Arch Linux developers have recently announced a significant change regarding the iptables toolkit. The decision has been made to switch to the nft backend, which converts rules into nftables bytecode. While users still have the option to use the classic toolkit, the iptables-nft package is now the default choice, offering utilities with the same command line syntax. Furthermore, the iptables-nft package has been renamed to simply iptables, while the package containing the classic iptables has been renamed to iptables-legacy.
This transition is not expected to have a major impact on most systems. However, it may cause disruptions in functionality related to unusual xtables extensions and behaviors specific to the old iptables. In order to restore rules after the replacement of the iptables implementation, users are advised to review the files /etc/iptables/iptables.rules.pacsave and /etc/iptables/ip6tables.rules.pacsave. It is recommended that users carefully assess the performance of their firewall rules and consider reverting to the iptables-legacy package if needed.