LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 12-02-2013, 11:36 AM   #1
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913

Rep: Reputation: 71
Question IPtables


HI all,

I've got this O'Reilly book, Linux iptables - a Pocket Reference and it's been of no use at all since the day I bought it 6 years ago. Can't find an answer to the simplest of questions in it.

Can someone tell me what the iptables command is for getting a screen dump of what rules are currently set up? Thanks.

cc.
 
Old 12-02-2013, 12:12 PM   #2
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,539

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593
Try a look at:
Code:
man iptables
And ooh...
-L List all rules in the selected chain. If no chain is selected, all chains are listed.
-S Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save.
 
Old 12-02-2013, 12:26 PM   #3
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913

Original Poster
Rep: Reputation: 71
Quote:
Originally Posted by TenTenths View Post
Try a look at:
Code:
man iptables
And ooh...
-L List all rules in the selected chain. If no chain is selected, all chains are listed.
-S Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save.
Thanks for that.
Hmmm. Curious. The output from the -L option seems to indicate no firewall is in place. However, when I visit one of the firewall checker sites, it tells me all ports are operating ins stealth. Therefore I'd have expected to see the output from iptables to show 'drop' all packets rather than 'accept' as is the case here:
Code:
 # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Should I be worried?
 
Old 12-02-2013, 01:06 PM   #4
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,539

Rep: Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593Reputation: 1593
IPtables

If you need/want your system firewalled then YES
if you don't need/want your system firewalled then NO
 
Old 12-02-2013, 01:15 PM   #5
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913

Original Poster
Rep: Reputation: 71
Quote:
Originally Posted by TenTenths View Post
If you need/want your system firewalled then YES
if you don't need/want your system firewalled then NO
I see. In that case, what is the command to set all to "DROP"?
 
Old 12-02-2013, 05:32 PM   #6
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913

Original Poster
Rep: Reputation: 71
I don't understand this. The output from iptables -L indicates no firewall, yet when I check against Steve Gibson's Shields Up it shows 100% stealthing and a 'pass' result!
Anyone any ideas what's going on here?
 
Old 12-02-2013, 06:33 PM   #7
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348

Rep: Reputation: Disabled
Quote:
Originally Posted by Completely Clueless View Post
I don't understand this. The output from iptables -L indicates no firewall, yet when I check against Steve Gibson's Shields Up it shows 100% stealthing and a 'pass' result!
Anyone any ideas what's going on here?
Shield's Up will probe the external IP address you use to access the Internet. If you're using a broadband connection of some kind, that IP address is usually assigned to the router supplied by the ISP, and not your PC.

Shield's Up is probably probing the firewall on your router.
 
Old 12-02-2013, 06:59 PM   #8
Completely Clueless
Member
 
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913

Original Poster
Rep: Reputation: 71
Wink

Quote:
Originally Posted by Ser Olmy View Post
Shield's Up will probe the external IP address you use to access the Internet. If you're using a broadband connection of some kind, that IP address is usually assigned to the router supplied by the ISP, and not your PC.

Shield's Up is probably probing the firewall on your router.
Well that makes sense, I guess.
BTW, I've found a useful page which has some nifty cut n paste rules for iptables here: http://www.thegeekstuff.com/2011/06/...ules-examples/

Just the job...
 
Old 12-03-2013, 03:53 PM   #9
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
In case it helps (...and I'm not sure...) pretty much the definitive work on iptables is hosted over at frozentux. You might object that you don't really want to know that much about iptables (and networking) but when is knowing too much a big problem?
 
Old 12-03-2013, 04:59 PM   #10
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,849

Rep: Reputation: 553Reputation: 553Reputation: 553Reputation: 553Reputation: 553Reputation: 553
Quote:
Originally Posted by Completely Clueless View Post
expected to see the output from iptables to show 'drop' all packets rather than 'accept' as is the case here:
Code:
 # iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
If the default was "drop" you'd be really secure, though, you wouldn't have network access. The "drop" option is what I use on my firewall before all the other rules that allow selected packets through are issued.

--
Rick
 
Old 12-03-2013, 05:22 PM   #11
rnturn
Senior Member
 
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,849

Rep: Reputation: 553Reputation: 553Reputation: 553Reputation: 553Reputation: 553Reputation: 553
Quote:
Originally Posted by Completely Clueless View Post
I've got this O'Reilly book, Linux iptables - a Pocket Reference and it's been of no use at all since the day I bought it 6 years ago. Can't find an answer to the simplest of questions in it.
I have a copy of that, too. I feel much the same way about its "usefulness". Maybe it's useful to the person who knows iptables inside and out but just needs a reminder about syntax. I found the book Linux Firewalls, by Robert L. Ziegler (New Riders, 2002) to be much more useful.

I hear that "nftables" will be the way to do Linux firewalling in the near future. It's supposed to have an iptables compatability mode to allow folks to migrate somewhat gracefully. (Dang! My firewall book will have no resale value.)

--
Rick
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables can't initialize iptables table `filter': Bad file descriptor donalbane Linux - Networking 2 08-17-2011 09:36 AM
iptables error in android: iptables-save and iptables-restore not working preetb123 Linux - Mobile 5 04-11-2011 02:56 PM
iptables v1.2.9: Unknown arg `/sbin/iptables' Try `iptables -h' or 'iptables --help' Niceman2005 Linux - Security 4 12-29-2005 09:20 PM
Iptables - Couldn't load target `ACCPET':/lib/iptables/libipt_ACCPET.so: z00t Linux - Security 3 01-26-2004 03:24 AM
My iptables script is /etc/sysconfig/iptables. How do i make this baby execute on boo ForumKid Linux - General 3 01-22-2002 08:36 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 01:09 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration