Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?
A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.
To check the status of your firewall and all rules, enter:
# iptables -L -n
OR
$ sudo iptables -L -n
Output:
Chain INPUT (policy ACCEPT) target prot opt source destination droplist all -- 0.0.0.0/0 0.0.0.0/0 droplist all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 66.228.118.0/23 0.0.0.0/0 DROP all -- 213.240.4.233 0.0.0.0/0 DROP all -- 75.126.132.23 0.0.0.0/0 DROP all -- 80.58.205.35 0.0.0.0/0 ..... ... ..... DROP all -- 91.200.56.0/22 0.0.0.0/0 LOG all -- 91.200.72.0/22 0.0.0.0/0 LOG flags 0 level 4 prefix `DROP List Block' DROP all -- 91.200.72.0/22 0.0.0.0/0
The –line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule’s position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers
🐧 7 comments so far... add one ↓
Linux: Iptables List and Show All NAT IPTables Rules Command
How to save iptables firewall rules permanently on Linux
How to list all iptables rules with line numbers on Linux
How to add comments to iptables rules on Linux
Ubuntu Linux Save / Restore Iptables Rules
How Do I Save Iptables Rules or Settings?
Linux bash exit status and how to set exit status in bash
| Category | List of Unix and Linux commands |
|---|---|
| Disk space analyzers | df • ncdu • pydf |
| File Management | cat • tree |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | NetHogs • dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Great!! Thank you for the command this was really usefull!
-A FWR -p tcp -m tcp –dport 80 -j ACCEPT
I can someone tell me what the FWR stands for and/or mean?
Thanks.
FWR : FireWall Rule, it meens you have to precise the rule you want to setup : INPUT, for ingoing ports, or OUTPUT, for outgoing ports.
iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
PLs can u tell me what the “-t” stands for?
The -t option specifies the packet matching table which the command should operate on.
This is great.
I just installed an app where I need to figure out how to change input_ports so that I connect to the app on a NAT-d server.
All this seems very confusing.
hi how can i add to the firewall and ip adress like that one ACCEPT 66.228.118.0/23
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — 66.228.118.0/23 0.0.0.0/0
Thanks