diff --git a/iptables.spec b/iptables.spec
index 09ac10c..6c55721 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -11,7 +11,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: https://www.netfilter.org/projects/iptables
 Version: 1.8.7
-Release: 4%{?dist}
+Release: 5%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -151,6 +151,8 @@ a safer way to update iptables remotely.
 %package nft
 Summary: nftables compatibility for iptables, arptables and ebtables
 Requires: %{name}-libs%{?_isa} = %{version}-%{release}
+Requires(post): %{_sbindir}/update-alternatives
+Requires(postun): %{_sbindir}/update-alternatives
 Obsoletes: iptables-compat < 1.6.2-4
 Provides: arptables-helper
 Provides: iptables
@@ -250,6 +252,20 @@ if [ $1 -eq 0 ]; then
 		iptables %{_sbindir}/iptables-legacy
 fi
 
+# iptables-1.8.0-1 introduced the use of alternatives
+# when upgrading, its %postun script runs due to the package renaming
+# fix this by repeating the install into alternatives
+%triggerpostun legacy -- iptables > 1.8.0
+pfx=%{_sbindir}/iptables
+pfx6=%{_sbindir}/ip6tables
+%{_sbindir}/update-alternatives --install \
+	$pfx iptables $pfx-legacy 10 \
+	--slave $pfx6 ip6tables $pfx6-legacy \
+	--slave $pfx-restore iptables-restore $pfx-legacy-restore \
+	--slave $pfx-save iptables-save $pfx-legacy-save \
+	--slave $pfx6-restore ip6tables-restore $pfx6-legacy-restore \
+	--slave $pfx6-save ip6tables-save $pfx6-legacy-save
+
 %post services
 %systemd_post iptables.service ip6tables.service
 
@@ -390,6 +406,10 @@ fi
 
 
 %changelog
+* Tue Mar 23 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-5
+- Fix upgrade path with package rename
+- Add missing dependencies to iptables-nft package
+
 * Tue Feb 16 2021 Phil Sutter <psutter@redhat.com> - 1.8.7-4
 - Drop bootstrap code again
 - Drop workarounds for F24 and lower