 @@
         if self.root != None:
             prefix = self.root + real_prefix
 
-        script = os.path.join(prefix, 'sbin', 'ufw')
+        script = os.path.join(prefix, 'bin', 'ufw')
         manpage = os.path.join(prefix, 'share', 'man', 'man8', 'ufw.8')
         manpage_f = os.path.join(prefix, 'share', 'man', 'man8', \
                                  'ufw-framework.8')
@@ -249,11 +249,11 @@
 iptables_dir = ''
 
 for e in ['iptables']:
-    # Historically iptables was in /sbin, then later also symlinked from
-    # /usr/sbin/iptables to /sbin/iptables. Debian bullseye moves iptables
-    # to /usr/sbin with no symlink in /sbin except on upgrades. To accomodate
-    # buildds that may still have the old iptables, search /usr/sbin first
-    for dir in ['/usr/sbin', '/sbin', '/usr/bin', '/bin', '/usr/local/sbin', \
+    # Historically iptables was in /bin, then later also symlinked from
+    # /usr/bin/iptables to /bin/iptables. Debian bullseye moves iptables
+    # to /usr/bin with no symlink in /bin except on upgrades. To accomodate
+    # buildds that may still have the old iptables, search /usr/bin first
+    for dir in ['/usr/bin', '/bin', '/usr/bin', '/bin', '/usr/local/bin', \
                 '/usr/local/bin']:
         if e == "iptables":
             if os.path.exists(os.path.join(dir, e)):
diff -Naur ufw-0.36.2/src/util.py ufw-0.36.2.new/src/util.py
--- ufw-0.36.2/src/util.py	2023-05-18 15:07:39.000000000 +0200
+++ ufw-0.36.2.new/src/util.py	2024-01-14 16:12:43.558419634 +0100
@@ -721,9 +721,9 @@
 # since these have historically used a default for 'exe'.
 def _find_system_iptables():
     exe = ""
-    for d in ["/sbin", "/bin",
-              "/usr/sbin", "/usr/bin",
-              "/usr/local/sbin", "/usr/local/bin"]:
+    for d in ["/bin", "/bin",
+              "/usr/bin", "/usr/bin",
+              "/usr/local/bin", "/usr/local/bin"]:
         exe = os.path.join(d, "iptables")
         if os.path.exists(exe):
             break