Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-02-2013, 11:36 AM
|
#1
|
Member
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913
Rep:
|
IPtables
HI all,
I've got this O'Reilly book, Linux iptables - a Pocket Reference and it's been of no use at all since the day I bought it 6 years ago. Can't find an answer to the simplest of questions in it.
Can someone tell me what the iptables command is for getting a screen dump of what rules are currently set up? Thanks.
cc.
|
|
|
12-02-2013, 12:12 PM
|
#2
|
Senior Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,539
|
Try a look at:
And ooh...
-L List all rules in the selected chain. If no chain is selected, all chains are listed.
-S Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save.
|
|
|
12-02-2013, 12:26 PM
|
#3
|
Member
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913
Original Poster
Rep:
|
Quote:
Originally Posted by TenTenths
Try a look at:
And ooh...
-L List all rules in the selected chain. If no chain is selected, all chains are listed.
-S Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save.
|
Thanks for that.
Hmmm. Curious. The output from the -L option seems to indicate no firewall is in place. However, when I visit one of the firewall checker sites, it tells me all ports are operating ins stealth. Therefore I'd have expected to see the output from iptables to show 'drop' all packets rather than 'accept' as is the case here:
Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Should I be worried?
|
|
|
12-02-2013, 01:06 PM
|
#4
|
Senior Member
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7 / 8
Posts: 3,539
|
IPtables
If you need/want your system firewalled then YES
if you don't need/want your system firewalled then NO
|
|
|
12-02-2013, 01:15 PM
|
#5
|
Member
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913
Original Poster
Rep:
|
Quote:
Originally Posted by TenTenths
If you need/want your system firewalled then YES
if you don't need/want your system firewalled then NO
|
I see. In that case, what is the command to set all to "DROP"?
|
|
|
12-02-2013, 05:32 PM
|
#6
|
Member
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913
Original Poster
Rep:
|
I don't understand this. The output from iptables -L indicates no firewall, yet when I check against Steve Gibson's Shields Up it shows 100% stealthing and a 'pass' result!
Anyone any ideas what's going on here?
|
|
|
12-02-2013, 06:33 PM
|
#7
|
Senior Member
Registered: Jan 2012
Distribution: Slackware
Posts: 3,348
Rep:
|
Quote:
Originally Posted by Completely Clueless
I don't understand this. The output from iptables -L indicates no firewall, yet when I check against Steve Gibson's Shields Up it shows 100% stealthing and a 'pass' result!
Anyone any ideas what's going on here?
|
Shield's Up will probe the external IP address you use to access the Internet. If you're using a broadband connection of some kind, that IP address is usually assigned to the router supplied by the ISP, and not your PC.
Shield's Up is probably probing the firewall on your router.
|
|
|
12-02-2013, 06:59 PM
|
#8
|
Member
Registered: Mar 2008
Location: Marbella, Spain
Distribution: Many and various...
Posts: 913
Original Poster
Rep:
|
Quote:
Originally Posted by Ser Olmy
Shield's Up will probe the external IP address you use to access the Internet. If you're using a broadband connection of some kind, that IP address is usually assigned to the router supplied by the ISP, and not your PC.
Shield's Up is probably probing the firewall on your router.
|
Well that makes sense, I guess.
BTW, I've found a useful page which has some nifty cut n paste rules for iptables here: http://www.thegeekstuff.com/2011/06/...ules-examples/
Just the job...
|
|
|
12-03-2013, 03:53 PM
|
#9
|
Senior Member
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070
|
In case it helps (...and I'm not sure...) pretty much the definitive work on iptables is hosted over at frozentux. You might object that you don't really want to know that much about iptables (and networking) but when is knowing too much a big problem?
|
|
|
12-03-2013, 04:59 PM
|
#10
|
Senior Member
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,849
|
Quote:
Originally Posted by Completely Clueless
expected to see the output from iptables to show 'drop' all packets rather than 'accept' as is the case here:
Code:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
If the default was "drop" you'd be really secure, though, you wouldn't have network access. The "drop" option is what I use on my firewall before all the other rules that allow selected packets through are issued.
--
Rick
|
|
|
12-03-2013, 05:22 PM
|
#11
|
Senior Member
Registered: Jan 2003
Location: Illinois (SW Chicago 'burbs)
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,849
|
Quote:
Originally Posted by Completely Clueless
I've got this O'Reilly book, Linux iptables - a Pocket Reference and it's been of no use at all since the day I bought it 6 years ago. Can't find an answer to the simplest of questions in it.
|
I have a copy of that, too. I feel much the same way about its "usefulness". Maybe it's useful to the person who knows iptables inside and out but just needs a reminder about syntax. I found the book Linux Firewalls, by Robert L. Ziegler (New Riders, 2002) to be much more useful.
I hear that "nftables" will be the way to do Linux firewalling in the near future. It's supposed to have an iptables compatability mode to allow folks to migrate somewhat gracefully. (Dang! My firewall book will have no resale value.)
--
Rick
|
|
|
All times are GMT -5. The time now is 01:09 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|