Networking / Beginners

Displaying the Status of Your Firewall

You want a quick way to check the status of your firewall so you can see if it's up, and what rules are active.

These iptables commands tell all:

# /sbin/iptables -t filter -L -v -n --line-numbers
# /sbin/iptables -t nat -L -v -n --line-numbers
# /sbin/iptables -t mangle -L -v -n --line-numbers

You need to specify all three tables to see all rules. This is easy to script, like this /usr/ local/bin/fw_status script:

#!/bin/sh
##/usr/local/bin/fw_status script
#displays all active rules and chains

#define variables
ipt="/sbin/iptables"

echo "These are the currently active rules, chains, and packet and
bytecounts:"

$ipt -t filter -L -v --line-numbers
$ipt -t nat -L -v --line-numbers
$ipt -t mangle -L -v --line-numbers

Make it owned by root, mode 0700, and run it whenever you want to see what your firewall is doing:

# fw_status

-L means "list rules," -v is verbose, and --line-numbers makes line numbers. You may wish to use -n to display IP addresses instead of hostnames.

[Previous] [Contents] [Next]