I forgot to add this on my recent kernel howtos but those using apf on the new kernels and getting ipt_state error, since 2.6.15 they changed the name of them kernel modules and apf does not recognize them. Do not enable monokern as some people suggest, this will screw up your passive ftp and will not work good. To fix this problem simply edit the apf.conf as shown below.
nano -w /etc/apf/internals/functions.apf
ml ipt_state 1
ml ipt_multiport 1
Start or restart apf and all should be fine