Linux Commands

Linux Iptables List All Rules

Iptables is a gateway that is crucial for many Linux platforms’ network securities. Since many of the iptables tutorial guides will demonstrate how to write gateway rules to safeguard your Linux system, this article will concentrate on a diverse feature of firewall administration: listing the iptables rules. Assume that in your Linux server, you have recently unveiled NAT settings. In Ubuntu, how can you view the rules that you recently wrote, together with line numbers? This article assumes you are working with a Linux platform with the iptables function loaded and that your account has root access. So, let’s start today’s article by login in from your Ubuntu 20.04 system as we will be implementing all commands on its shell. To open the Linux terminal, you need to try out the Ctrl+Alt+T shortcut right after the successful login.

List Rules by Specification:

Before doing anything, make sure your system is up to date and upgraded. If not, try the apt “update” and “upgrade” commands on the shell. Initially, let’s glance at how to generate a rule list. The operational iptables rules may be seen in two distinct ways: in tabular form or a list of rule parameters. Both approaches deliver the very same content in somewhat dissimilar formats. So, if you want to list down all the currently enabled “iptables” rules by their functionality or specification, you can do so by a simple “iptables” command followed by the “-S” flag. Make sure to utilize the “sudo” keyword in this case. It will prompt for your sudo password on execution. Write your password, hit Enter, and get the list of iptables rules and their specification as shown in the presented output image below.

$ sudo iptables -S

You can use all the listed commands in the above image as per your choice. The above output for the iptables command shows many iptables commands for “Ipv4” to perform many things perfectly. You can also list the rules for Ipv6 using the ip6tables command shown below. The output is depicted in the below-affixed screenshot.

$ sudo ip6tables -S

The above commands were all about listing all the rules in our system for Ipv4 and Ipv6. If you want to avoid that and display some specific rules by name, you can do so as well. You just have to specify the chain name after the “-S” flag in the iptables command, and you are good to go. We want to list all the rules for the INPUT chain in Ipv6 of our system. We have to use the “INPUT” word after the “-S” flag as shown below, and we will see the rule displayed alone instead of a huge list. The output is depicted in the below-affixed screenshot.

$ sudo ip6tables –S INPUT

There is a possibility that some specific chain has no rules specified on your system. When we wanted to check for all the rules specifications for the TCP chain of our system, we found out that our iptables have no chain of “TCP” names. The output is depicted in the below-affixed screenshot.

$ sudo ip6tables –S TCP

If you want to display the iptables rules for some specific chain in a tabular form, you have to make use of the “-L” flag in the iptables command. So, we have been taking an example to display all the iptables rules for the “FORWARD” chain on the shell using the”-L” option within the command demonstrated in the image. It displays the rules in table form for the “FORWARD” chain and specifies the rules as columns, i.e., target, source, prot, opt, destination. The target column will show the object to be put down/shut when a specific data packet is matched with some iptables rule. The first column will show the protocol used by that rule, and the opt column will show some extra choices for that rule. The “source” column is the source’s IP address or name, and the “destination” specifies the name or IP or target. The output is depicted in the below-affixed screenshot.

$ sudo ip6tables –L FORWARD

The iptables command also comes up with the option to display the total number of packets matched with the rules for a specific chain and the size in bytes they contain. We have to utilize the “-v” option in our iptables command. If you want to list the output data in a table format, you can also try to use the “-t” flag. We have been using the “—line-numbers” option in the command to list the line numbers and the NAT rules. You will check the output data will be more organized. We used the below-shown command for the “nat” service and got the huge table for it as an output. We have got the “pkts” column displaying the packets matched with the rules, the column “bytes” showing the number of bytes a packet contains, and many other columns. It also shows all the rules for the chains for NAT, i.e., INPUT, OUTPUT. The column “num” shows the line numbers for rules. The output is depicted in the below-affixed screenshot.

$ sudo iptables –L –n –v –t nat - -line-numbers

Conclusion:

Finally! We have done with the listing of iptables rules in Ubuntu 20.04 using the shell application. We have got to know the simple iptables command to display the rules in the form of lists and tables. We have taken a look at different options like –S, -L, -n, -v, -t for specific purposes. We have also utilized the “—line-numbers” option to display line numbers for the rules.

About the author

Omar Farooq

Hello Readers, I am Omar and I have been writing technical articles from last decade. You can check out my writing pieces.