don't forget that throughput is affected by how many rules a packet is inspected against... and in FORWARD all packets part of a stream r seen... a flat structure is wrong by any standards, performance and maintenance also... dunno if nf-hipac at netfilter.org has the relevant lit, but on the original nf-hipac site, u have extensive data on how the number of rules affects throughput.
