≡ Menu

Linux Firewall: Display Status and Rules of Iptables Firewall

Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?

A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.

To check the status of your firewall and all rules, enter:
# iptables -L -n
OR
$ sudo iptables -L -n
Output:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
droplist   all  --  0.0.0.0/0            0.0.0.0/0           
droplist   all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  66.228.118.0/23      0.0.0.0/0           
DROP       all  --  213.240.4.233        0.0.0.0/0           
DROP       all  --  75.126.132.23        0.0.0.0/0           
DROP       all  --  80.58.205.35         0.0.0.0/0    
.....
...
.....
DROP       all  --  91.200.56.0/22       0.0.0.0/0           
LOG        all  --  91.200.72.0/22       0.0.0.0/0           LOG flags 0 level 4 prefix `DROP List Block' 
DROP       all  --  91.200.72.0/22       0.0.0.0/0           

The –line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule’s position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers

Share this tutorial on:

Your support makes a big difference:
I have a small favor to ask. More people are reading the nixCraft. Many of you block advertising which is your right, and advertising revenues are not sufficient to cover my operating costs. So you can see why I need to ask for your help. The nixCraft, takes a lot of my time and hard work to produce. If you use nixCraft, who likes it, helps me with donations:
Become a Supporter →    Make a contribution via Paypal/Bitcoin →   

Don't Miss Any Linux and Unix Tips

Get nixCraft in your inbox. It's free:



{ 7 comments… add one }
  • Jorge March 1, 2013, 6:55 am

    Great!! Thank you for the command this was really usefull!

  • framcis October 25, 2014, 1:20 am

    -A FWR -p tcp -m tcp –dport 80 -j ACCEPT

    I can someone tell me what the FWR stands for and/or mean?

    Thanks.

  • Flo October 30, 2014, 1:20 pm

    FWR : FireWall Rule, it meens you have to precise the rule you want to setup : INPUT, for ingoing ports, or OUTPUT, for outgoing ports.

  • Edon June 13, 2015, 12:04 am

    iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
    PLs can u tell me what the “-t” stands for?

    • Vivek Gite June 13, 2015, 3:05 am

      The -t option specifies the packet matching table which the command should operate on.

  • richardskumat November 20, 2015, 3:38 pm

    This is great.
    I just installed an app where I need to figure out how to change input_ports so that I connect to the app on a NAT-d server.

    All this seems very confusing.

  • ningi November 27, 2015, 11:34 pm

    hi how can i add to the firewall and ip adress like that one ACCEPT 66.228.118.0/23

    Chain INPUT (policy ACCEPT)
    target prot opt source destination
    ACCEPT all — 66.228.118.0/23 0.0.0.0/0

    Thanks

Security: Are you a robot or human?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">


   Tagged with: , , , , , , , , , , , , ,