For me, there's more likelihood I'd mess up an iptables configuration and leave a glaring hole for things leak through. With portmaster I have most apps on prompt by default so I get to evaluate things & add more rules on a per-app per-connection basis that I could never handle with iptables.