Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?
A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.
To check the status of your firewall and all rules, enter:
# iptables -L -n
OR
$ sudo iptables -L -n
Output:
Chain INPUT (policy ACCEPT) target prot opt source destination droplist all -- 0.0.0.0/0 0.0.0.0/0 droplist all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT all -- 66.228.118.0/23 0.0.0.0/0 DROP all -- 213.240.4.233 0.0.0.0/0 DROP all -- 75.126.132.23 0.0.0.0/0 DROP all -- 80.58.205.35 0.0.0.0/0 ..... ... ..... DROP all -- 91.200.56.0/22 0.0.0.0/0 LOG all -- 91.200.72.0/22 0.0.0.0/0 LOG flags 0 level 4 prefix `DROP List Block' DROP all -- 91.200.72.0/22 0.0.0.0/0
The –line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule’s position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 7 comments... add one ↓
How to list all iptables rules with line numbers on Linux- Linux Network IP Accounting
CentOS / Redhat Iptables Firewall Configuration Tutorial
How To Set Up PF Firewall on FreeBSD to Protect a Web Server
psad: Linux Detect And Block Port Scan Attacks In Real Time
How to install Composer on Debian / Ubuntu Linux
Iptables Drop IP Address
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Great!! Thank you for the command this was really usefull!
-A FWR -p tcp -m tcp –dport 80 -j ACCEPT
I can someone tell me what the FWR stands for and/or mean?
Thanks.
FWR : FireWall Rule, it meens you have to precise the rule you want to setup : INPUT, for ingoing ports, or OUTPUT, for outgoing ports.
iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
PLs can u tell me what the “-t” stands for?
The -t option specifies the packet matching table which the command should operate on.
This is great.
I just installed an app where I need to figure out how to change input_ports so that I connect to the app on a NAT-d server.
All this seems very confusing.
hi how can i add to the firewall and ip adress like that one ACCEPT 66.228.118.0/23
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — 66.228.118.0/23 0.0.0.0/0
Thanks