Iptables Firewall: How To Check Iptables Firewall Rules In Linux
Description:
How to check iptables firewall rules and settings which port is allowed and dropped.To identify the service check on port or service name iptable rules will help.
To check the iptables command will holding the arguments which are ‘-L ‘ for all chain selection list and ‘-n’ it will print the ports and iptables in numaric format in easy format.
$ iptables -L -n
For sudo users follow the below,
$ sudo iptables -L -n
Output will be ,
# iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 /* This rule is for SSH */
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 multiport ports 8887:8889
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 multiport ports 22
ACCEPT all — 0.0.0.0/0 0.0.0.0/0 /* 000 allow loopback */
ACCEPT tcp — 192.168.111.64/26 0.0.0.0/0 multiport dports 22 /* 010 ssh */ state NEW
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 multiport dports 123 /* 020 ntp */ state NEW
ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 multiport dports 123 /* 030 ntp_udp */ state NEW
ACCEPT udp — 0.0.0.0/0 0.0.0.0/0 multiport dports 162 /* 040 snmp */ state NEW
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 multiport dports 8000 /* 050 nailgun_web */ state NEW
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 multiport dports 8001 /* 060 nailgun_internal */ state NEW
REJECT tcp — 0.0.0.0/0 0.0.0.0/0 multiport dports 8001 /* 070 nailgun_internal_block_ext */ state NEW reject-with icmp-port-unreachable
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 multiport dports 5432 ADDRTYPE match src-type LOCAL /* 080 postgres_local */ state NEW
ACCEPT tcp — 0.0.0.0/0 0.0.0.0/0 multiport dports 5432 /* 090 postgres */ state NEW
REJECT tcp — 0.0.0.0/0 0.0.0.0/0 multiport dports 5432 /* 100 postgres_block_ext */ state NEW reject-with icmp-port-unreachable
…………
………..
………
……..
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ext-filter-forward (1 references)
target prot opt source destination
Chain ext-filter-input (1 references)
target prot opt source destination
Few more arguments,
-v -> Gives the more interface names and TOS masks too.
–line-numbers -> Adds numbers to the existing rules according to the defined.
Tags:firewall,iptables,firewall rules,iptables list,Firewall denied rules,linux firewall rules,defined firewall rules,Ubuntu firewall
Add Comment