Previous two were for 2.6.22, if using nf-dev, the following extra is needed. --- net/netfilter/xt_socket.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Index: linux-2.6.22.1/net/netfilter/xt_socket.c =================================================================== --- linux-2.6.22.1.orig/net/netfilter/xt_socket.c +++ linux-2.6.22.1/net/netfilter/xt_socket.c @@ -19,11 +19,11 @@ #include <net/tcp.h> #include <net/udp.h> -static int +static bool socket_match(const struct sk_buff *skb, const struct net_device *in, const struct net_device *out, const struct xt_match *match, const void *matchinfo, int offset, unsigned int protoff, - int *hotdrop) + bool *hotdrop) { const struct iphdr *iph = ip_hdr(skb); struct udphdr _hdr, *hp;