diff --git a/0006-libxtables-Fix-unsupported-extension-warning-corner-.patch b/0006-libxtables-Fix-unsupported-extension-warning-corner-.patch
new file mode 100644
index 0000000..f76f38d
--- /dev/null
+++ b/0006-libxtables-Fix-unsupported-extension-warning-corner-.patch
@@ -0,0 +1,91 @@
+From 18fda96510a8e518e22523843050b824fa97cf2c Mon Sep 17 00:00:00 2001
+From: Phil Sutter <phil@nwl.cc>
+Date: Thu, 30 Jun 2022 18:04:39 +0200
+Subject: [PATCH] libxtables: Fix unsupported extension warning corner case
+
+Some extensions are not supported in revision 0 by user space anymore,
+for those the warning in xtables_compatible_revision() does not print as
+no revision 0 is tried.
+
+To fix this, one has to track if none of the user space supported
+revisions were accepted by the kernel. Therefore add respective logic to
+xtables_find_{target,match}().
+
+Note that this does not lead to duplicated warnings for unsupported
+extensions that have a revision 0 because xtables_compatible_revision()
+returns true for them to allow for extension's help output.
+
+For the record, these ip6tables extensions are affected: set/SET,
+socket, tos/TOS, TPROXY and SNAT. In addition to that, TEE is affected
+for both families.
+
+Fixes: 17534cb18ed0a ("Improve error messages for unsupported extensions")
+Signed-off-by: Phil Sutter <phil@nwl.cc>
+(cherry picked from commit 552c4a2f9e5706fef5f7abb27d1492a78bbb2a37)
+---
+ libxtables/xtables.c | 14 ++++++++++++++
+ 1 file changed, 14 insertions(+)
+
+diff --git a/libxtables/xtables.c b/libxtables/xtables.c
+index 96fd783a066cf..7abc63bcfd83e 100644
+--- a/libxtables/xtables.c
++++ b/libxtables/xtables.c
+@@ -773,6 +773,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
+ 	struct xtables_match *ptr;
+ 	const char *icmp6 = "icmp6";
+ 	bool found = false;
++	bool seen = false;
+ 
+ 	if (strlen(name) >= XT_EXTENSION_MAXNAMELEN)
+ 		xtables_error(PARAMETER_PROBLEM,
+@@ -791,6 +792,7 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
+ 		if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
+ 			ptr = *dptr;
+ 			*dptr = (*dptr)->next;
++			seen = true;
+ 			if (!found &&
+ 			    xtables_fully_register_pending_match(ptr, prev)) {
+ 				found = true;
+@@ -804,6 +806,11 @@ xtables_find_match(const char *name, enum xtables_tryload tryload,
+ 		dptr = &((*dptr)->next);
+ 	}
+ 
++	if (seen && !found)
++		fprintf(stderr,
++			"Warning: Extension %s is not supported, missing kernel module?\n",
++			name);
++
+ 	for (ptr = xtables_matches; ptr; ptr = ptr->next) {
+ 		if (extension_cmp(name, ptr->name, ptr->family)) {
+ 			struct xtables_match *clone;
+@@ -896,6 +903,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
+ 	struct xtables_target **dptr;
+ 	struct xtables_target *ptr;
+ 	bool found = false;
++	bool seen = false;
+ 
+ 	/* Standard target? */
+ 	if (strcmp(name, "") == 0
+@@ -914,6 +922,7 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
+ 		if (extension_cmp(name, (*dptr)->name, (*dptr)->family)) {
+ 			ptr = *dptr;
+ 			*dptr = (*dptr)->next;
++			seen = true;
+ 			if (!found &&
+ 			    xtables_fully_register_pending_target(ptr, prev)) {
+ 				found = true;
+@@ -927,6 +936,11 @@ xtables_find_target(const char *name, enum xtables_tryload tryload)
+ 		dptr = &((*dptr)->next);
+ 	}
+ 
++	if (seen && !found)
++		fprintf(stderr,
++			"Warning: Extension %s is not supported, missing kernel module?\n",
++			name);
++
+ 	for (ptr = xtables_targets; ptr; ptr = ptr->next) {
+ 		if (extension_cmp(name, ptr->name, ptr->family)) {
+ 			struct xtables_target *clone;
+-- 
+2.34.1
+
diff --git a/iptables.spec b/iptables.spec
index 735f9fb..30558d0 100644
--- a/iptables.spec
+++ b/iptables.spec
@@ -16,7 +16,7 @@ Name: iptables
 Summary: Tools for managing Linux kernel packet filtering capabilities
 URL: https://www.netfilter.org/projects/iptables
 Version: 1.8.8
-Release: 3%{?dist}
+Release: 4%{?dist}
 Source: %{url}/files/%{name}-%{version}.tar.bz2
 Source1: iptables.init
 Source2: iptables-config
@@ -34,6 +34,7 @@ Patch02: 0002-extensions-SECMARK-Use-a-better-context-in-test-case.patch
 Patch03: 0003-xshared-Fix-build-for-Werror-format-security.patch
 Patch04: 0004-tests-shell-Check-overhead-in-iptables-save-and-rest.patch
 Patch05: 0005-arptables-Support-x-exact-flag.patch
+Patch06: 0006-libxtables-Fix-unsupported-extension-warning-corner-.patch
 
 # pf.os: ISC license
 # iptables-apply: Artistic 2.0
@@ -449,6 +450,9 @@ fi
 %ghost %{_mandir}/man8/ebtables.8.gz
 
 %changelog
+* Tue Jul 05 2022 Phil Sutter <psutter@redhat.com> - 1.8.8-4
+- libxtables: Fix unsupported extension warning corner case
+
 * Wed Jun 08 2022 Phil Sutter <psutter@redhat.com> - 1.8.8-3
 - arptables: Support -x/--exact flag