This patch fixes an issue where iptables throws the following error: "getsockopt failed strangely". This patch is taken from the netfilter svn (and it's included in iptable 1.4.0rc1): http://svn.netfilter.org/cgi-bin/viewcvs.cgi?rev=6890&view=rev --- iptables/iptables.c 2007/04/30 00:01:39 6815 +++ iptables/iptables.c 2007/06/26 15:29:45 6890 @@ -1158,7 +1158,7 @@ max_rev = getsockopt(sockfd, IPPROTO_IP, opt, &rev, &s); if (max_rev < 0) { /* Definitely don't support this? */ - if (errno == EPROTONOSUPPORT) { + if (errno == ENOENT || errno == EPROTONOSUPPORT) { close(sockfd); return 0; } else if (errno == ENOPROTOOPT) { --- iptables/ip6tables.c 2007/06/25 14:55:18 6889 +++ iptables/ip6tables.c 2007/06/26 15:29:45 6890 @@ -1130,7 +1130,7 @@ max_rev = getsockopt(sockfd, IPPROTO_IPV6, opt, &rev, &s); if (max_rev < 0) { /* Definitely don't support this? */ - if (errno == EPROTONOSUPPORT) { + if (errno == ENOENT || errno == EPROTONOSUPPORT) { close(sockfd); return 0; } else if (errno == ENOPROTOOPT) {