Patches changes the source code of the kernel and iptables in a lot of places, not just a modular place in the code you can separate from the rest, that's why you can't patch code from modules or pieces of code, because many places in the code are changed when you apply the patches.
Which is probably the reason why some of the patch-o-matic patches are failing to install with some versions of kernel, and other patches are failing to install with some other versions of kernel. If the things were designed the right way from the day one, we wouldn't need to download xyz MB of kernel source, install development environment, compilers and stuff, going through the hussle of recompiling the kernel, .... Instead of just downloading one or two additional kernel modules (couple of kB) that we really need (in either source or object format), and there would be no need to recompile them when upgrading the kernel. That was one of the things in which Solaris is light years ahead of Linux (sorry to have to say that, but it's the hard truth).
-- Aleksandar Milivojevic <amilivojevic@xxxxxx> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
