Arch Linux comes with two options for managing a firewall, neither of which is enabled automatically. The stock Linux kernel includes the netfilter packet filtering framework which can be managed by either of the following:
- nftables is the modern Linux kernel packet classification framework that replaces the iptables framework. It combines a simple syntax with feature parity and performance benefits over iptables.
- iptables is the legacy userspace utility for managing a firewall. Configuration may be managed directly through the userspace utilities or by installing one of several GUI configuration tools.