17.2. Differences between iptables and ipchains

At first glance, ipchains and iptables appear to be quite similar. Both methods of packet filtering use chains of rules operating within the Linux kernel to decide what to do with packets that match the specified rule or set of rules. However, iptables offers a more extensible way of filtering packets, giving the administrator a greater amount of control without building a great deal of complexity into the system.

Specifically, users comfortable with ipchains should be aware of the following significant differences between ipchains and iptables before attempting to use iptables:

This is not a comprehensive list of the changes, given that iptables is a fundamentally rewritten network filter. For more specific information, refer to the Linux 2.4 Packet Filtering HOWTO found in Section 17.7 Additional Resources.