Viewing all iptables rules
Is there a way to view iptables rules in a bit more detail?
I recently added masquerade to a range of IPs:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart
Which has done what I want it to, but when I use:
iptables -L
I get the same output as I normally get:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
How can I see the rules including the ones I add? (system is CentOS 6)
iptables
edited Mar 9 at 0:23
Ondra Žižka
454311
asked May 27 '15 at 13:14
Trent
1,32171531
add a comment |
Is there a way to view iptables rules in a bit more detail?
I recently added masquerade to a range of IPs:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart
Which has done what I want it to, but when I use:
iptables -L
I get the same output as I normally get:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
How can I see the rules including the ones I add? (system is CentOS 6)
iptables
edited Mar 9 at 0:23
Ondra Žižka
454311
asked May 27 '15 at 13:14
Trent
1,32171531
add a comment |
Is there a way to view iptables rules in a bit more detail?
I recently added masquerade to a range of IPs:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart
Which has done what I want it to, but when I use:
iptables -L
I get the same output as I normally get:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
How can I see the rules including the ones I add? (system is CentOS 6)
iptables
edited Mar 9 at 0:23
Ondra Žižka
454311
asked May 27 '15 at 13:14
Trent
1,32171531
Is there a way to view iptables rules in a bit more detail?
I recently added masquerade to a range of IPs:
iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart
Which has done what I want it to, but when I use:
iptables -L
I get the same output as I normally get:
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
How can I see the rules including the ones I add? (system is CentOS 6)
iptables
iptables
edited Mar 9 at 0:23
Ondra Žižka
454311
asked May 27 '15 at 13:14
Trent
1,32171531
edited Mar 9 at 0:23
Ondra Žižka
454311
asked May 27 '15 at 13:14
Trent
1,32171531
edited Mar 9 at 0:23
Ondra Žižka
454311
edited Mar 9 at 0:23
Ondra Žižka
454311
edited Mar 9 at 0:23
Ondra Žižka
454311
454311
asked May 27 '15 at 13:14
Trent
1,32171531
asked May 27 '15 at 13:14
Trent
1,32171531
asked May 27 '15 at 13:14
Trent
1,32171531
1,32171531
add a comment |
add a comment |
8 Answers
8
active
oldest
votes
When using the -L, --list option to list the current firewall rules, you also need to specify the appropriate Netfilter table (one of filter, nat, mangle, raw or security). So, if you’ve added a rule for the nat table, you should explicitly specify this table using the -t, --table option:
iptables --table nat --list
Or using the options short form:
iptables -t nat -L
If you don’t specify a specific table, the filter table is used as the default.
For faster results, it can be useful to also include the -n, --numeric option to print numeric IP addresses instead of hostnames, thus avoiding the need to wait for reverse DNS lookups.
You can get even more information by including the -v, --verbose option.
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
add a comment |
iptables controls five different tables: filter, nat, mangle, raw and security. On a given call, iptables only displays or modifies one of these tables, specified by the argument to the option -t (defaulting to filter). To see the complete state of the firewall, you need to call iptables on each of the tables successively.
Additionally, to get an accurate representation of the rules, you need to pass the option -v. Otherwise some important criteria are omitted in the output, such as the interface in filter rules (e.g. a rule that says “accept everything” and a rule that says “accept everything on the loopback interface” can only be distinguished with -v).
Thus, to get a complete presentation of the netfilter rules, you need
iptables -vL -t filter
iptables -vL -t nat
iptables -vL -t mangle
iptables -vL -t raw
iptables -vL -t security
Alternatively, you can call the iptables-save program, which displays all the rules in all tables in a format that can be parsed by iptables-restore. This format is also reasonably readable by humans (it's pretty much like a series of calls to the iptables command to build the table).
answered May 28 '15 at 8:38
Gilles
528k12810571583
add a comment |
iptables -S does the trick for me. It seems to list all the active rules, even when the service is off.
From the man page:
-S, --list-rules [chain]
Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies to the specified table (filter is the default).
answered Apr 1 '16 at 3:32
Cameron
55745
This is a really kwl answer, I've also noticed that /sbin/service iptables status gives a similar output
– Trent
Apr 1 '16 at 10:08
5
+1. No 'seems' about it- from the man page: "-S, Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save". This is the one I usually need.
– Mike S
May 11 '16 at 21:27
3
i did not find this to be the case.iptables -Sdoes not show all my nat rules, which i can see when i runiptables -L -t nat
– mulllhausen
Apr 8 '17 at 1:34
1
@MikeS From the man page, BOTH commands operate only on the specified table, filter by default. "Like every other iptables command, it applies to the specified table (filter is the default)." The wording in the documentation is copied almost identically for -S and -L, they only differ in formatting of the output, not the rules printed. This is true at least on Ubuntu 16.04 which on my system is iptables v1.6.0.
– Scott
Jun 18 '17 at 3:15
Agree with @mulllhausen here. I needed "sudo iptables --table nat --list" to show my nat table rules. the "-S" flag by itself did not show them.
– Robert Oschler
Aug 18 '17 at 19:54
add a comment |
What I do is to execute iptables-save > iptables_bckp, this would backup all the layers, then edit the file and restore the iptables iptables-restore < iptables_bckp
# iptables-save > iptables_bckp
# vim iptables_bckp
# iptables-restore < iptables_bckp
You can make a double backup so you modify one of them without losing your past iptables.
This is a personal practice, I'm not saying this is the best way but for me works great.
Give a try
answered May 27 '15 at 13:35
tachomi
3,61731134
This is the only realistic answer I have found so far that actually dumps all of the tables too.
– Chris Harrington
May 28 '17 at 0:50
add a comment |
The iptables command also requires you to specify the table otherwise it defaults to filter table. So try:
iptables -t nat -L
edited Oct 11 '16 at 15:10
czerasz
14719
answered May 27 '15 at 13:22
user425
491
add a comment |
You can use:
# lsmod | grep ip_tables
ip_tables 13193 4 iptable_raw,iptable_mangle,iptable_nat,iptable_filter
To find all tables and show specific rule in table.
answered Dec 14 '17 at 8:12
Tur Le
111
add a comment |
If it will really help you could write a bash script and put it in a folder that is reference by your path or reference it via an alias in the ~/.bashrc file.
AllRules.sh
#!/bin/bash
echo "Filter table:"
iptables -t filter -vL
echo "Nat table:"
iptables -t nat -vL
echo "Mangle table:"
iptables -t mangle -vL
echo "Raw table:"
iptables -t raw -vL
echo "Security table:"
iptables -t security -vL
echo
echo "All rules in all tables printed"
Remember to give your new bash script execute permissions with chmod
If permission is an issue you may have to add sudo in front of all the iptables commands.
edited Feb 5 at 8:11
Ville
201211
answered Jun 22 '17 at 18:48
ob1
1718
add a comment |
iptables -vnxL
iptables -vnxL -tnat
possibly additionally, though these are very very rarely used:
iptables -vnxL -traw
iptables -vnxL -tmangle
iptables -vnxL -tsecuriy
answered Dec 17 at 13:33
sjas
27647
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f205867%2fviewing-all-iptables-rules%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
8 Answers
8
active
oldest
votes
8 Answers
8
active
oldest
votes
active
oldest
votes
active
oldest
votes
When using the -L, --list option to list the current firewall rules, you also need to specify the appropriate Netfilter table (one of filter, nat, mangle, raw or security). So, if you’ve added a rule for the nat table, you should explicitly specify this table using the -t, --table option:
iptables --table nat --list
Or using the options short form:
iptables -t nat -L
If you don’t specify a specific table, the filter table is used as the default.
For faster results, it can be useful to also include the -n, --numeric option to print numeric IP addresses instead of hostnames, thus avoiding the need to wait for reverse DNS lookups.
You can get even more information by including the -v, --verbose option.
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
add a comment |
When using the -L, --list option to list the current firewall rules, you also need to specify the appropriate Netfilter table (one of filter, nat, mangle, raw or security). So, if you’ve added a rule for the nat table, you should explicitly specify this table using the -t, --table option:
iptables --table nat --list
Or using the options short form:
iptables -t nat -L
If you don’t specify a specific table, the filter table is used as the default.
For faster results, it can be useful to also include the -n, --numeric option to print numeric IP addresses instead of hostnames, thus avoiding the need to wait for reverse DNS lookups.
You can get even more information by including the -v, --verbose option.
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
add a comment |
When using the -L, --list option to list the current firewall rules, you also need to specify the appropriate Netfilter table (one of filter, nat, mangle, raw or security). So, if you’ve added a rule for the nat table, you should explicitly specify this table using the -t, --table option:
iptables --table nat --list
Or using the options short form:
iptables -t nat -L
If you don’t specify a specific table, the filter table is used as the default.
For faster results, it can be useful to also include the -n, --numeric option to print numeric IP addresses instead of hostnames, thus avoiding the need to wait for reverse DNS lookups.
You can get even more information by including the -v, --verbose option.
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
When using the -L, --list option to list the current firewall rules, you also need to specify the appropriate Netfilter table (one of filter, nat, mangle, raw or security). So, if you’ve added a rule for the nat table, you should explicitly specify this table using the -t, --table option:
iptables --table nat --list
Or using the options short form:
iptables -t nat -L
If you don’t specify a specific table, the filter table is used as the default.
For faster results, it can be useful to also include the -n, --numeric option to print numeric IP addresses instead of hostnames, thus avoiding the need to wait for reverse DNS lookups.
You can get even more information by including the -v, --verbose option.
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
edited Jun 17 at 19:45
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
answered May 27 '15 at 13:21
Anthony Geoghegan
7,54543954
7,54543954
add a comment |
add a comment |
iptables controls five different tables: filter, nat, mangle, raw and security. On a given call, iptables only displays or modifies one of these tables, specified by the argument to the option -t (defaulting to filter). To see the complete state of the firewall, you need to call iptables on each of the tables successively.
Additionally, to get an accurate representation of the rules, you need to pass the option -v. Otherwise some important criteria are omitted in the output, such as the interface in filter rules (e.g. a rule that says “accept everything” and a rule that says “accept everything on the loopback interface” can only be distinguished with -v).
Thus, to get a complete presentation of the netfilter rules, you need
iptables -vL -t filter
iptables -vL -t nat
iptables -vL -t mangle
iptables -vL -t raw
iptables -vL -t security
Alternatively, you can call the iptables-save program, which displays all the rules in all tables in a format that can be parsed by iptables-restore. This format is also reasonably readable by humans (it's pretty much like a series of calls to the iptables command to build the table).
answered May 28 '15 at 8:38
Gilles
528k12810571583
add a comment |
iptables controls five different tables: filter, nat, mangle, raw and security. On a given call, iptables only displays or modifies one of these tables, specified by the argument to the option -t (defaulting to filter). To see the complete state of the firewall, you need to call iptables on each of the tables successively.
Additionally, to get an accurate representation of the rules, you need to pass the option -v. Otherwise some important criteria are omitted in the output, such as the interface in filter rules (e.g. a rule that says “accept everything” and a rule that says “accept everything on the loopback interface” can only be distinguished with -v).
Thus, to get a complete presentation of the netfilter rules, you need
iptables -vL -t filter
iptables -vL -t nat
iptables -vL -t mangle
iptables -vL -t raw
iptables -vL -t security
Alternatively, you can call the iptables-save program, which displays all the rules in all tables in a format that can be parsed by iptables-restore. This format is also reasonably readable by humans (it's pretty much like a series of calls to the iptables command to build the table).
answered May 28 '15 at 8:38
Gilles
528k12810571583
add a comment |
iptables controls five different tables: filter, nat, mangle, raw and security. On a given call, iptables only displays or modifies one of these tables, specified by the argument to the option -t (defaulting to filter). To see the complete state of the firewall, you need to call iptables on each of the tables successively.
Additionally, to get an accurate representation of the rules, you need to pass the option -v. Otherwise some important criteria are omitted in the output, such as the interface in filter rules (e.g. a rule that says “accept everything” and a rule that says “accept everything on the loopback interface” can only be distinguished with -v).
Thus, to get a complete presentation of the netfilter rules, you need
iptables -vL -t filter
iptables -vL -t nat
iptables -vL -t mangle
iptables -vL -t raw
iptables -vL -t security
Alternatively, you can call the iptables-save program, which displays all the rules in all tables in a format that can be parsed by iptables-restore. This format is also reasonably readable by humans (it's pretty much like a series of calls to the iptables command to build the table).
answered May 28 '15 at 8:38
Gilles
528k12810571583
iptables controls five different tables: filter, nat, mangle, raw and security. On a given call, iptables only displays or modifies one of these tables, specified by the argument to the option -t (defaulting to filter). To see the complete state of the firewall, you need to call iptables on each of the tables successively.
Additionally, to get an accurate representation of the rules, you need to pass the option -v. Otherwise some important criteria are omitted in the output, such as the interface in filter rules (e.g. a rule that says “accept everything” and a rule that says “accept everything on the loopback interface” can only be distinguished with -v).
Thus, to get a complete presentation of the netfilter rules, you need
iptables -vL -t filter
iptables -vL -t nat
iptables -vL -t mangle
iptables -vL -t raw
iptables -vL -t security
Alternatively, you can call the iptables-save program, which displays all the rules in all tables in a format that can be parsed by iptables-restore. This format is also reasonably readable by humans (it's pretty much like a series of calls to the iptables command to build the table).
answered May 28 '15 at 8:38
Gilles
528k12810571583
edited Nov 14 '15 at 16:46
answered May 28 '15 at 8:38
Gilles
528k12810571583
answered May 28 '15 at 8:38
Gilles
528k12810571583
answered May 28 '15 at 8:38
Gilles
528k12810571583
528k12810571583
add a comment |
add a comment |
iptables -S does the trick for me. It seems to list all the active rules, even when the service is off.
From the man page:
-S, --list-rules [chain]
Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies to the specified table (filter is the default).
answered Apr 1 '16 at 3:32
Cameron
55745
This is a really kwl answer, I've also noticed that /sbin/service iptables status gives a similar output
– Trent
Apr 1 '16 at 10:08
5
+1. No 'seems' about it- from the man page: "-S, Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save". This is the one I usually need.
– Mike S
May 11 '16 at 21:27
3
i did not find this to be the case.iptables -Sdoes not show all my nat rules, which i can see when i runiptables -L -t nat
– mulllhausen
Apr 8 '17 at 1:34
1
@MikeS From the man page, BOTH commands operate only on the specified table, filter by default. "Like every other iptables command, it applies to the specified table (filter is the default)." The wording in the documentation is copied almost identically for -S and -L, they only differ in formatting of the output, not the rules printed. This is true at least on Ubuntu 16.04 which on my system is iptables v1.6.0.
– Scott
Jun 18 '17 at 3:15
Agree with @mulllhausen here. I needed "sudo iptables --table nat --list" to show my nat table rules. the "-S" flag by itself did not show them.
– Robert Oschler
Aug 18 '17 at 19:54
add a comment |
iptables -S does the trick for me. It seems to list all the active rules, even when the service is off.
From the man page:
-S, --list-rules [chain]
Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies to the specified table (filter is the default).
answered Apr 1 '16 at 3:32
Cameron
55745
This is a really kwl answer, I've also noticed that /sbin/service iptables status gives a similar output
– Trent
Apr 1 '16 at 10:08
5
+1. No 'seems' about it- from the man page: "-S, Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save". This is the one I usually need.
– Mike S
May 11 '16 at 21:27
3
i did not find this to be the case.iptables -Sdoes not show all my nat rules, which i can see when i runiptables -L -t nat
– mulllhausen
Apr 8 '17 at 1:34
1
@MikeS From the man page, BOTH commands operate only on the specified table, filter by default. "Like every other iptables command, it applies to the specified table (filter is the default)." The wording in the documentation is copied almost identically for -S and -L, they only differ in formatting of the output, not the rules printed. This is true at least on Ubuntu 16.04 which on my system is iptables v1.6.0.
– Scott
Jun 18 '17 at 3:15
Agree with @mulllhausen here. I needed "sudo iptables --table nat --list" to show my nat table rules. the "-S" flag by itself did not show them.
– Robert Oschler
Aug 18 '17 at 19:54
add a comment |
iptables -S does the trick for me. It seems to list all the active rules, even when the service is off.
From the man page:
-S, --list-rules [chain]
Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies to the specified table (filter is the default).
answered Apr 1 '16 at 3:32
Cameron
55745
iptables -S does the trick for me. It seems to list all the active rules, even when the service is off.
From the man page:
-S, --list-rules [chain]
Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies to the specified table (filter is the default).
answered Apr 1 '16 at 3:32
Cameron
55745
edited Jun 22 '17 at 19:56
answered Apr 1 '16 at 3:32
Cameron
55745
answered Apr 1 '16 at 3:32
Cameron
55745
answered Apr 1 '16 at 3:32
Cameron
55745
55745
This is a really kwl answer, I've also noticed that /sbin/service iptables status gives a similar output
– Trent
Apr 1 '16 at 10:08
5
+1. No 'seems' about it- from the man page: "-S, Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save". This is the one I usually need.
– Mike S
May 11 '16 at 21:27
3
i did not find this to be the case.iptables -Sdoes not show all my nat rules, which i can see when i runiptables -L -t nat
– mulllhausen
Apr 8 '17 at 1:34
1
@MikeS From the man page, BOTH commands operate only on the specified table, filter by default. "Like every other iptables command, it applies to the specified table (filter is the default)." The wording in the documentation is copied almost identically for -S and -L, they only differ in formatting of the output, not the rules printed. This is true at least on Ubuntu 16.04 which on my system is iptables v1.6.0.
– Scott
Jun 18 '17 at 3:15
Agree with @mulllhausen here. I needed "sudo iptables --table nat --list" to show my nat table rules. the "-S" flag by itself did not show them.
– Robert Oschler
Aug 18 '17 at 19:54
add a comment |
This is a really kwl answer, I've also noticed that /sbin/service iptables status gives a similar output
– Trent
Apr 1 '16 at 10:08
5
+1. No 'seems' about it- from the man page: "-S, Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save". This is the one I usually need.
– Mike S
May 11 '16 at 21:27
3
i did not find this to be the case.iptables -Sdoes not show all my nat rules, which i can see when i runiptables -L -t nat
– mulllhausen
Apr 8 '17 at 1:34
1
@MikeS From the man page, BOTH commands operate only on the specified table, filter by default. "Like every other iptables command, it applies to the specified table (filter is the default)." The wording in the documentation is copied almost identically for -S and -L, they only differ in formatting of the output, not the rules printed. This is true at least on Ubuntu 16.04 which on my system is iptables v1.6.0.
– Scott
Jun 18 '17 at 3:15
Agree with @mulllhausen here. I needed "sudo iptables --table nat --list" to show my nat table rules. the "-S" flag by itself did not show them.
– Robert Oschler
Aug 18 '17 at 19:54
This is a really kwl answer, I've also noticed that /sbin/service iptables status gives a similar output
– Trent
Apr 1 '16 at 10:08
This is a really kwl answer, I've also noticed that /sbin/service iptables status gives a similar output
– Trent
Apr 1 '16 at 10:08
5
5
+1. No 'seems' about it- from the man page: "-S, Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save". This is the one I usually need.
– Mike S
May 11 '16 at 21:27
+1. No 'seems' about it- from the man page: "-S, Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save". This is the one I usually need.
– Mike S
May 11 '16 at 21:27
3
3
i did not find this to be the case.
iptables -S does not show all my nat rules, which i can see when i run iptables -L -t nat– mulllhausen
Apr 8 '17 at 1:34
i did not find this to be the case.
iptables -S does not show all my nat rules, which i can see when i run iptables -L -t nat– mulllhausen
Apr 8 '17 at 1:34
1
1
@MikeS From the man page, BOTH commands operate only on the specified table, filter by default. "Like every other iptables command, it applies to the specified table (filter is the default)." The wording in the documentation is copied almost identically for -S and -L, they only differ in formatting of the output, not the rules printed. This is true at least on Ubuntu 16.04 which on my system is iptables v1.6.0.
– Scott
Jun 18 '17 at 3:15
@MikeS From the man page, BOTH commands operate only on the specified table, filter by default. "Like every other iptables command, it applies to the specified table (filter is the default)." The wording in the documentation is copied almost identically for -S and -L, they only differ in formatting of the output, not the rules printed. This is true at least on Ubuntu 16.04 which on my system is iptables v1.6.0.
– Scott
Jun 18 '17 at 3:15
Agree with @mulllhausen here. I needed "sudo iptables --table nat --list" to show my nat table rules. the "-S" flag by itself did not show them.
– Robert Oschler
Aug 18 '17 at 19:54
Agree with @mulllhausen here. I needed "sudo iptables --table nat --list" to show my nat table rules. the "-S" flag by itself did not show them.
– Robert Oschler
Aug 18 '17 at 19:54
add a comment |
What I do is to execute iptables-save > iptables_bckp, this would backup all the layers, then edit the file and restore the iptables iptables-restore < iptables_bckp
# iptables-save > iptables_bckp
# vim iptables_bckp
# iptables-restore < iptables_bckp
You can make a double backup so you modify one of them without losing your past iptables.
This is a personal practice, I'm not saying this is the best way but for me works great.
Give a try
answered May 27 '15 at 13:35
tachomi
3,61731134
This is the only realistic answer I have found so far that actually dumps all of the tables too.
– Chris Harrington
May 28 '17 at 0:50
add a comment |
What I do is to execute iptables-save > iptables_bckp, this would backup all the layers, then edit the file and restore the iptables iptables-restore < iptables_bckp
# iptables-save > iptables_bckp
# vim iptables_bckp
# iptables-restore < iptables_bckp
You can make a double backup so you modify one of them without losing your past iptables.
This is a personal practice, I'm not saying this is the best way but for me works great.
Give a try
answered May 27 '15 at 13:35
tachomi
3,61731134
This is the only realistic answer I have found so far that actually dumps all of the tables too.
– Chris Harrington
May 28 '17 at 0:50
add a comment |
What I do is to execute iptables-save > iptables_bckp, this would backup all the layers, then edit the file and restore the iptables iptables-restore < iptables_bckp
# iptables-save > iptables_bckp
# vim iptables_bckp
# iptables-restore < iptables_bckp
You can make a double backup so you modify one of them without losing your past iptables.
This is a personal practice, I'm not saying this is the best way but for me works great.
Give a try
answered May 27 '15 at 13:35
tachomi
3,61731134
What I do is to execute iptables-save > iptables_bckp, this would backup all the layers, then edit the file and restore the iptables iptables-restore < iptables_bckp
# iptables-save > iptables_bckp
# vim iptables_bckp
# iptables-restore < iptables_bckp
You can make a double backup so you modify one of them without losing your past iptables.
This is a personal practice, I'm not saying this is the best way but for me works great.
Give a try
answered May 27 '15 at 13:35
tachomi
3,61731134
answered May 27 '15 at 13:35
tachomi
3,61731134
answered May 27 '15 at 13:35
tachomi
3,61731134
answered May 27 '15 at 13:35
tachomi
3,61731134
3,61731134
This is the only realistic answer I have found so far that actually dumps all of the tables too.
– Chris Harrington
May 28 '17 at 0:50
add a comment |
This is the only realistic answer I have found so far that actually dumps all of the tables too.
– Chris Harrington
May 28 '17 at 0:50
This is the only realistic answer I have found so far that actually dumps all of the tables too.
– Chris Harrington
May 28 '17 at 0:50
This is the only realistic answer I have found so far that actually dumps all of the tables too.
– Chris Harrington
May 28 '17 at 0:50
add a comment |
The iptables command also requires you to specify the table otherwise it defaults to filter table. So try:
iptables -t nat -L
edited Oct 11 '16 at 15:10
czerasz
14719
answered May 27 '15 at 13:22
user425
491
add a comment |
The iptables command also requires you to specify the table otherwise it defaults to filter table. So try:
iptables -t nat -L
edited Oct 11 '16 at 15:10
czerasz
14719
answered May 27 '15 at 13:22
user425
491
add a comment |
The iptables command also requires you to specify the table otherwise it defaults to filter table. So try:
iptables -t nat -L
edited Oct 11 '16 at 15:10
czerasz
14719
answered May 27 '15 at 13:22
user425
491
The iptables command also requires you to specify the table otherwise it defaults to filter table. So try:
iptables -t nat -L
edited Oct 11 '16 at 15:10
czerasz
14719
answered May 27 '15 at 13:22
user425
491
edited Oct 11 '16 at 15:10
czerasz
14719
edited Oct 11 '16 at 15:10
czerasz
14719
edited Oct 11 '16 at 15:10
czerasz
14719
14719
answered May 27 '15 at 13:22
user425
491
answered May 27 '15 at 13:22
user425
491
answered May 27 '15 at 13:22
user425
491
491
add a comment |
add a comment |
You can use:
# lsmod | grep ip_tables
ip_tables 13193 4 iptable_raw,iptable_mangle,iptable_nat,iptable_filter
To find all tables and show specific rule in table.
answered Dec 14 '17 at 8:12
Tur Le
111
add a comment |
You can use:
# lsmod | grep ip_tables
ip_tables 13193 4 iptable_raw,iptable_mangle,iptable_nat,iptable_filter
To find all tables and show specific rule in table.
answered Dec 14 '17 at 8:12
Tur Le
111
add a comment |
You can use:
# lsmod | grep ip_tables
ip_tables 13193 4 iptable_raw,iptable_mangle,iptable_nat,iptable_filter
To find all tables and show specific rule in table.
answered Dec 14 '17 at 8:12
Tur Le
111
You can use:
# lsmod | grep ip_tables
ip_tables 13193 4 iptable_raw,iptable_mangle,iptable_nat,iptable_filter
To find all tables and show specific rule in table.
answered Dec 14 '17 at 8:12
Tur Le
111
answered Dec 14 '17 at 8:12
Tur Le
111
answered Dec 14 '17 at 8:12
Tur Le
111
answered Dec 14 '17 at 8:12
Tur Le
111
111
add a comment |
add a comment |
If it will really help you could write a bash script and put it in a folder that is reference by your path or reference it via an alias in the ~/.bashrc file.
AllRules.sh
#!/bin/bash
echo "Filter table:"
iptables -t filter -vL
echo "Nat table:"
iptables -t nat -vL
echo "Mangle table:"
iptables -t mangle -vL
echo "Raw table:"
iptables -t raw -vL
echo "Security table:"
iptables -t security -vL
echo
echo "All rules in all tables printed"
Remember to give your new bash script execute permissions with chmod
If permission is an issue you may have to add sudo in front of all the iptables commands.
edited Feb 5 at 8:11
Ville
201211
answered Jun 22 '17 at 18:48
ob1
1718
add a comment |
If it will really help you could write a bash script and put it in a folder that is reference by your path or reference it via an alias in the ~/.bashrc file.
AllRules.sh
#!/bin/bash
echo "Filter table:"
iptables -t filter -vL
echo "Nat table:"
iptables -t nat -vL
echo "Mangle table:"
iptables -t mangle -vL
echo "Raw table:"
iptables -t raw -vL
echo "Security table:"
iptables -t security -vL
echo
echo "All rules in all tables printed"
Remember to give your new bash script execute permissions with chmod
If permission is an issue you may have to add sudo in front of all the iptables commands.
edited Feb 5 at 8:11
Ville
201211
answered Jun 22 '17 at 18:48
ob1
1718
add a comment |
If it will really help you could write a bash script and put it in a folder that is reference by your path or reference it via an alias in the ~/.bashrc file.
AllRules.sh
#!/bin/bash
echo "Filter table:"
iptables -t filter -vL
echo "Nat table:"
iptables -t nat -vL
echo "Mangle table:"
iptables -t mangle -vL
echo "Raw table:"
iptables -t raw -vL
echo "Security table:"
iptables -t security -vL
echo
echo "All rules in all tables printed"
Remember to give your new bash script execute permissions with chmod
If permission is an issue you may have to add sudo in front of all the iptables commands.
edited Feb 5 at 8:11
Ville
201211
answered Jun 22 '17 at 18:48
ob1
1718
If it will really help you could write a bash script and put it in a folder that is reference by your path or reference it via an alias in the ~/.bashrc file.
AllRules.sh
#!/bin/bash
echo "Filter table:"
iptables -t filter -vL
echo "Nat table:"
iptables -t nat -vL
echo "Mangle table:"
iptables -t mangle -vL
echo "Raw table:"
iptables -t raw -vL
echo "Security table:"
iptables -t security -vL
echo
echo "All rules in all tables printed"
Remember to give your new bash script execute permissions with chmod
If permission is an issue you may have to add sudo in front of all the iptables commands.
edited Feb 5 at 8:11
Ville
201211
answered Jun 22 '17 at 18:48
ob1
1718
edited Feb 5 at 8:11
Ville
201211
edited Feb 5 at 8:11
Ville
201211
edited Feb 5 at 8:11
Ville
201211
201211
answered Jun 22 '17 at 18:48
ob1
1718
answered Jun 22 '17 at 18:48
ob1
1718
answered Jun 22 '17 at 18:48
ob1
1718
1718
add a comment |
add a comment |
iptables -vnxL
iptables -vnxL -tnat
possibly additionally, though these are very very rarely used:
iptables -vnxL -traw
iptables -vnxL -tmangle
iptables -vnxL -tsecuriy
answered Dec 17 at 13:33
sjas
27647
add a comment |
iptables -vnxL
iptables -vnxL -tnat
possibly additionally, though these are very very rarely used:
iptables -vnxL -traw
iptables -vnxL -tmangle
iptables -vnxL -tsecuriy
answered Dec 17 at 13:33
sjas
27647
add a comment |
iptables -vnxL
iptables -vnxL -tnat
possibly additionally, though these are very very rarely used:
iptables -vnxL -traw
iptables -vnxL -tmangle
iptables -vnxL -tsecuriy
answered Dec 17 at 13:33
sjas
27647
iptables -vnxL
iptables -vnxL -tnat
possibly additionally, though these are very very rarely used:
iptables -vnxL -traw
iptables -vnxL -tmangle
iptables -vnxL -tsecuriy
answered Dec 17 at 13:33
sjas
27647
answered Dec 17 at 13:33
sjas
27647
answered Dec 17 at 13:33
sjas
27647
answered Dec 17 at 13:33
sjas
27647
27647
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f205867%2fviewing-all-iptables-rules%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
