ipchains and iptables use chains of rules that operate within the Linux kernel to filter packets based on matches with specified rules or rule sets. However, iptables offers a more extensible way of filtering packets, giving the administrator greater control without building undue complexity into the system.
ipchains and iptables:
iptables, each filtered packet is processed using rules from only one chain rather than multiple chains.ipchains would have to go through the INPUT, FORWARD, and OUTPUT chains to continue to its destination. However, iptables only sends packets to the INPUT chain if they are destined for the local system, and only sends them to the OUTPUT chain if the local system generated the packets. It is therefore important to place the rule designed to catch a particular packet within the chain that actually handles the packet.
ipchains, packets that matched a rule in a chain could be directed to the DENY target. This target must be changed to DROP in iptables.
ipchains, the order of the rule options does not matter.
iptables command has a stricter syntax. The iptables command requires that the protocol (ICMP, TCP, or UDP) be specified before the source or destination ports.
-i option) can only be used in INPUT or FORWARD chains. Similarly, outgoing interfaces (-o option) can only be used in FORWARD or OUTPUT chains.