You want a quick way to check the status of your firewall so you can see if it's up, and what rules are active.
These iptables commands tell all:
# /sbin/iptables -t filter -L -v -n --line-numbers
# /sbin/iptables -t nat -L -v -n --line-numbers
# /sbin/iptables -t mangle -L -v -n --line-numbersYou need to specify all three tables to see all rules. This is easy to script, like this /usr/ local/bin/fw_status script:
#!/bin/sh ##/usr/local/bin/fw_status script #displays all active rules and chains #define variables ipt="/sbin/iptables" echo "These are the currently active rules, chains, and packet and bytecounts:" $ipt -t filter -L -v --line-numbers $ipt -t nat -L -v --line-numbers $ipt -t mangle -L -v --line-numbers
Make it owned by root, mode 0700, and run it whenever you want to see what your firewall is doing:
# fw_status-L means "list rules,"
-v is verbose, and --line-numbers makes line numbers. You may
wish to use -n to display IP
addresses instead of hostnames.
man 8 iptables
Chapter 1, "Overview of TCP/IP," in TCP/IP Network Administration, by Craig Hunt (O'Reilly)
Oskar Andreasson's Iptables Tutorial: http://iptables-tutorial.frozentux.net/