+--- a/include/linux/netfilter_ipv4/Kbuild
++++ b/include/linux/netfilter_ipv4/Kbuild
+@@ -45,3 +45,14 @@ header-y += ipt_ttl.h
+
+ unifdef-y += ip_queue.h
+ unifdef-y += ip_tables.h
++
++unifdef-y += ip_set.h
++header-y += ip_set_iphash.h
++header-y += ip_set_ipmap.h
++header-y += ip_set_ipporthash.h
++unifdef-y += ip_set_iptree.h
++unifdef-y += ip_set_iptreemap.h
++header-y += ip_set_jhash.h
++header-y += ip_set_macipmap.h
++unifdef-y += ip_set_nethash.h
++header-y += ip_set_portmap.h
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_set.h
@@ -0,0 +1,498 @@
+module_exit(ipt_SET_fini);
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
-@@ -401,5 +401,122 @@
+@@ -395,5 +395,122 @@ config IP_NF_ARP_MANGLE
Allows altering the ARP packet payload: source and destination
hardware and network addresses.
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
-@@ -49,6 +49,7 @@
+@@ -49,6 +49,7 @@ obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
obj-$(CONFIG_IP_NF_MATCH_RECENT) += ipt_recent.o
obj-$(CONFIG_IP_NF_MATCH_TTL) += ipt_ttl.o
+obj-$(CONFIG_IP_NF_MATCH_SET) += ipt_set.o
- obj-$(CONFIG_IP_NF_MATCH_IPP2P) += ipt_ipp2p.o
-
-@@ -62,6 +63,18 @@
+ # targets
+ obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
+@@ -60,6 +61,18 @@ obj-$(CONFIG_IP_NF_TARGET_REDIRECT) += i
obj-$(CONFIG_IP_NF_TARGET_REJECT) += ipt_REJECT.o
obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o