List Rules by Specification:
Before doing anything, make sure your system is up to date and upgraded. If not, try the apt “update” and “upgrade” commands on the shell. Initially, let’s glance at how to generate a rule list. The operational iptables rules may be seen in two distinct ways: in tabular form or a list of rule parameters. Both approaches deliver the very same content in somewhat dissimilar formats. So, if you want to list down all the currently enabled “iptables” rules by their functionality or specification, you can do so by a simple “iptables” command followed by the “-S” flag. Make sure to utilize the “sudo” keyword in this case. It will prompt for your sudo password on execution. Write your password, hit Enter, and get the list of iptables rules and their specification as shown in the presented output image below.
You can use all the listed commands in the above image as per your choice. The above output for the iptables command shows many iptables commands for “Ipv4” to perform many things perfectly. You can also list the rules for Ipv6 using the ip6tables command shown below. The output is depicted in the below-affixed screenshot.
The above commands were all about listing all the rules in our system for Ipv4 and Ipv6. If you want to avoid that and display some specific rules by name, you can do so as well. You just have to specify the chain name after the “-S” flag in the iptables command, and you are good to go. We want to list all the rules for the INPUT chain in Ipv6 of our system. We have to use the “INPUT” word after the “-S” flag as shown below, and we will see the rule displayed alone instead of a huge list. The output is depicted in the below-affixed screenshot.
There is a possibility that some specific chain has no rules specified on your system. When we wanted to check for all the rules specifications for the TCP chain of our system, we found out that our iptables have no chain of “TCP” names. The output is depicted in the below-affixed screenshot.
If you want to display the iptables rules for some specific chain in a tabular form, you have to make use of the “-L” flag in the iptables command. So, we have been taking an example to display all the iptables rules for the “FORWARD” chain on the shell using the”-L” option within the command demonstrated in the image. It displays the rules in table form for the “FORWARD” chain and specifies the rules as columns, i.e., target, source, prot, opt, destination. The target column will show the object to be put down/shut when a specific data packet is matched with some iptables rule. The first column will show the protocol used by that rule, and the opt column will show some extra choices for that rule. The “source” column is the source’s IP address or name, and the “destination” specifies the name or IP or target. The output is depicted in the below-affixed screenshot.
The iptables command also comes up with the option to display the total number of packets matched with the rules for a specific chain and the size in bytes they contain. We have to utilize the “-v” option in our iptables command. If you want to list the output data in a table format, you can also try to use the “-t” flag. We have been using the “—line-numbers” option in the command to list the line numbers and the NAT rules. You will check the output data will be more organized. We used the below-shown command for the “nat” service and got the huge table for it as an output. We have got the “pkts” column displaying the packets matched with the rules, the column “bytes” showing the number of bytes a packet contains, and many other columns. It also shows all the rules for the chains for NAT, i.e., INPUT, OUTPUT. The column “num” shows the line numbers for rules. The output is depicted in the below-affixed screenshot.
Conclusion:
Finally! We have done with the listing of iptables rules in Ubuntu 20.04 using the shell application. We have got to know the simple iptables command to display the rules in the form of lists and tables. We have taken a look at different options like –S, -L, -n, -v, -t for specific purposes. We have also utilized the “—line-numbers” option to display line numbers for the rules.