Why use Netfilter. Easier to write a secure ruleset. Drastically improved NAT. Because it sucks less overall.