2. Problems during the build process

2.1 I cannot compile iptables-1.1.1 with kernel >= 2.4.0-test4

This is a known issue. The mechanism for the detection which patches to apply is broken. Try using "make build" instead of "make".

Better solution: Upgrade to iptables-1.1.2

2.2 I cannot compile iptables 1.1.0 with recent kernels (>= 2.3.99-pre8)

Internal structures in iptables have changed. Upgrade to iptables >= 1.1.1

2.3 If I use the IRC module from patch-o-matic in iptables-1.1.2, I run into problems compiling the patched kernel

Unfortunately a small bug made it into ip_conntrack_irc.c

Just edit Line number 46 of {your-kernel-dir}/net/ipv4/netfilter/ip_nat_irc.c from

MODULE_PARM_DESC("port numbers of IRC servers");
to
MODULE_PARM_DESC(ports, "port numbers of IRC servers");

2.4 If I use the string match module from patch-o-matic in iptables-1.1.2, I run into problems compiling the patched kernel

Yes, unfortunately another bug made it into iptables-1.1.2 :(

Just edit {your-kernel-dir}/include/linux/netfilter_ipv4/ipt_string.h and add the following line to the end of the file:

#endif /* _IPT_STRING_H */

Another option is using the latest netfilter CVS tree, which is available on the netfilter homepage.

2.5 iptables-save and iptables-restore don't compile

I discovered the two tools 'iptables-save' and 'iptables-restore', included them in the Makefile and they don't compile.

They are not included in the Makefile, because they don't work with the recent netfilter/iptables system. A rewrite is in progress, though. Have a look at recent CVS revisions.