Linux Firewall: Display Status and Rules of Iptables Firewall

Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?

A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.

To check the status of your firewall and all rules, enter:
# iptables -L -n
OR
$ sudo iptables -L -n
Output:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
droplist   all  --  0.0.0.0/0            0.0.0.0/0
droplist   all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  66.228.118.0/23      0.0.0.0/0
DROP       all  --  213.240.4.233        0.0.0.0/0
DROP       all  --  75.126.132.23        0.0.0.0/0
DROP       all  --  80.58.205.35         0.0.0.0/0
.....
...
.....
DROP       all  --  91.200.56.0/22       0.0.0.0/0
LOG        all  --  91.200.72.0/22       0.0.0.0/0           LOG flags 0 level 4 prefix `DROP List Block'
DROP       all  --  91.200.72.0/22       0.0.0.0/0

The --line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule's position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers

Featured Articles:

Share this with other sys admins!
Facebook it - Tweet it - Print it -

Linux Firewall: Display Status and Rules of Iptables Firewall

Featured Articles:

Related FAQs