View iptables rules

In this article we will discuss how to see iptables rules using the command iptables-L and its main options and parameters. This command outputs in bash shell in a structured way all the chains Netfilter firewall rules. Information is provided for learning opportunities already configured the firewall and their subsequent modifications with other teams. The rules table is displayed in text mode.

Unlike the graphical interface, displaying in text mode consists of letters on a contrasting background. For structuring the information provided used simple indentation and spaces forming rows and columns of the table output information. If there is insufficient space on the screen is transferred the rest of the row information to a new line when displayed. Next, we consider features of display provided by the command iptables-L information.

How to see iptables rules

In this case, to demonstrate the capabilities of iptables uses the Debian operating system 10.2. For the iptables command requires that the user has been granted the privileges of supportwas using the sudo command. In this regard, all commands will look like sudo iptables [options] or sudo ip6tables [options] for IPv6.

Note: in order For user to be allowed to grant super-user privileges, this user must be added to the sudoers file using a special editor visudo. Look at the screenshot with the result of the command:

iptables-L

There are two versions of the utilities for configuring the Linux firewall: iptables and ip6tables. Iptables is used for IPv4 and ip6tables for IPv6. Accordingly, the command display all chains of rules for the firewall has two syntaxes.

For IPv4:

sudo iptables-L

For IPv6:

sudo ip6tables -L

In the future, consider only option for IPv4, the option for IPv6 uses the same syntax.

The displayed information is split into columns and rows. Each column its own name. With the help of additional parameters the command sudo iptables-L you can add additional columns in the output table iptables rules. Consider the name column in the standard output of sudo iptables -L:

  • target – the action to be performed with the package in accordance with this rule
  • prot – Protocol data transfer in which the rule applies
  • opt – options for rules
  • source – IP address, subnet, domain host package source, fall under the implementation of this rule
  • destination – IP address, subnet, domain host package under the implementation of this rule

1. The list of rules from the chain

Command to display a specific rule chain as follows:

sudo iptables [-L chain name]

For example, viewing the rules from the iptables OUTPUT chain:

sudo iptables-L OUTPUT

2. The list of rules from the table

The default is the contents of the table packet filtering filter. Command output the contents of the specified table looks like the following:

sudo iptables [-t table name] [-L name chain]

For example:

sudo iptables-t nat-L OUTPUT

Here is a list of all tables iptables rules:

  • filter table by default. Used to filter packets. Contains chains INPUT, FORWARD, OUTPUT
  • raw – is rarely used. The package is checked for compliance with the terms of this table to transfer the system state definitions (conntrack), for example, in order to not be processed by the system (action NOTRACK). The detection system is able to filter packets at the interface of the application sessions. That is, filters the packets by the communication session – a new session (NEW), an already established session (ESTABLISHED), additional communication session to an existing (RELATED). This system allows for high-level firewall that instead of working with packages working with sessions within applications. Contains the chains PREROUTING policy and OUTPUT.
  • mangle – contains rules modifications processed IP packets. For example, changing fields of IP packet headers that contain confidential information. Rarely used. Contains the chains PREROUTING policy, INPUT, FORWARD, OUTPUT,
  • nat – designed to spoof the sender or the recipient. This table applies only to the first packet from the stream of data transfer Protocol over the network to the rest of the packets of the flow packets of the selected effect is applied automatically. The table is used, for example, for the broadcast addresses of the sender and receiver to mask the addresses of the sender or recipient. This is done mainly in two cases. First – when it is necessary to organize access to the Internet in multiple computers located in the computer. Second – when you want to hide (mask) for security purposes, the sender or receiver of information transmitted over the Internet. Contains the chains PREROUTING policy, OUTPUT, POSTROUTING.

3. The numbers of rules in iptables

The following command allows us to deduce the numbers of iptables rules, which then can be used to manage the screen:

sudo iptables [-t table] [-L imazapic] –line-numbers -n

For example:

sudo iptables-t filter -L --line-numbers -n

4. Viewing the rules with statistics packages

To view the rules table with the counter is transferred (received) number of bytes (bytes) and packets (pkts), use the following command:

sudo iptables [-t table] [-L name chain] -n -v

For example:

sudo iptables-t filter-L-n -v

Insights

Here we have considered the main ways how to see iptables rules in a tabular form. Now we know how to select the table of firewall rules, the rule chain for the viewing screen, the names of the columns and their meaning in the output rule table, and some of the ability to add additional columns in the output table rules.

Source: losst.ru

(Visited 12 times, 1 visits today)