Iptables
Deprecation
iptables is a legacy framework, nftables aims to provide a modern replacement including a compatibility layer.
It's still installed as dependency of the base meta package, but it seems it is not used in a current Arch Desktop system (as of 2025-10)
Solution: Install the iptables-nft package:
pacman -S iptables-nft
Packages that still depend on iptables
- iproute2
- dependency of the base meta package and provides the ip(8) command-line interface
- podman
❯ pactree -r iptables
iptables
├─iproute2
│ ├─base
│ │ └─manjaro-system
│ ├─dhclient
│ ├─networkmanager
│ │ └─network-manager-applet
│ └─vpnc
│ └─openconnect
│ └─globalprotect-openconnect
└─podman
├─podman-compose
└─podman-docker
sudo pacman -R iptables
checking dependencies...
error: failed to prepare transaction (could not satisfy dependencies)
:: removing iptables breaks dependency 'libxtables.so=12-64' required by iproute2
:: removing iptables breaks dependency 'iptables' required by podman
Usage
List rules
sudo iptables -nvL
Etc
Linux Iptables allow or block ICMP ping request
Drop incoming pings:
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP
Remove rule:
How to List and Delete iptables Firewall Rules
iptables -D INPUT -p icmp --icmp-type echo-request -j ACCEPT
Log remaining packets
How to Log Linux IPTables Firewall Dropped Packets to a Log File
i.e. Log All Dropped Input Packets
iptables -N LOGGING
iptables -A INPUT -j LOGGING
iptables -A LOGGING -m limit --limit 2/min \
-j LOG --log-prefix "IPTables-Dropped: " --log-level 4
iptables -A LOGGING -j DROP
Show all IPv4 NAT rules
iptables -L -n -v -t nat