Yes, you can easily list all iptables rules using the following commands on Linux:
1) iptables command – IPv4 netfilter admin tool to display iptables firewall rules.
2) ip6tables command – IPv6 netfilter admin tool to show rules.
How to list all iptables rules on Linux
The procedure to list all rules on Linux is as follows:
- Open the terminal app or login using ssh:
ssh user@server-name - To list all IPv4 rules :
sudo iptables -S - To list all IPv6 rules :
sudo ip6tables -S - To list all tables rules :
sudo iptables -L -v -n | more - To list all rules for INPUT tables :
sudo iptables -L INPUT -v -n
sudo iptables -S INPUT
Let us see all syntax and usage in details to show and list all iptables rules on Linux operating systems.
Viewing all iptables rules in Linux
The syntax is:
iptables -S iptables --list iptables -L iptables -S TABLE_NAME iptables --table NameHere --list iptables -t NameHere -L -n -v --line-numbers
Print all rules in the selected chain
sudo iptables -S
sudo iptables -S INPUT
iptables -S OUTPUT
How to list rules for given tables
Type the following command as root user:
# iptables -L INPUT
# iptables -L FORWARD
# iptables -L OUTPUT
# iptables -L
Sample outputs:
target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:bootps ACCEPT udp -- anywhere anywhere udp dpt:bootps ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere ..... .. .. Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere Chain ufw-user-logging-forward (0 references) target prot opt source destination Chain ufw-user-logging-input (0 references) target prot opt source destination Chain ufw-user-logging-output (0 references) target prot opt source destination Chain ufw-user-output (1 references) target prot opt source destination
Let us try to understand rules:
- target – Tell what to down when a packet matches the rule.
- prot – The protocol for rule.
- opt – Additional options for rule.
- source – The source IP address/subnet/domain name.
- destination – The destination IP address/subnet/domain name.
How to see nat rules:
By default the filter table is used. To see NAT rules, enter:
# iptables -t nat -L
Other table options:
# iptables -t filter -L
# iptables -t raw -L
# iptables -t security -L
# iptables -t mangle -L
# iptables -t nat -L
How to see nat rules with line numbers:
Pass the --line-numbers option:
# iptables -t nat -L --line-numbers -n
Sample outputs:
Chain PREROUTING (policy ACCEPT 28M packets, 1661M bytes) num pkts bytes target prot opt in out source destination 1 0 0 DNAT tcp -- eth0 * 10.10.29.68 0.0.0.0/0 tcp dpt:3306 to:10.0.3.19:3306 2 0 0 DNAT tcp -- eth0 * 10.10.29.68 0.0.0.0/0 tcp dpt:11211 to:10.0.3.20:11211 3 0 0 DNAT udp -- eth0 * 10.10.29.68 0.0.0.0/0 udp dpt:11211 to:10.0.3.20:11211 Chain INPUT (policy ACCEPT 18M packets, 1030M bytes) num pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 23M packets, 1408M bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 33M packets, 1979M bytes) num pkts bytes target prot opt in out source destination 1 38927 2336K MASQUERADE all -- * * 10.0.3.0/24 !10.0.3.0/24 2 0 0 MASQUERADE all -- * * 10.0.3.0/24 !10.0.3.0/24
How to see nat rules with counters (bytes and packets)
Pass the -v option to iptables command to view all iptables rules on Linux:
# iptables -t nat -L -n -v
Sample outputs:
Fig.01: Linux viewing all iptables NAT, DNAT, MASQUERADE rules
Say hello to ip6tables
ip6tables is administration tool for IPv6 packet filtering and NAT. To see IPv6 tables, enter:
# ip6tables -L -n -v
Chain INPUT (policy DROP 239 packets, 16202 bytes) pkts bytes target prot opt in out source destination 136K 30M ufw6-before-logging-input all * * ::/0 ::/0 136K 30M ufw6-before-input all * * ::/0 ::/0 241 16360 ufw6-after-input all * * ::/0 ::/0 239 16202 ufw6-after-logging-input all * * ::/0 ::/0 239 16202 ufw6-reject-input all * * ::/0 ::/0 239 16202 ufw6-track-input all * * ::/0 ::/0 Chain FORWARD (policy DROP 483 packets, 32628 bytes) pkts bytes target prot opt in out source destination 483 32628 ufw6-before-logging-forward all * * ::/0 ::/0 483 32628 ufw6-before-forward all * * ::/0 ::/0 483 32628 ufw6-after-forward all * * ::/0 ::/0 483 32628 ufw6-after-logging-forward all * * ::/0 ::/0 483 32628 ufw6-reject-forward all * * ::/0 ::/0 483 32628 ufw6-track-forward all * * ::/0 ::/0 Chain OUTPUT (policy ACCEPT 122 packets, 8555 bytes) pkts bytes target prot opt in out source destination 136K 30M ufw6-before-logging-output all * * ::/0 ::/0 136K 30M ufw6-before-output all * * ::/0 ::/0 183 14107 ufw6-after-output all * * ::/0 ::/0 183 14107 ufw6-after-logging-output all * * ::/0 ::/0 183 14107 ufw6-reject-output all * * ::/0 ::/0 183 14107 ufw6-track-output all * * ::/0 ::/0 Chain ufw6-after-forward (1 references) pkts bytes target prot opt in out source destination ... .... .. pkts bytes target prot opt in out source destination 19 1520 ACCEPT tcp * * ::/0 ::/0 ctstate NEW 42 4032 ACCEPT udp * * ::/0 ::/0 ctstate NEW Chain ufw6-user-forward (1 references) pkts bytes target prot opt in out source destination Chain ufw6-user-input (1 references) pkts bytes target prot opt in out source destination Chain ufw6-user-limit (0 references) pkts bytes target prot opt in out source destination 0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] " 0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable Chain ufw6-user-limit-accept (0 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all * * ::/0 ::/0 Chain ufw6-user-logging-forward (0 references) pkts bytes target prot opt in out source destination Chain ufw6-user-logging-input (0 references) pkts bytes target prot opt in out source destination Chain ufw6-user-logging-output (0 references) pkts bytes target prot opt in out source destination Chain ufw6-user-output (1 references) pkts bytes target prot opt in out source destination
To see nat rules and line-numbers, enter:
# ip6tables -L -n -v -t nat --line-numbers
Conclusion
You learned how to display, filter and list all iptables rules on Linux system using the CLI. See iptables man pages by typing the following man command:
$ man iptables
$ man ip6tables
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 4 comments... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Thanks you it saved me tons of time.
I was looking to display the iptables rules in the table view as I needed to compare different rules against each other. It solved my problem
iptables -L
Gracias
Yehh, thank you
Yes, I wanted to list and delete my iptables firewall rules. this was very useful.