This tutorial will explain how to install aditional modules for the kernel to use with iptables rules sets (netfilter modules). Xtables-addons is the successor to patch-o-matic(-ng). Likewise, it contains extensions that were not, or are not yet, accepted in the main kernel/iptables packages. Xtables-addons is different from patch-o-matic in that you do not have to patch or recompile the kernel.
A list of all available modules can be found here and their usage here.
 
1 Preliminary Note

Before we start, make sure that SELinux is disabled. Run
system-config-securitylevel

or edit /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted
to disable SELinux, and ...
echo 0 > /selinux/enforce

... for the change to take effect.
 
2 Supported Configurations

* iptables >= 1.4.3
* kernel-source >= 2.6.29
For ipset-6 you need:
* libmnl
* Linux kernel >= 2.6.35
 
3 Installing Packages

Note: you'll need the same version of kernel-devel package as your current kernel!
uname -r

2.6.32-71.el6.i686
yum install gcc gcc-c++ make automake unzip zip xz kernel-devel-`uname -r` iptables-devel

In this case kernel-devel-2.6.32-71.el6.i686
Install rpmforge repo for perl-Text-CSV_XS package:
rpm -i http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm

yum install perl-Text-CSV_XS

 
4 Compile xtables-addons

Get xtables-addons source and unarchive it:
wget http://downloads.sourceforge.net/project/xtables-addons/Xtables-addons/1.37/xtables-addons-1.37.tar.xz

tar xvf xtables-addons-1.37.tar.xz

Compile modules:
cd xtables-addons-1.37/

Note: You can edit the "mconfig" file to select what modules to build and install. By default, all modules are enabled.
./configure
make && make install

 
5 Setting Up geoip Module

Create geoip database for iptables geoip match:
cd geoip/

Using the scripts form geoip folder download and compile MaxMind GeoIPCountry database:
./xt_geoip_dl

./xt_geoip_build GeoIPCountryWhois.csv

Move the files to their default location:
mkdir -p /usr/share/xt_geoip/

cp -r {BE,LE} /usr/share/xt_geoip/

Test it like this:
iptables -I INPUT -m geoip --src-cc JP -j DROP

This will drop all incoming connections from JP.