IPTables This is a quick drawing to explain how Linux IPTables interact, and showing the difference between an IPSec VPN and an OpenVPN vpn. IPTables 'chains' are in green, and the tables which make up each chain is in blue.
Note that the IPSec end encode/decode processes change packets. For instance, an incoming packet from an IPSec VPN appears in the prerouting chain with source and destination addresses of the IPSec end-points, but by the time it gets to the forward or input chains the source and destination addresses have been changed. This can cause false positives in the filter tables.