iptables tutorial - nat

[Peteris Krumins]

Hello,

I was just taking a look over the iptables tutorial again
(http://www.netfilter.org/documentation/tutorials/blueflux/iptables-
tutorial.html)
and i noticed:

(talking about packet travelling throught the kernel)

nat - prerouting/postrouting (forward) prerouting (input) and postrouting
(output)

'It is suggested that you don't do filtering here since it can have
sideeffects, and certain packets might slip through even though you set a
default policy of DROP'

I am interested in what sideeffects and under what circumstanes a packet
can slip through nat table even if i DROP it.

P.Krumins