diff --git a/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
new file mode 100644
index 0000000..ab609e2
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/0001-configure-Add-option-to-enable-disable-libnfnetlink.patch
@@ -0,0 +1,47 @@
+From 5c47cf5061b852c02178f01e23690bfe38a99d93 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Sun, 17 Mar 2013 11:21:35 -0700
+Subject: [PATCH] configure: Add option to enable/disable libnfnetlink
+
+This changes the configure behaviour from autodetecting
+for libnfnetlink to having an option to disable it explicitly
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Upstream-Status: Pending
+---
+ configure.ac |   11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index ba616ab..ce2d315 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -53,6 +53,9 @@ AC_ARG_ENABLE([libipq],
+ AC_ARG_WITH([pkgconfigdir], AS_HELP_STRING([--with-pkgconfigdir=PATH],
+ 	[Path to the pkgconfig directory [[LIBDIR/pkgconfig]]]),
+ 	[pkgconfigdir="$withval"], [pkgconfigdir='${libdir}/pkgconfig'])
++AC_ARG_ENABLE([libnfnetlink],
++	AS_HELP_STRING([--disable-libnfnetlink], [Do not use netfilter netlink library]),
++	[enable_libnfnetlink="$enableval"], [enable_libnfnetlink="yes"])
+ 
+ libiptc_LDFLAGS2="";
+ AX_CHECK_LINKER_FLAGS([-Wl,--no-as-needed],
+@@ -89,9 +92,11 @@ AM_CONDITIONAL([ENABLE_LARGEFILE], [test "$enable_largefile" = "yes"])
+ AM_CONDITIONAL([ENABLE_DEVEL], [test "$enable_devel" = "yes"])
+ AM_CONDITIONAL([ENABLE_LIBIPQ], [test "$enable_libipq" = "yes"])
+ 
+-PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0],
+-	[nfnetlink=1], [nfnetlink=0])
+-AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "$nfnetlink" = 1])
++AS_IF([test "x$enable_libnfnetlink" = "xyes"], [
++  PKG_CHECK_MODULES([libnfnetlink], [libnfnetlink >= 1.0])
++  ])
++
++AM_CONDITIONAL([HAVE_LIBNFNETLINK], [test "x$enable_libnfnetlink" = "xyes"])
+ 
+ regular_CFLAGS="-Wall -Waggregate-return -Wmissing-declarations \
+ 	-Wmissing-prototypes -Wredundant-decls -Wshadow -Wstrict-prototypes \
+-- 
+1.7.9.5
+
diff --git a/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
new file mode 100644
index 0000000..7a003d9
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/0001-fix-build-with-musl.patch
@@ -0,0 +1,89 @@
+From 7c07b7fd4fdd7844dd032af822306f08e4422c34 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Mon, 6 Apr 2015 20:47:29 -0700
+Subject: [PATCH] fix build with musl
+
+Add needed headers they are just not needed for glibc6+ but also
+for musl
+Define additional TCOPTS if not there
+
+u_initX types are in sys/types.h be explicit about it
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ extensions/libxt_TCPOPTSTRIP.c           | 15 +++++++++++++++
+ include/libiptc/ipt_kernel_headers.h     | 12 ------------
+ include/linux/netfilter_ipv4/ip_tables.h |  1 +
+ 3 files changed, 16 insertions(+), 12 deletions(-)
+
+diff --git a/extensions/libxt_TCPOPTSTRIP.c b/extensions/libxt_TCPOPTSTRIP.c
+index 6897857..8a170b2 100644
+--- a/extensions/libxt_TCPOPTSTRIP.c
++++ b/extensions/libxt_TCPOPTSTRIP.c
+@@ -12,6 +12,21 @@
+ #ifndef TCPOPT_MD5SIG
+ #	define TCPOPT_MD5SIG 19
+ #endif
++#ifndef TCPOPT_MAXSEG
++#	define TCPOPT_MAXSEG 2
++#endif
++#ifndef TCPOPT_WINDOW
++#	define TCPOPT_WINDOW 3
++#endif
++#ifndef TCPOPT_SACK_PERMITTED
++#	define TCPOPT_SACK_PERMITTED 4
++#endif
++#ifndef TCPOPT_SACK
++#	define TCPOPT_SACK 5
++#endif
++#ifndef TCPOPT_TIMESTAMP
++#	define TCPOPT_TIMESTAMP 8
++#endif
+ 
+ enum {
+ 	O_STRIP_OPTION = 0,
+diff --git a/include/libiptc/ipt_kernel_headers.h b/include/libiptc/ipt_kernel_headers.h
+index 18861fe..a5963e9 100644
+--- a/include/libiptc/ipt_kernel_headers.h
++++ b/include/libiptc/ipt_kernel_headers.h
+@@ -5,7 +5,6 @@
+ 
+ #include <limits.h>
+ 
+-#if defined(__GLIBC__) && __GLIBC__ == 2
+ #include <netinet/ip.h>
+ #include <netinet/in.h>
+ #include <netinet/ip_icmp.h>
+@@ -13,15 +12,4 @@
+ #include <netinet/udp.h>
+ #include <net/if.h>
+ #include <sys/types.h>
+-#else /* libc5 */
+-#include <sys/socket.h>
+-#include <linux/ip.h>
+-#include <linux/in.h>
+-#include <linux/if.h>
+-#include <linux/icmp.h>
+-#include <linux/tcp.h>
+-#include <linux/udp.h>
+-#include <linux/types.h>
+-#include <linux/in6.h>
+-#endif
+ #endif
+diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
+index 57fd82a..4807246 100644
+--- a/include/linux/netfilter_ipv4/ip_tables.h
++++ b/include/linux/netfilter_ipv4/ip_tables.h
+@@ -15,6 +15,7 @@
+ #ifndef _IPTABLES_H
+ #define _IPTABLES_H
+ 
++#include <sys/types.h>
+ #include <linux/types.h>
+ 
+ #include <linux/netfilter_ipv4.h>
+-- 
+2.1.4
+
diff --git a/meta/recipes-extended/iptables/iptables/types.h-add-defines-that-are-required-for-if_packet.patch b/meta/recipes-extended/iptables/iptables/types.h-add-defines-that-are-required-for-if_packet.patch
new file mode 100644
index 0000000..24ee29e
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables/types.h-add-defines-that-are-required-for-if_packet.patch
@@ -0,0 +1,49 @@
+From 19593491f43b70c1a71c3b9b8f4ff4fd14500014 Mon Sep 17 00:00:00 2001
+From: Bruce Ashfield <bruce.ashfield@windriver.com>
+Date: Fri, 23 Mar 2012 14:27:20 -0400
+Subject: [PATCH] types.h: add defines that are required for if_packet.h
+
+The iptables local linux/types.h overrides the kernel/sysroot
+types.h. As such, we need to provide some defines that are required
+to build against 3.2+ kernel headers.
+
+ifndef protection is provided for the defines to ensure that
+configuration that already have these defines are still buildable.
+
+This commit is temporary until a new version of iptables can be
+used that contains the defines.
+
+This is similar to the commit in the iptables git repository:
+
+  https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=dbe77cc974cee656eae37e75039dd1a410a4535b
+
+Upstream-Status: Backport
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
+---
+ include/linux/types.h |   10 ++++++++++
+ 1 files changed, 10 insertions(+), 0 deletions(-)
+
+diff --git a/include/linux/types.h b/include/linux/types.h
+index 8b483c8..ebf6432 100644
+--- a/include/linux/types.h
++++ b/include/linux/types.h
+@@ -34,5 +34,15 @@ typedef __u64 __bitwise __be64;
+ typedef __u16 __bitwise __sum16;
+ typedef __u32 __bitwise __wsum;
+ 
++#ifndef __aligned_u64
++#define __aligned_u64 __u64 __attribute__((aligned(8)))
++#endif
++#ifndef __aligned_be64
++#define __aligned_be64 __be64 __attribute__((aligned(8)))
++#endif
++#ifndef __aligned_le64
++#define __aligned_le64 __le64 __attribute__((aligned(8)))
++#endif
++
+ #endif /*  __ASSEMBLY__ */
+ #endif /* _LINUX_TYPES_H */
+-- 
+1.7.0.4
+
diff --git a/meta/recipes-extended/iptables/iptables_1.4.21.bb b/meta/recipes-extended/iptables/iptables_1.4.21.bb
new file mode 100644
index 0000000..31c017b
--- /dev/null
+++ b/meta/recipes-extended/iptables/iptables_1.4.21.bb
@@ -0,0 +1,47 @@
+SUMMARY = "Tools for managing kernel packet filtering capabilities"
+DESCRIPTION = "iptables is the userspace command line program used to configure and control network packet \
+filtering code in Linux."
+HOMEPAGE = "http://www.netfilter.org/"
+BUGTRACKER = "http://bugzilla.netfilter.org/"
+LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://COPYING;md5=b234ee4d69f5fce4486a80fdaf4a4263\
+                    file://iptables/iptables.c;beginline=13;endline=25;md5=c5cffd09974558cf27d0f763df2a12dc"
+
+RRECOMMENDS_${PN} = "kernel-module-x-tables \
+                     kernel-module-ip-tables \
+                     kernel-module-iptable-filter \
+                     kernel-module-iptable-nat \
+                     kernel-module-nf-defrag-ipv4 \
+                     kernel-module-nf-conntrack \
+                     kernel-module-nf-conntrack-ipv4 \
+                     kernel-module-nf-nat \
+                     kernel-module-ipt-masquerade"
+FILES_${PN} =+ "${libdir}/xtables/ ${datadir}/xtables"
+FILES_${PN}-dbg =+ "${libdir}/xtables/.debug"
+
+SRC_URI = "http://netfilter.org/projects/iptables/files/iptables-${PV}.tar.bz2 \
+           file://types.h-add-defines-that-are-required-for-if_packet.patch \
+           file://0001-configure-Add-option-to-enable-disable-libnfnetlink.patch \
+           file://0001-fix-build-with-musl.patch \
+          "
+
+SRC_URI[md5sum] = "536d048c8e8eeebcd9757d0863ebb0c0"
+SRC_URI[sha256sum] = "52004c68021da9a599feed27f65defcfb22128f7da2c0531c0f75de0f479d3e0"
+
+inherit autotools pkgconfig
+
+EXTRA_OECONF = "--with-kernel=${STAGING_INCDIR} \
+               "
+PACKAGECONFIG ?= "${@bb.utils.contains('DISTRO_FEATURES', 'ipv6', 'ipv6', '', d)} \
+                 "
+
+PACKAGECONFIG[ipv6] = "--enable-ipv6,--disable-ipv6,"
+
+# libnfnetlink recipe is in meta-networking layer
+PACKAGECONFIG[libnfnetlink] = "--enable-libnfnetlink,--disable-libnfnetlink,libnfnetlink"
+
+do_configure_prepend() {
+	# Remove some libtool m4 files
+	# Keep ax_check_linker_flags.m4 which belongs to autoconf-archive.
+	rm -f libtool.m4 lt~obsolete.m4 ltoptions.m4 ltsugar.m4 ltversion.m4
+}