MP> It's because the mandrake kernel uses patches from patch-o-matic. In 9.1 this MP> didn't give problems, but in 9.2 it apparently did (hum, it was even a MP> netfilter faq).
How about TTL target patch. There is support for ttl matches, and also iptables libs in 9.2 support TTL target but there is no TTL target patch in kernel. It is seldom used but its nice since with it traceroute doesn't show your firewall :)))