Iptables Firewall: How To Check Iptables Firewall Rules In Linux

Iptables Firewall: How To Check Iptables Firewall Rules In Linux

Description:

How to check iptables firewall rules and settings which port is allowed and dropped.To identify the service check on port or service name iptable rules will help.

To check the iptables command will holding the arguments which are ‘-L ‘ for all chain selection list and ‘-n’ it will print the ports and iptables in numaric format in easy format.

$ iptables -L -n

For sudo users follow the below,

$ sudo iptables -L -n

Output will be ,

# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 /* This rule is for SSH */
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport ports 8887:8889
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport ports 22
ACCEPT     all  —  0.0.0.0/0            0.0.0.0/0            /* 000 allow loopback */
ACCEPT     tcp  —  192.168.111.64/26     0.0.0.0/0            multiport dports 22 /* 010 ssh */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 123 /* 020 ntp */ state NEW
ACCEPT     udp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 123 /* 030 ntp_udp */ state NEW
ACCEPT     udp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 162 /* 040 snmp */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 8000 /* 050 nailgun_web */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 8001 /* 060 nailgun_internal */ state NEW
REJECT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 8001 /* 070 nailgun_internal_block_ext */ state NEW reject-with icmp-port-unreachable
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 5432 ADDRTYPE match src-type LOCAL /* 080 postgres_local */ state NEW
ACCEPT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 5432 /* 090 postgres */ state NEW
REJECT     tcp  —  0.0.0.0/0            0.0.0.0/0            multiport dports 5432 /* 100 postgres_block_ext */ state NEW reject-with icmp-port-unreachable
…………
………..
………
……..
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain ext-filter-forward (1 references)
target     prot opt source               destination

Chain ext-filter-input (1 references)
target     prot opt source               destination

Few more arguments,

-v -> Gives the more interface names and TOS masks too.

–line-numbers -> Adds numbers to the existing rules according to the defined.

Tags:firewall,iptables,firewall rules,iptables list,Firewall denied rules,linux firewall rules,defined firewall rules,Ubuntu firewall