diff --git a/package/iptables/Makefile b/package/iptables/Makefile
index 9d6d195fe1f31b6589f8f4c6a325dca5c32838f7..6a4e0541e417c77035d044f89f8263db4e9e0e8b 100644
--- a/package/iptables/Makefile
+++ b/package/iptables/Makefile
@@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/kernel.mk
 
 PKG_NAME:=iptables
-PKG_VERSION:=1.4.9.1
+PKG_VERSION:=1.4.10
 PKG_RELEASE:=1
 
-PKG_MD5SUM:=fbadfb0b5f2dbda49e0ad06a798898e3
+PKG_MD5SUM:=f382fe693f0b59d87bd47bea65eca198
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=http://www.netfilter.org/projects/iptables/files \
 	ftp://ftp.be.netfilter.org/pub/netfilter/iptables/ \
diff --git a/package/iptables/patches/002-layer7_2.17.patch b/package/iptables/patches/002-layer7_2.22.patch
similarity index 92%
rename from package/iptables/patches/002-layer7_2.17.patch
rename to package/iptables/patches/002-layer7_2.22.patch
index 3257f0fb70c5254a97ed106be7f1cf16d0e9c1b9..04b21c010567fa76c5799e97cbef7d6b34e468df 100644
--- a/package/iptables/patches/002-layer7_2.17.patch
+++ b/package/iptables/patches/002-layer7_2.22.patch
@@ -1,5 +1,5 @@
 --- /dev/null
-+++ b/extensions/libxt_layer7.c
++++ b/libxt_layer7.c
 @@ -0,0 +1,368 @@
 +/* 
 +   Shared library add-on to iptables for layer 7 matching support. 
@@ -369,20 +369,3 @@
 +{
 +	xtables_register_match(&layer7);
 +}
---- /dev/null
-+++ b/extensions/libxt_layer7.man
-@@ -0,0 +1,14 @@
-+This module matches packets based on the application layer data of 
-+their connections.  It uses regular expression matching to compare 
-+the application layer data to regular expressions found it the layer7 
-+configuration files.  This is an experimental module which can be found at 
-+http://l7-filter.sf.net.  It takes two options.
-+.TP
-+.BI "--l7proto " "\fIprotocol\fP"
-+Match the specified protocol.  The protocol name must match a file 
-+name in /etc/l7-protocols/ or one of its first-level child directories.
-+.TP
-+.BI "--l7dir " "\fIdirectory\fP"
-+Use \fIdirectory\fP instead of /etc/l7-protocols/.  This option must be 
-+specified before --l7proto.
-+
diff --git a/package/iptables/patches/010-multiport-linux-2.4-compat.patch b/package/iptables/patches/010-multiport-linux-2.4-compat.patch
index e87dfc1b68de6e5987ed6dd19467ab8a327dda6e..3b35f7e3c6ab1719bc4d4982bc4f7ef841d7ba77 100644
--- a/package/iptables/patches/010-multiport-linux-2.4-compat.patch
+++ b/package/iptables/patches/010-multiport-linux-2.4-compat.patch
@@ -1,6 +1,6 @@
 --- a/extensions/libxt_multiport.c
 +++ b/extensions/libxt_multiport.c
-@@ -14,21 +14,6 @@
+@@ -15,21 +15,6 @@
  #include <linux/netfilter/xt_multiport.h>
  
  /* Function which prints out usage message. */
@@ -22,7 +22,7 @@
  static void multiport_help_v1(void)
  {
  	printf(
-@@ -71,26 +56,6 @@ proto_to_name(u_int8_t proto)
+@@ -72,26 +57,6 @@ proto_to_name(u_int8_t proto)
  	}
  }
  
@@ -49,7 +49,7 @@
  static void
  parse_multi_ports_v1(const char *portstring, 
  		     struct xt_multiport_v1 *multiinfo,
-@@ -154,73 +119,6 @@ check_proto(u_int16_t pnum, u_int8_t inv
+@@ -155,73 +120,6 @@ check_proto(u_int16_t pnum, u_int8_t inv
  /* Function which parses command options; returns true if it
     ate an option */
  static int
@@ -123,7 +123,7 @@
  __multiport_parse_v1(int c, char **argv, int invert, unsigned int *flags,
                       struct xt_entry_match **match, u_int16_t pnum,
                       u_int8_t invflags)
-@@ -313,55 +211,6 @@ print_port(u_int16_t port, u_int8_t prot
+@@ -314,55 +212,6 @@ print_port(u_int16_t port, u_int8_t prot
  }
  
  /* Prints out the matchinfo. */
@@ -179,7 +179,7 @@
  static void __multiport_print_v1(const struct xt_entry_match *match,
                                   int numeric, u_int16_t proto)
  {
-@@ -418,48 +267,6 @@ static void multiport_print6_v1(const vo
+@@ -419,48 +268,6 @@ static void multiport_print6_v1(const vo
  }
  
  /* Saves the union ipt_matchinfo in parsable form to stdout. */
@@ -228,7 +228,7 @@
  static void __multiport_save_v1(const struct xt_entry_match *match,
                                  u_int16_t proto)
  {
-@@ -513,34 +320,6 @@ static struct xtables_match multiport_mt
+@@ -514,34 +321,6 @@ static struct xtables_match multiport_mt
  	{
  		.family        = NFPROTO_IPV4,
  		.name          = "multiport",
diff --git a/package/iptables/patches/020-iptables-disable-modprobe.patch b/package/iptables/patches/020-iptables-disable-modprobe.patch
index 338962ffbeea758e44776a3c690648b364549f8d..422058df787b253dac8c66bd84d31bc46b2c7c1d 100644
--- a/package/iptables/patches/020-iptables-disable-modprobe.patch
+++ b/package/iptables/patches/020-iptables-disable-modprobe.patch
@@ -8,7 +8,7 @@
  	char *buf = NULL;
  	char *argv[4];
  	int status;
-@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname, 
+@@ -348,6 +349,7 @@ int xtables_insmod(const char *modname,
  	free(buf);
  	if (WIFEXITED(status) && WEXITSTATUS(status) == 0)
  		return 0;
diff --git a/package/iptables/patches/030-no-libnfnetlink.patch b/package/iptables/patches/030-no-libnfnetlink.patch
index 07bed666cae2dcc31923cb48cbfcde0655ef4a0c..cda9a7205be2deecac5908f60a4635f5c5c620d3 100644
--- a/package/iptables/patches/030-no-libnfnetlink.patch
+++ b/package/iptables/patches/030-no-libnfnetlink.patch
@@ -1,6 +1,6 @@
 --- a/configure
 +++ b/configure
-@@ -10864,75 +10864,7 @@ $as_echo "no" >&6; }
+@@ -10917,75 +10917,7 @@ $as_echo "no" >&6; }
  	fi
  fi
  
@@ -79,7 +79,7 @@
  else
 --- a/configure.ac
 +++ b/configure.ac
-@@ -68,9 +68,7 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test
+@@ -79,9 +79,7 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test
  AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
  AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])