Displaying the Status of Your Firewall
You want a quick way to check the status of your firewall so you can see if it's up, and what rules are active.
These iptables commands tell all:
# /sbin/iptables -t filter -L -v -n --line-numbers # /sbin/iptables -t nat -L -v -n --line-numbers # /sbin/iptables -t mangle -L -v -n --line-numbers
You need to specify all three tables to see all rules. This is easy to script, like this /usr/ local/bin/fw_status script:
#!/bin/sh ##/usr/local/bin/fw_status script #displays all active rules and chains #define variables ipt="/sbin/iptables" echo "These are the currently active rules, chains, and packet and bytecounts:" $ipt -t filter -L -v --line-numbers $ipt -t nat -L -v --line-numbers $ipt -t mangle -L -v --line-numbers
Make it owned by root, mode 0700, and run it whenever you want to see what your firewall is doing:
# fw_status
-L means "list rules," -v is verbose, and --line-numbers makes line numbers. You may wish to use -n to display IP addresses instead of hostnames.
In this tutorial:
- Building a Linux Firewall
- Iptables and NAT, SNAT, and DNAT
- iptables
- Assembling a Linux Firewall Box
- Configuring Network Interface Cards on Debian
- Configuring Network Interface Cards on Fedora
- Identifying Which NIC Is Which
- Building an Internet-Connection Sharing Firewall on a Dynamic WAN IP Address
- Building an Internet-Connection Sharing Firewall on a Static WAN IP Address
- Displaying the Status of Your Firewall
- Turning an iptables Firewall Off
- Starting iptables at Boot, and Manually Bringing Your Firewall Up and Down
- Testing Your Firewall
- Configuring the Firewall for Remote SSH Administration
- Allowing Remote SSH Through a NAT Firewall
- Multiple SSH Host Keys Past NAT
- Running Public Services on Private IP Addresses
- Setting Up a Single-Host Firewall
- Setting Up a Server Firewall
- Configuring iptables Logging
- Writing Egress Rules