From ArchWiki

Arch Linux comes with two options for managing a firewall, neither of which is enabled automatically. The stock Linux kernel includes the netfilter packet filtering framework which can be managed by either of the following:

  • iptables is the traditional userspace utility for managing a firewall. Configuration may be managed directly through the userspace utilities or by installing one of several GUI configuration tools.
  • nftables is a newer project that replaces the iptables framework. It combines a simple syntax with feature parity and performance benefits over iptables.