There's a number of diagrams around the Internet illustrating the path packets take through the Linux kernel, including the various firewall modules, that's quite helpful in understanding which rules should go in which table. Here's one that's not bad: <http://www.linuxhomenetworking.com/wiki/index.php/Quick_HOWTO_:_Ch14_:_Linux_Firewalls_Using_iptables#Figure_14-1_Iptables_Packet_Flow_Diagram> The box labeled "Local Processing of Data" is where packets that are created by the firewall's applications originate. Does anyone have a better diagram? How about one that shows the policy routing system?