2. Problems during the build process

2.1 I cannot compile iptables-1.1.1 with kernel >= 2.4.0-test4

This is a known issue. The mechanism for the detection which patches to apply is broken. Try using "make build" instead of "make".

Better solution: Upgrade to iptables-1.1.2 or later

2.2 I cannot compile iptables 1.1.0 with recent kernels (>= 2.3.99-pre8)

Internal structures in iptables have changed. Upgrade to iptables >= 1.1.1

2.3 Some patch-o-matic patches from iptables-1.2.1a don't work with kernel >= 2.4.4

Please use iptables-1.2.2 release or use netfilter CVS.

2.4 ipt_BALANCE, ip_nat_ftp, ip_nat_irc, ipt_SAME, ipt_NETMAP don't compile

Most likely you are experiencing compile problems with a function called ip_nat_setup_info.

If you are using iptables <= 1.2.2, you NEED to apply the 'dropped-table' and 'ftp-fixes' patches.

If you are using iptables > 1.2.2 or recent CVS, please don't apply the 'dropped-table', as it is incompatible with BALANCE, NETMAP, irc-nat, SAME and talk-nat.

2.5 I'm using Alan Cox' 2.4.x-acXX series kernel and I experience problems

The netfilter core team bases development on Linus' kernel tree, so using -ac series is on your own risk.