Linux Articles

Iptables Firewall: How To Check Iptables Firewall Rules In Linux

Iptables Firewall: How To Check Iptables Firewall Rules In Linux

Description:

How to check iptables firewall rules and settings which port is allowed and dropped.To identify the service check on port or service name iptable rules will help.

iptables-firewall-how-to-check-iptables-firewall-rules-in-linux

To check the iptables command will holding the arguments which are ‘-L ‘ for all chain selection list and ‘-n’ it will print the ports and iptables in numaric format in easy format.

$ iptables -L -n

For sudo users follow the below,

$ sudo iptables -L -n

Output will be ,

# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* This rule is for SSH */
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport ports 8887:8889
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport ports 22
ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0            /* 000 allow loopback */
ACCEPT     tcp  —  192.168.111.64/26     0.0.0.0/0            multiport dports 22 /* 010 ssh */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 123 /* 020 ntp */ state NEW
ACCEPT     udp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 123 /* 030 ntp_udp */ state NEW
ACCEPT     udp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 162 /* 040 snmp */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 8000 /* 050 nailgun_web */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 8001 /* 060 nailgun_internal */ state NEW
REJECT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 8001 /* 070 nailgun_internal_block_ext */ state NEW reject-with icmp-port-unreachable
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 5432 ADDRTYPE match src-type LOCAL /* 080 postgres_local */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 5432 /* 090 postgres */ state NEW
REJECT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 5432 /* 100 postgres_block_ext */ state NEW reject-with icmp-port-unreachable
…………
………..
………
……..
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ext-filter-forward (1 references)
target     prot opt source               destination

Chain ext-filter-input (1 references)
target     prot opt source               destination

Few more arguments,

-v -> Gives the more interface names and TOS masks too.

–line-numbers -> Adds numbers to the existing rules according to the defined.

Tags:firewall,iptables,firewall rules,iptables list,Firewall denied rules,linux firewall rules,defined firewall rules,Ubuntu firewall