I forgot to add this on my recent kernel howtos but those using apf on the new kernels and getting ipt_state error, since 2.6.15 they changed the name of them kernel modules and apf does not recognize them. Do not enable monokern as some people suggest, this will screw up your passive ftp and will not work good. To fix this problem simply edit the apf.conf as shown below.

nano -w /etc/apf/internals/functions.apf

find (crtl+w)
ml ipt_state 1
ml ipt_multiport 1

Replace with:
ml xt_state
ml xt_multiport

Start or restart apf and all should be fine

Source: www.evolution-security.com
Come vist us for more howtos and a huge download section