Linux Firewall: Display Status and Rules of Iptables Firewall

Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?

A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.

To check the status of your firewall and all rules, enter:
# iptables -L -n
$ sudo iptables -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
droplist   all  --             
droplist   all  --             
ACCEPT     all  --             
ACCEPT     all  --             
ACCEPT     all  --           
DROP       all  --           
DROP       all  --           
DROP       all  --    
DROP       all  --           
LOG        all  --           LOG flags 0 level 4 prefix `DROP List Block' 
DROP       all  --           

The –line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule’s position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 7 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
7 comments… add one
  • Jorge Mar 1, 2013 @ 6:55

    Great!! Thank you for the command this was really usefull!

  • framcis Oct 25, 2014 @ 1:20

    -A FWR -p tcp -m tcp –dport 80 -j ACCEPT

    I can someone tell me what the FWR stands for and/or mean?


  • Flo Oct 30, 2014 @ 13:20

    FWR : FireWall Rule, it meens you have to precise the rule you want to setup : INPUT, for ingoing ports, or OUTPUT, for outgoing ports.

  • Edon Jun 13, 2015 @ 0:04

    iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
    PLs can u tell me what the “-t” stands for?

    • 🐧 Vivek Gite Jun 13, 2015 @ 3:05

      The -t option specifies the packet matching table which the command should operate on.

  • richardskumat Nov 20, 2015 @ 15:38

    This is great.
    I just installed an app where I need to figure out how to change input_ports so that I connect to the app on a NAT-d server.

    All this seems very confusing.

  • ningi Nov 27, 2015 @ 23:34

    hi how can i add to the firewall and ip adress like that one ACCEPT

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all —


Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum