Patch-o-matic (POM) is a helper application for applying various developmental and experimental patches to Iptables and the linux Kernel source code. POM simply automates the patching process and provides an interactive menu for selecting which patches to install.
When POM is executed (usually by running the "runme" executable) it prompts you for paths to the linux kernel and iptables source codes. Note that most distributions do not install these sources by default and they must be specifically selected during the installation process or downloaded from the vendor before running POM. Next, Patch-o-matic will proceed through each of the available patches and ask you whether you would like to install. If you choose to install, POM will notify you if the patch applies cleanly or not. Once you've successfully applied the required patches, the kernel and kernel modules must be compiled and installed. During the kernel configuration step, make sure to enable the new features in the Netfilter submenu. POM has three primary modes that it can be run in: base, pending, or extra depending on which category of patches you wish to apply.
The Netfilter patches that are part of Patch-o-matic vary dramatically in their stability and whether they even work. So it's highly recommended to check the status of any patches at the Netfilter site beforehand.
You should only install the patches that you require. Installing all the patches will likely severely affect the stability of your system.
No further "stable" branches of Patch-o-matic are being released. Instead nightly "snapshot" builds are being offered.