Linux Firewall: Display Status and Rules of Iptables Firewall

June 17, 2007January 17, 2008in CentOS, Debian / Ubuntu, Iptables, Linux, Networking, RedHat and Friends, Security, Suse, Troubleshooting, Ubuntu Linux last updated January 17, 2008

Q. How do I display / list all rules in the selected chain? How do I find out which rules are active? What is blocked and opened with my firewall?

A. To List all rules in the selected chain use the -L option. If no chain is selected, all chains are listed. As every other iptables command, it applies to the specified table. The -n option help to print IP addresses and port numbers in numeric format.

To check the status of your firewall and all rules, enter:
# iptables -L -n
OR
$ sudo iptables -L -n
Output:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
droplist   all  --  0.0.0.0/0            0.0.0.0/0           
droplist   all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     all  --  66.228.118.0/23      0.0.0.0/0           
DROP       all  --  213.240.4.233        0.0.0.0/0           
DROP       all  --  75.126.132.23        0.0.0.0/0           
DROP       all  --  80.58.205.35         0.0.0.0/0    
.....
...
.....
DROP       all  --  91.200.56.0/22       0.0.0.0/0           
LOG        all  --  91.200.72.0/22       0.0.0.0/0           LOG flags 0 level 4 prefix `DROP List Block' 
DROP       all  --  91.200.72.0/22       0.0.0.0/0

The –line-numbers option adds line numbers to the beginning of each rule, corresponding to that rule’s position in the chain. The -v option makes the list command show the interface name, the rule options (if any), and the TOS masks. The packet and byte counters are also listed, with the suffix K, M or G for 1000, 1,000,000 and 1,000,000,000 multipliers respectively (but see the -x flag to change this).
# iptables -L -v -n --line-numbers

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin and a trainer for the Linux operating system/Unix shell scripting. He has worked with global clients and in various industries, including IT, education, defense and space research, and the nonprofit sector. Follow him on Twitter, Facebook, Google+.

7 comment

Jorge says:

March 1, 2013 at 6:55 am

Great!! Thank you for the command this was really usefull!
framcis says:

October 25, 2014 at 1:20 am

-A FWR -p tcp -m tcp –dport 80 -j ACCEPT

I can someone tell me what the FWR stands for and/or mean?

Thanks.
Flo says:

October 30, 2014 at 1:20 pm

FWR : FireWall Rule, it meens you have to precise the rule you want to setup : INPUT, for ingoing ports, or OUTPUT, for outgoing ports.
Edon says:

June 13, 2015 at 12:04 am

iptables -t nat -A POSTROUTING -i eth0 -j MASQUERADE
PLs can u tell me what the “-t” stands for?
1. Vivek Gite says:
  
  June 13, 2015 at 3:05 am
  
  The -t option specifies the packet matching table which the command should operate on.
richardskumat says:

November 20, 2015 at 3:38 pm

This is great.
I just installed an app where I need to figure out how to change input_ports so that I connect to the app on a NAT-d server.

All this seems very confusing.
ningi says:

November 27, 2015 at 11:34 pm

hi how can i add to the firewall and ip adress like that one ACCEPT 66.228.118.0/23

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — 66.228.118.0/23 0.0.0.0/0

Thanks

Comments are closed.

Tagged as: display linux firewall, firewall, interface name, ip addresses, Iptables, iptables command, line numbers, linux firewall status, multipliers, port numbers, rule options, source destination, target, tos

Posted by: Vivek Gite

Share this on:

7 comment