diff --git a/iptables-1.2.11-free.patch b/iptables-1.2.11-free.patch
new file mode 100644
index 0000000..7787867
--- /dev/null
+++ b/iptables-1.2.11-free.patch
@@ -0,0 +1,18 @@
+--- iptables-1.2.11/iptables.c.free	2004-08-25 19:10:34.098917816 +0200
++++ iptables-1.2.11/iptables.c	2004-08-25 19:12:42.366228649 +0200
+@@ -2344,11 +2344,11 @@
+ 		e = NULL;
+ 	}
+ 
+-	for (c = 0; c < nsaddrs; c++)
+-		free(&saddrs[c]);
++	/* free the whole array - allocated with calloc */
++	free(saddrs);
+ 
+-	for (c = 0; c < ndaddrs; c++)
+-		free(&daddrs[c]);
++	/* free the whole array - allocated with calloc */
++	free(daddrs);
+ 
+ 	if (opts != original_opts) {
+ 		free(opts);
diff --git a/iptables.spec b/iptables.spec
index eab1103..82313a1 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -4,7 +4,7 @@
 Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities.
 Version: 1.2.11
-Release: 1
+Release: 2
 Source: http://www.netfilter.org/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -15,6 +15,7 @@ Patch2: iptables-1.2.8-nolibnsl.patch
 Patch4: iptables-1.2.9-netlink.patch
 Patch5: iptables-1.2.9-selinux.patch
 Patch6: iptables-1.2.10-counters.patch
+Patch7: iptables-1.2.11-free.patch
 Group: System Environment/Base
 URL: http://www.netfilter.org/
 BuildRoot: %{_tmppath}/%{name}-buildroot
@@ -70,6 +71,7 @@ cd ..
 %patch4 -p1 -b .netlink
 %patch5 -p1 -b .selinux
 %patch6 -p1 -b .counters
+%patch7 -p1 -b .free
 
 # Put it to a reasonable place
 find . -type f -exec perl -pi -e "s,/usr/local,%{prefix},g" {} \;
@@ -144,6 +146,9 @@ fi
 %endif
 
 %changelog
+* Wed Aug 25 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-2
+- fixed free bug in iptables (#128322)
+
 * Tue Jun 22 2004 Thomas Woerner <twoerner@redhat.com> 1.2.11-1
 - new version 1.2.11