Or I have to recompile the 2.4.0 Kernel with ipchains support?
The SuSE kernel does have support for ipchains, and it is recommended to configure a kernel to have this backwards compatibility.
To clarify this, Kernel 2.4 has something called netfilter which actually does packet filtering. To actually use it, you have a choice of packages offering user space commands, which talk to netfilter via loadable modules : iptables - latest and greatest ipchains - 2.2 comp ipfwadm - 2.0 compat These modules cannot be run simulataneously however. If you compile them into a kernel, only one is selectable. So to use the connection tracking of iptables, scripts like SuSE Firewall have to be updated to run with iptables, there's no way of mixing and matching features. Hope this helps (PS. Linux Magazine had a good article on this recently) Regards Rob