Differences between iptables and ipchains

At first glance, ipchains and iptables appear to be quite similar. After all, both methods of packet filtering use chains of rules operating within the Linux kernel to decide not only which packets to let in or out, but also what to do with packets that match certain rules. However, iptables offers a much more extensible way of filtering packets, giving the administrator a greater amount of control without building too much complexity into the entire system.

Specifically, users comfortable with ipchains should be aware of the following significant differences between ipchains and iptables before attempting to use iptables:

This is by no means a comprehensive list of the changes, given that iptables represents a fundamentally rewritten network filter in use with the kernel. For more specific information, consult the Linux 2.4 Packet Filtering HOWTO and the sources found in the Section called Additional Resources.