diff --git a/security/suricata/Makefile b/security/suricata/Makefile
index c0fe1e927..74c6c3880 100644
--- a/security/suricata/Makefile
+++ b/security/suricata/Makefile
@@ -2,7 +2,7 @@
 # $FreeBSD$
 
 PORTNAME=	suricata
-DISTVERSION=	4.0.5
+DISTVERSION=	4.1.0-rc2
 CATEGORIES=	security
 MASTER_SITES=	http://www.openinfosecfoundation.org/download/
 
@@ -12,11 +12,14 @@ COMMENT=	High Performance Network IDS, IPS and Security Monitoring engine
 LICENSE=	GPLv2
 LICENSE_FILE=	${WRKSRC}/LICENSE
 
+CONFLICTS_INSTALL=libhtp
+
 LIB_DEPENDS=	libpcre.so:devel/pcre \
 		libnet.so:net/libnet \
+		liblz4.so:archivers/liblz4 \
 		libyaml.so:textproc/libyaml
 
-USES=		autoreconf cpe gmake libtool pathfix pkgconfig
+USES=		autoreconf cpe gmake iconv:translit libtool pathfix pkgconfig
 USE_LDCONFIG=	yes
 USE_RC_SUBR=	${PORTNAME}
 
@@ -27,8 +30,8 @@ CPE_VENDOR=	openinfosecfoundation
 INSTALL_TARGET=		install-strip
 TEST_TARGET=		check
 
-OPTIONS_DEFINE=		GEOIP HTP_PORT IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE \
-			REDIS SC TESTS
+OPTIONS_DEFINE=		GEOIP IPFW JSON NETMAP NSS PORTS_PCAP PRELUDE \
+			REDIS RUST SC TESTS
 OPTIONS_DEFINE_amd64=	HYPERSCAN
 OPTIONS_DEFAULT=	IPFW JSON NETMAP PRELUDE
 OPTIONS_SUB=		yes
@@ -40,29 +43,22 @@ SCRIPTS_DESC=		Scripting
 
 GEOIP_DESC=		GeoIP support
 HYPERSCAN_DESC=		Hyperscan support
-HTP_PORT_DESC=		Use libhtp from ports
 IPFW_DESC=		IPFW and IP Divert support for inline IDP
 JSON_DESC=		JSON output support
-LUA_DESC=		LUA scripting support
 LUAJIT_DESC=		LuaJIT scripting support
+LUA_DESC=		LUA scripting support
 NETMAP_DESC=		Netmap support for inline IDP
 NSS_DESC=		File checksums and SSL/TLS fingerprinting
 PORTS_PCAP_DESC=	Use libpcap from ports
 PRELUDE_DESC=		Prelude support for NIDS alerts
 REDIS_DESC=		Redis output support
+RUST_DESC=		Rust parser support
 SC_DESC=		Suricata socket client (suricatasc)
 TESTS_DESC=		Unit tests in suricata binary
 
 GEOIP_LIB_DEPENDS=		libGeoIP.so:net/GeoIP
 GEOIP_CONFIGURE_ON=		--enable-geoip
 
-HTP_PORT_BUILD_DEPENDS=		libhtp>=0.5.27:devel/libhtp
-HTP_PORT_LIB_DEPENDS=		libhtp.so:devel/libhtp
-HTP_PORT_CONFIGURE_ON=		--enable-non-bundled-htp
-HTP_PORT_CONFIGURE_OFF=		--enable-bundled-htp
-HTP_PORT_CONFLICTS_INSTALL_OFF=	libhtp
-HTP_PORT_USES_OFF=		iconv:translit
-
 HYPERSCAN_LIB_DEPENDS=		libhs.so:devel/hyperscan
 HYPERSCAN_CONFIGURE_ON=		--with-libhs-includes=${LOCALBASE}/include \
 				--with-libhs-libraries=${LOCALBASE}/lib
@@ -83,7 +79,6 @@ LUAJIT_CONFIGURE_ON=		--enable-luajit
 
 NSS_LIB_DEPENDS=		libnss3.so:security/nss \
 				libnspr4.so:devel/nspr
-NSS_CONFIGURE_OFF=		--disable-nss --disable-nspr
 NSS_CONFIGURE_ON=		--with-libnss-includes=${LOCALBASE}/include/nss/nss \
 				--with-libnss-libraries=${LOCALBASE}/lib \
 				--with-libnspr-libraries=${LOCALBASE}/lib \
@@ -110,6 +105,9 @@ REDIS_CONFIGURE_ON=		--enable-hiredis \
 				--with-libhiredis-includes=${LOCALBASE}/include \
 				--with-libhiredis-libraries=${LOCALBASE}/lib
 
+RUST_BUILD_DEPENDS=		rustc:lang/rust
+RUST_CONFIGURE_ENABLE=		rust
+
 SC_USES=			python:2.7
 SC_CONFIGURE_ENABLE=		python
 
@@ -118,6 +116,7 @@ TESTS_CONFIGURE_ENABLE=		unittests
 SUB_FILES=	pkg-message
 
 CONFIGURE_ARGS+=--enable-gccprotect \
+		--enable-bundled-htp \
 		--with-libpcre-includes=${LOCALBASE}/include \
 		--with-libpcre-libraries=${LOCALBASE}/lib \
 		--with-libyaml-includes=${LOCALBASE}/include \
@@ -130,25 +129,20 @@ CONFIGURE_ARGS+=--enable-gccprotect \
 
 CONFIG_DIR?=	${ETCDIR}
 CONFIG_FILES=	suricata.yaml classification.config reference.config threshold.config
-RULES_DIR=	${CONFIG_DIR}/rules
-RULES_FILES=	app-layer-events.rules decoder-events.rules dns-events.rules files.rules \
-		http-events.rules modbus-events.rules smtp-events.rules stream-events.rules \
-		tls-events.rules
 LOGS_DIR?=	/var/log/${PORTNAME}
 
 pre-patch:
 	@${CP} ${FILESDIR}/ax_check_compile_flag.m4 ${WRKSRC}/m4
 
+post-patch-NSS-off:
+	@${REINPLACE_CMD} -e 's|PKG_CHECK_MODULES(\[libnspr\]|#&| ; s|AC_CHECK_HEADER(sechash.h,NSS="yes",NSS="no")|#&|' ${WRKSRC}/configure.ac
+
 post-install:
 	@${MKDIR} ${STAGEDIR}${CONFIG_DIR}
-	@${MKDIR} ${STAGEDIR}${RULES_DIR}
 	@${MKDIR} ${STAGEDIR}${LOGS_DIR}
 .for f in ${CONFIG_FILES}
 	${INSTALL_DATA} ${WRKSRC}/${f} ${STAGEDIR}${CONFIG_DIR}/${f}.sample
 .endfor
-.for f in ${RULES_FILES}
-	${INSTALL_DATA} ${WRKSRC}/rules/${f} ${STAGEDIR}${RULES_DIR}/${f}
-.endfor
 
 post-install-SC-on:
 	(cd ${STAGEDIR}${PREFIX} \
diff --git a/security/suricata/distinfo b/security/suricata/distinfo
index cd3701a4c..bc72d9b47 100644
--- a/security/suricata/distinfo
+++ b/security/suricata/distinfo
@@ -1,3 +1,3 @@
-TIMESTAMP = 1532091141
-SHA256 (suricata-4.0.5.tar.gz) = 74dacb4359d57fbd3452e384eeeb1dd77b6ae00f02e9994ad5a7b461d5f4c6c2
-SIZE (suricata-4.0.5.tar.gz) = 12494906
+TIMESTAMP = 1539758499
+SHA256 (suricata-4.1.0-rc2.tar.gz) = 9a329b3b15fcfec87947f29ced6bb151812f7e4e70758412d5dc90b6e894c1c7
+SIZE (suricata-4.1.0-rc2.tar.gz) = 15397231
diff --git a/security/suricata/pkg-plist b/security/suricata/pkg-plist
index 7bedb4d6a..ab7c4eed3 100644
--- a/security/suricata/pkg-plist
+++ b/security/suricata/pkg-plist
@@ -1,77 +1,65 @@
 bin/suricata
+include/htp/bstr.h
+include/htp/bstr_builder.h
+include/htp/htp.h
+include/htp/htp_base64.h
+include/htp/htp_config.h
+include/htp/htp_connection_parser.h
+include/htp/htp_core.h
+include/htp/htp_decompressors.h
+include/htp/htp_hooks.h
+include/htp/htp_list.h
+include/htp/htp_multipart.h
+include/htp/htp_table.h
+include/htp/htp_transaction.h
+include/htp/htp_urlencoded.h
+include/htp/htp_utf8_decoder.h
+include/htp/htp_version.h
+lib/libhtp.a
+lib/libhtp.so
+lib/libhtp.so.2
+lib/libhtp.so.2.0.0
+libdata/pkgconfig/htp.pc
 man/man1/suricata.1.gz
 %%SC%%bin/suricatasc
 %%DOCSDIR%%/AUTHORS
 %%DOCSDIR%%/Basic_Setup.txt
-%%DOCSDIR%%/CentOS5.txt
-%%DOCSDIR%%/CentOS_56_Installation.txt
-%%DOCSDIR%%/Debian_Installation.txt
-%%DOCSDIR%%/Fedora_Core.txt
-%%DOCSDIR%%/FreeBSD_8.txt
 %%DOCSDIR%%/GITGUIDE
-%%DOCSDIR%%/HTP_library_installation.txt
 %%DOCSDIR%%/INSTALL
 %%DOCSDIR%%/INSTALL.PF_RING
 %%DOCSDIR%%/INSTALL.WINDOWS
-%%DOCSDIR%%/Installation_from_GIT_with_PCRE-JIT.txt
-%%DOCSDIR%%/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104.txt
-%%DOCSDIR%%/Installation_with_CUDA_and_PFRING_on_Scientific_Linux_6.txt
-%%DOCSDIR%%/Installation_with_CUDA_and_PF_RING_on_Ubuntu_server_1104.txt
-%%DOCSDIR%%/Installation_with_CUDA_on_Scientific_Linux_6.txt
-%%DOCSDIR%%/Installation_with_CUDA_on_Ubuntu_server_1104.txt
-%%DOCSDIR%%/Installation_with_PF_RING.txt
-%%DOCSDIR%%/Mac_OS_X_106x.txt
 %%DOCSDIR%%/NEWS
-%%DOCSDIR%%/OpenBSD_Installation_from_GIT.txt
 %%DOCSDIR%%/README
 %%DOCSDIR%%/Setting_up_IPSinline_for_Linux.txt
 %%DOCSDIR%%/TODO
 %%DOCSDIR%%/Third_Party_Installation_Guides.txt
-%%DOCSDIR%%/Ubuntu_Installation.txt
-%%DOCSDIR%%/Ubuntu_Installation_from_GIT.txt
-%%DOCSDIR%%/Windows.txt
-%%NO_HTP_PORT%%include/htp/bstr.h
-%%NO_HTP_PORT%%include/htp/bstr_builder.h
-%%NO_HTP_PORT%%include/htp/htp.h
-%%NO_HTP_PORT%%include/htp/htp_base64.h
-%%NO_HTP_PORT%%include/htp/htp_config.h
-%%NO_HTP_PORT%%include/htp/htp_connection_parser.h
-%%NO_HTP_PORT%%include/htp/htp_core.h
-%%NO_HTP_PORT%%include/htp/htp_decompressors.h
-%%NO_HTP_PORT%%include/htp/htp_hooks.h
-%%NO_HTP_PORT%%include/htp/htp_list.h
-%%NO_HTP_PORT%%include/htp/htp_multipart.h
-%%NO_HTP_PORT%%include/htp/htp_table.h
-%%NO_HTP_PORT%%include/htp/htp_transaction.h
-%%NO_HTP_PORT%%include/htp/htp_urlencoded.h
-%%NO_HTP_PORT%%include/htp/htp_utf8_decoder.h
-%%NO_HTP_PORT%%include/htp/htp_version.h
-%%NO_HTP_PORT%%lib/libhtp.a
-%%NO_HTP_PORT%%lib/libhtp.so
-%%NO_HTP_PORT%%lib/libhtp.so.2
-%%NO_HTP_PORT%%lib/libhtp.so.2.0.0
-%%NO_HTP_PORT%%libdata/pkgconfig/htp.pc
-%%NO_HTP_PORT%%@dir include/htp
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc-0.9-py%%PYTHON_VER%%.egg-info
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.py
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/__init__.pyc
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.py
 %%SC%%%%PYTHON_SITELIBDIR%%/suricatasc/suricatasc.pyc
-@sample %%ETCDIR%%/suricata.yaml.sample
 @sample %%ETCDIR%%/classification.config.sample
 @sample %%ETCDIR%%/reference.config.sample
+@sample %%ETCDIR%%/suricata.yaml.sample
 @sample %%ETCDIR%%/threshold.config.sample
-%%ETCDIR%%/rules/app-layer-events.rules
-%%ETCDIR%%/rules/decoder-events.rules
-%%ETCDIR%%/rules/dns-events.rules
-%%ETCDIR%%/rules/files.rules
-%%ETCDIR%%/rules/http-events.rules
-%%ETCDIR%%/rules/modbus-events.rules
-%%ETCDIR%%/rules/smtp-events.rules
-%%ETCDIR%%/rules/stream-events.rules
-%%ETCDIR%%/rules/tls-events.rules
-@dir etc/suricata/rules
-@dir etc/suricata
+%%DATADIR%%/rules/app-layer-events.rules
+%%DATADIR%%/rules/decoder-events.rules
+%%DATADIR%%/rules/dnp3-events.rules
+%%DATADIR%%/rules/dns-events.rules
+%%DATADIR%%/rules/files.rules
+%%DATADIR%%/rules/http-events.rules
+%%DATADIR%%/rules/ipsec-events.rules
+%%DATADIR%%/rules/kerberos-events.rules
+%%DATADIR%%/rules/modbus-events.rules
+%%DATADIR%%/rules/nfs-events.rules
+%%DATADIR%%/rules/ntp-events.rules
+%%DATADIR%%/rules/smb-events.rules
+%%DATADIR%%/rules/smtp-events.rules
+%%DATADIR%%/rules/stream-events.rules
+%%DATADIR%%/rules/tls-events.rules
+@dir %%DATADIR%%
+@dir %%ETCDIR%%
+@dir include/htp
 @dir(root,wheel,0700) /var/log/suricata
-@postunexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, run ``rm -rf ${PKG_PREFIX}/etc/suricata`` to remove configuration files."; fi
+@postunexec if [ -d %D/%%ETCDIR%% ]; then echo "==> If you are permanently removing this port, run ``rm -rf ${PKG_PREFIX}/%%ETCDIR%%`` to remove configuration files."; fi
 @dir %%DOCSDIR%%