I never compiled the kernel and never applied a patch.I run debian sarge 3.1 stable but in /usr/src is empty.I want to patch-o-matic my kernel where is the kernel source directory as value of the KERNEL_DIR parameter: ... /boot ?
Thanks !

You probably do not have the actual kernel source code installed on the system. Use apt-get install kernel-source-2.X.X (make sure to replace X.X with the correct kernel version for your system).

Make sure that you've read and understand both of these before proceeding:
http://www.netfilter.org/documentati...O-2.html#ss2.2
http://www.debian.org/doc/manuals/re...kernel.en.html

Thanks ! i'm also giving a look to the ipset package , do you know it ? If not, it's on the netfilter homepage !
http://ipset.netfilter.org/ipset-2.2.9-20060508.tar.bz2

But first Patch O Matic :
I have run the ./runme and asked me the kernel dir and than the iptables sourcecode dir which i don't have(or i haven't got idea where it is ), if i install with apt i do not have a soucedir for packages,right?) ,
Whit POM i'm at this stage :
root@argo:/usr/src/iptables-1.3.5# make KERNEL_DIR=/usr/src/kernel-headers-2.6.8-3-386
Making dependencies: please wait...
Something wrong... deleting dependencies.
make: *** [assert.h] Error 1

... So i Got a tarball from netfilter.org .I like the idea of compiling iptables POM ipset all in one go but in the first place happen things like the above error what's happening at the iptables'make ???

You need to run patch-o-matic first before you do any compiling. Before you run patch-o-matic you'll need to install the kernel sources. Use the apt-get command I posted above. It will download the kernel source and install it in the proper directory.

Make sure to follow the directions carefully. If you do this half-arsed there's a good likliehood of screwing your system up.

I launched apt-get install kerner-source-2.6.8 that's my /usr/src/ :
root@argo:~# ls /usr/src/
kernel-patches kernel-source-2.6.8 kernel-source-2.6.8.tar.bz2 rpm

The kernel sourcee .tar.gz is there cause i tried compiling before,what next ?

Unpack the bzipped tarball in the /usr/src directory. When it is unpacked you should have a linux-2.6.8 directory. That will be your path when P-O-M prompts you.

Also, note that there were several known vulnerabilities in the original 2.6.8 kernels used by debian, so make sure that you've upgraded to the current version.

I run
i get
pointing at
as kernel dir ..........

Are you using patch-o-matic or patch-o-matic-ng?

What is in the /usr/src/kernel-source-2.6.8/ directory?
Do the /usr/src/kernel-source-2.6.8/net/ipv4/netfilter/Config.help and other file exist?

It's patch-o-matic

That's likely the problem. For the 2.6 kernels you need to use patch-O-matic-ng.

Where is your iptables source code? [/usr/src/iptables]

I hope that's the last question if i download an iptables and unpack it and use the dir as source dir ??? ... let's see !!!

Yup, just download the iptables source and unpack it. Enter the path to that dir (or just put the iptables source in /usr/src/iptables. Good luck and follow the directions carefully.

Now i only have to apply new features to my iptables script, isn'it ? ? ?
How can i see witch new features have applied and which not ?The questions list of new patch to apply don't seem much long i have used the ./runme --batch base ... i will look things better !!!

Yes, once the patches have been applied you need to compile the kernel and kernel modules. For some of the netfilter patches you will need to specifically enable that feature when you do the configuration step of the kernel compilation. These options will appear in the networking section under netfilter.

I believe if you re-run the runme script it will show which patches have already been applied (the patch will now appear as "applied".

You only applied the "base" netfilter extensions. There is also the "extra", "pending", and "submitted" extensions. Note that many of those are experimental and currently do not work. So be careful when applying some of the other patches and definitely do not install all of them. For each patch you consider installing, make sure to check its status at the netfilter website.

I go in the kernel-source-dir , run make menuconfig , i will find the new POM patches there , i will enable them , save and reload newkernel , right ?