Hello everyone. I have been browsing the forums for threads concerning the difference between iptables and ipchains, but alas i have not found a thread that actually answered this question. Also the posts concerning this issue are very old, so i decided to point out the differences between the two.

Differences between IPTABLES and IPCHAINS.

1 - The name of the built in chains in ipchains have to be written with lowercase, and in iptables with uppercase letters, because under iptables the INPUT and the OUTPUT chains only handle packets which have local destinations, and are processed localy. Under ipchains, all incomming and outgoing packets go through the Input, Output, and forward chains.

2 - The -i option is the input interface and works only with the INPUT and the FORWARD chains. For rules using the FORWARD or the OUTPUT chain, you must use -o.

3 - TCP and UDP ports using iptables must include the --source-port or --sport (or --destination-port/--dport) options, since this is the only way to load the TCP/UDP extensions.

4 - The TCP-Flag -y became in iptables --syn and must go after the -p tcp in the rules that you setup.

5 - The DENY target under ipchains, is called DROP for iptables.

6 - The counters of single chains when listing, can be set to 0 in iptables.

7 - The included counters within iptables, if set to 0 can also empty the policy counters.

8 - When listing the chains in iptables, the counters are displayed in real time.

9 - REJECT and LOG under iptables are extra implementations, which means that they are present as seperate kernel modules.

10 - The name of a chain when using iptables can be upto 31 characters long.

11 - The target MASQ is called MASQUERADE in iptables, and also there is a slight change in syntax compared to ipchains. REDIRECT also has a slightly different syntax, although the name stays the same.


If i have missed anything here, please add it to the list.

Cheers.