diff --git a/Shorewall/Perl/Shorewall/Raw.pm b/Shorewall/Perl/Shorewall/Raw.pm
index 1e0f4102b..87b867856 100644
--- a/Shorewall/Perl/Shorewall/Raw.pm
+++ b/Shorewall/Perl/Shorewall/Raw.pm
@@ -146,20 +146,16 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
 	    if ( $option eq 'helper' ) {
 		my $modifiers = '';
 
-		$disposition = "helper";
+		$disposition = 'helper';
 
-		if ( $args =~ /^([-\w.]*)\((.+)\)$/ ) {
+		if ( $args =~ /^([-\w.]+)\((.+)\)$/ ) {
 		    $args      = $1;
 		    $modifiers = $2;
 		}
 
-		if ( supplied $args ) {
-		    fatal_error "Invalid helper' ($args)" if $args =~ /,/;
-		    validate_helper( $args, $proto );
-		    $action = "CT --helper $helpers_aliases{$args}";
-		} else {
-		    $action = "CT ";
-		}
+		fatal_error "Invalid helper' ($args)" if $args =~ /,/;
+		validate_helper( $args, $proto );
+		$action = "CT --helper $helpers_aliases{$args}";
 
 		$exception_rule = do_proto( $proto, '-', '-' );
 		
@@ -181,6 +177,17 @@ sub process_conntrack_rule( $$$$$$$$$$ ) {
 			fatal_error "Invalid helper option ($mod)";
 		    }
 		}
+	    } elsif ( $option eq 'ctevents' ) {
+		$disposition = 'helper';
+
+		for ( split_list( $args, 'ctevents' ) ) {
+		    fatal_error "Invalid 'ctevents' event ($_)" unless $valid_ctevent{$_};
+		}
+
+		$action = "CT --ctevents $args";
+	    } elsif ( $option eq 'expevents' ) {
+		fatal_error "Invalid expevent argument ($args)" unless $args eq 'new';
+		$action = 'CT --expevents new';
 	    } else {
 		fatal_error "Invalid CT option ($option)";
 	    }
diff --git a/Shorewall/manpages/shorewall-conntrack.xml b/Shorewall/manpages/shorewall-conntrack.xml
index 4a8aaf05e..cf8ac57e0 100644
--- a/Shorewall/manpages/shorewall-conntrack.xml
+++ b/Shorewall/manpages/shorewall-conntrack.xml
@@ -90,7 +90,8 @@
         role="bold">NOTRACK</emphasis>|<emphasis
         role="bold">CT</emphasis>:<emphasis
         role="bold">helper</emphasis>:<replaceable>name</replaceable>[(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|<emphasis
-        role="bold">CT:helper:(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)|IPTABLES(<replaceable>target</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
+        role="bold">CT:ctevents:<replaceable>event</replaceable>[,...]|CT:expevents:new</emphasis><emphasis
+        role="bold">|CT:notrack</emphasis>|DROP|LOG|ULOG(<replaceable>ulog-parameters</replaceable>):NFLOG(<replaceable>nflog-parameters</replaceable>)|IPTABLES(<replaceable>target</replaceable>)}[<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
 
         <listitem>
           <para>This column is only present when FORMAT &gt;= 2. Values other
@@ -243,11 +244,31 @@
                   expectation events for this connection.</para>
                 </listitem>
               </itemizedlist>
+            </listitem>
 
-              <para>Beginning with Shorewall 4.6.10, the parenthesized list of
-              <replaceable>arg</replaceable>=<replaceable>val</replaceable>
-              pairs may be given without a helper name (e.g.,
-              CT:helper:(ctevents=assured,destroyed)).</para>
+            <listitem>
+              <para>ctevents:<replaceable>event</replaceable>[,...]</para>
+
+              <para>Added in Shorewall 4.6.10. Only generate the specified
+              conntrack events for this connection. Possible event types are:
+              <emphasis role="bold">new</emphasis>, <emphasis
+              role="bold">related</emphasis>, <emphasis
+              role="bold">destroy</emphasis>, <emphasis
+              role="bold">reply</emphasis>, <emphasis
+              role="bold">assured</emphasis>, <emphasis
+              role="bold">protoinfo</emphasis>, <emphasis
+              role="bold">helper</emphasis>, <emphasis
+              role="bold">mark</emphasis> (this is connection mark, not packet
+              mark), <emphasis role="bold">natseqinfo</emphasis>, and
+              <emphasis role="bold">secmark</emphasis>.</para>
+            </listitem>
+
+            <listitem>
+              <para>expevents=new</para>
+
+              <para>Added in Shorewall 4.6.10. Only generate <emphasis
+              role="bold">new</emphasis> expectation events for this
+              connection.</para>
             </listitem>
 
             <listitem>
diff --git a/Shorewall6/manpages/shorewall6-conntrack.xml b/Shorewall6/manpages/shorewall6-conntrack.xml
index 0ea0e413d..ea661658f 100644
--- a/Shorewall6/manpages/shorewall6-conntrack.xml
+++ b/Shorewall6/manpages/shorewall6-conntrack.xml
@@ -90,8 +90,7 @@
         role="bold">NOTRACK</emphasis>|<emphasis
         role="bold">CT</emphasis>:<emphasis
         role="bold">helper</emphasis>:<replaceable>name</replaceable>[(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])|<emphasis
-        role="bold">CT:helper:(<replaceable>arg</replaceable>=<replaceable>val</replaceable>[,...])</emphasis>|<emphasis
-        role="bold">CT:notrack</emphasis>|DROP|LOG|NFLOG(<replaceable>nflog-parameters</replaceable>)|IP6TABLES(<replaceable>target</replaceable>)}[:<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
+        role="bold">CT:ctevents:<replaceable>event</replaceable>[,...]|CT:expevents:new|notrack</emphasis>|DROP|LOG|NFLOG(<replaceable>nflog-parameters</replaceable>)|IP6TABLES(<replaceable>target</replaceable>)}[:<replaceable>log-level</replaceable>[:<replaceable>log-tag</replaceable>]][:<replaceable>chain-designator</replaceable>]</term>
 
         <listitem>
           <para>This column is only present when FORMAT &gt;= 2. Values other
@@ -239,15 +238,35 @@
                 <listitem>
                   <para><option>expevents</option><option>=new</option></para>
 
-                  <para>Only generate a <emphasis role="bold">new</emphasis>
+                  <para>Only generate <emphasis role="bold">new</emphasis>
                   expectation events for this connection.</para>
                 </listitem>
               </itemizedlist>
+            </listitem>
 
-              <para>Beginning with Shorewall 4.6.10, the parenthesized list of
-              <replaceable>arg</replaceable>=<replaceable>val</replaceable>
-              pairs may be given without a helper name (e.g.,
-              CT:helper:(ctevents=assured,destroyed)).</para>
+            <listitem>
+              <para>ctevents:<replaceable>event</replaceable>[,...]</para>
+
+              <para>Added in Shorewall 4.6.10. Only generate the specified
+              conntrack events for this connection. Possible event types are:
+              <emphasis role="bold">new</emphasis>, <emphasis
+              role="bold">related</emphasis>, <emphasis
+              role="bold">destroy</emphasis>, <emphasis
+              role="bold">reply</emphasis>, <emphasis
+              role="bold">assured</emphasis>, <emphasis
+              role="bold">protoinfo</emphasis>, <emphasis
+              role="bold">helper</emphasis>, <emphasis
+              role="bold">mark</emphasis> (this is connection mark, not packet
+              mark), <emphasis role="bold">natseqinfo</emphasis>, and
+              <emphasis role="bold">secmark</emphasis>.</para>
+            </listitem>
+
+            <listitem>
+              <para>expevents=new</para>
+
+              <para>Added in Shorewall 4.6.10. Only generate <emphasis
+              role="bold">new</emphasis> expectation events for this
+              connection.</para>
             </listitem>
 
             <listitem>