Screaming Penguin - Source Does Matter

For those of us whom are still using ipchains this months LJ has a very welcome article about converting to the new iptables (which uses the netfilter kernel module.)

The newer distros all use iptables and its an all or nothing proposition. You cant run ipchains and iptables simultaneously (at least thats what I hear, I havent even tried iptables yet.)

iptables does have several distinct advantages over ipchains but as the old saying goes, "if it aint broke . . .."

If you require stateful packet inspection (which is pretty darn cool) or simply want to catch up to the times, take a look at the linked LJ article which explains iptables and explicity how to convert your rules (and of course use some of the new stuff.)
  Taming the wild Netfilter: LinuxJournal