Rebuild procedure for patch-o-matic : - download latest version of patch-o-matic and iptables from ftp://ftp.netfilter.org/ (20030912 at the moment) - untar iptables to a temporary directory (eg: /tmp) - untar patch-o-matic inside the new iptables directory - copy the latest kernel [pre-]release to a new directory - cd - do a "KERNEL_DIR=path_to_new_kernel NETFILTERDIR=../iptables bash-205b ./runme extra" (!!!! be sure that bash is 2.05 !!!) - to obtain separated patches, each time the patchsets switch to submitted, pending, base, extra..., dup the tree to the corresponding name, to diff them later like this : # old=linux-2.4.21-bk-1.1141 seq=1 # for i in pending base extra optim; do new=linux-2.4.21-bk1141-pom-20030429-$i (cd $new && make distclean) diff -urN $old $new > patch-2.4.21-bk-1.1141-pom-20030429-$seq-$i old=$new seq=$[$seq+1] done - apply patch-XXX-pom-XXXX-pre-extra to the kernel before applying extra patches, if needed ============= In general, avoid replying 'yes' to patches in submitted directory if you're working on a very recent pre-release, because they have great chances of having already being applied and breaking other patches. Very minimal patch list : Already applied: submitted/01_2.4.19 submitted/02_2.4.20 submitted/03_2.4.21 submitted/04_2.4.22 submitted/44_backport_ah_esp_fixes submitted/54_ip_nat-macro-args submitted/58-ip_conntrack-macro-args submitted/60_nat_tftp-remove-warning submitted/73_ipt_MASQUERADE-oif submitted/74_nat-range-fix pending/39_ip_conntrack-proc pending/40_nf-log pending/55_ipt_unclean-tcp-flag-table pending/59_ip_nat_h-unused-var pending/61-remove-memsets base/IPV4OPTSSTRIP base/TTL base/connlimit base/iprange base/ipv4options base/mport base/psd base/random base/time extra/ROUTE extra/TCPLAG extra/addrtype extra/condition extra/string extra/tcp-window-tracking Most often, entries in the 'submitted' section which appear as not applied are in mis-identified and should be replied with "N". WARNING: Don't apply any patch which changes the user-space API in the kernel (eg: TRACE). A more reasonable list : Already applied: submitted/01_2.4.19 submitted/02_2.4.20 submitted/03_2.4.21 submitted/04_2.4.22 submitted/05_2.4.23 submitted/61-remove-memsets submitted/64_masquerade-sameip-noflush submitted/69_amanda-helpers submitted/70_expect-evict-order submitted/72_recent_procfs_fix submitted/74_listhelp submitted/75_selective_cleanup submitted/76_conntrack_bucket_sysctl submitted/88_ip_queue-maxlen submitted/90_fw_compat_local-nullbinding pending/40_nf-log pending/40_nf-log-ipv6 pending/59_ip_nat_h-unused-var pending/60_ecn_raw_unclone base/HL-ipv6 base/IPV4OPTSSTRIP base/NETLINK base/NETMAP base/REJECT-ipv6 base/SAME base/TTL base/connlimit base/iprange base/ipv4options base/mport base/nth base/nth6-ipv6 base/osf base/pool base/psd base/random base/random6-ipv6 base/raw -> conflicts with extra/conntrack-seqfile base/time base/u32 extra/CLASSIFY - extra/CONNMARK -> conflicts with extra/conntrack_arefcount extra/IPMARK extra/ROUTE extra/ROUTE-ipv6 extra/XOR extra/addrtype extra/condition extra/condition6-ipv6 extra/conntrack_arefcount extra/conntrack_locking extra/conntrack_nonat - extra/ctstat -> conflicts with extra/tcp-window-tracking extra/cuseeme-nat extra/eggdrop-conntrack extra/h323-conntrack-nat extra/ipt_TARPIT extra/mms-conntrack-nat extra/owner-socketlookup extra/ownercmd-ipv6 extra/quake3-conntrack extra/rpc extra/rsh extra/rtsp-conntrack extra/string extra/talk-conntrack-nat extra/tcp-window-tracking Then, apply the "ip_ct_refresh_optimization" patch : KERNEL_DIR=xxx ./runme optimizations/ip_ct_refresh_optimization.patch