Technically you don't compile iptables into the kernel.. you compile the Netfilter packet filtering modules into the kernel and iptables is an interface to those modules.
The reason you have to do this is because packet filtering is a low level job that has to be done in kernel mode before the packets are passed up to any application. You should think of netfilter as something similar to a device driver in the windows world, it talks more or less directly to the hardware and gives you an interface to control it.
I hope that clears it up
Re: what is the need of compiling the iptables in linux kernel
12 years 6 months ago #12431
The newest 2.4.x kernels are now using both a completely new TCP/IP network stack as well as a new NAT sub-system called NetFilter.
Within this NetFilter suite of tools, we now have a tool called IPTABLES for the 2.4.x kernels much like there was IPCHAINS for the 2.2.x kernels and IPFWADM for the 2.0.x kernels.
The new IPTABLES system is far more powerful (combines several functions into one place like true NAT functionality), offers better security (stateful inspection), and better performance with the new 2.4.x TCP/IP stack.
Finally!!!!!!!!!!! this new suite of tools can be a bit complicated in comparison to older generation kernels.