1. Introduction
Network firewalls are an important addition to the safety of a computer network, serving as the first line of defense against unauthorized access and security threats. They act as a barrier between a trusted internal network and untrusted external networks. Firewalls work by continuously monitoring and controlling incoming and outgoing network traffic based on predetermined security rules.
In Linux, iptables is a robust user-space network firewall utility that allows users to define rules governing network traffic. Having a good grasp on the enforced rules leads to good governance. Even more so, we may sometimes face issues with network communication, and one of the prime suspects is often the network firewall’s rules.
In this tutorial, we’ll explore iptables and learn how to view all iptables rules in Linux. Having this knowledge will provide us with insights into the protective mechanisms of our network infrastructure.
2. iptables Refresher
iptables is a fundamental component of Linux networking that gives user-space control over the IP packet filter rules of the Linux kernel firewall. Essentially, these packet filter rules are applied to all incoming, outgoing, and forwarded packets passing through the Linux system’s network.
Usually, iptables comes pre-installed on Linux systems. We need root user privileges to operate this utility. Let’s attempt to print the version of iptables to verify the installation status:
$ sudo iptables --version
iptables v1.8.10 (nf_tables)If the iptables –version command doesn’t print anything, it indicates that iptables isn’t installed on our current system. In that case, we can manually install iptables:
# For Debian and Ubuntu systems
$ sudo apt-get install iptables
# For CentOS and other RPM-based systems
$ sudo yum install iptablesNow, there are three important concepts in iptables that we’ll need for the next sections: tables, chains, and rules.
The iptables rules contain criteria that, if matched with any particular IP packet, trigger some action by the firewall. iptables traverses all rules in a chain sequentially according to the packet’s origin.
There are five types of pre-defined chains, which are PREROUTING, INPUT, FORWARD, OUTPUT, and POSTROUTING. Finally, these chains are grouped as tables, and each table processes packets differently. iptables has again five independent tables, which are filter, nat, mangle, raw, and security. Therefore, we can imagine that the structure is:
iptables > tables > chains > rulesThis is enough of a refresher for us to understand the outputs and actions taken in the following sections. But if we ever want to know more about iptables, we can always refer to its man entries:
$ man iptables
# prints the manual entry for iptablesAs mentioned before, we need to have root user privileges to execute the iptables utility. Therefore, from now on, let’s log in as the superuser to execute commands:
$ sudo su
[sudo] password for user:
# Entering password logs in as superuserThis command will escalate the current terminal’s user permissions to root.
3. Viewing All iptables Rules (Default Table)
We can use a couple of options to print all the rules available in iptables. If a table isn’t specified, iptables will print the rules for the default table, which is the filter table.
First, to list all the active rules, we can use:
iptables -S [chain_name]
iptables --list-rules [chain_name]Here, both the -S and –list-rules options denote the same functionality. They print all the rules available for the selected chain. Notably, the chain_name argument is optional. If we don’t specify any particular chain, the utility prints rules for all the chains at once.
Here’s a sample output from running the iptables utility with the -S option:
# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPTIn this case, the default rules are printed, which are set to accept all the packets in the INPUT, FORWARD, and OUTPUT chains.
We can use a similar set of commands for performing the same task of listing all the rules in the default table:
iptables -L [chain_name]
iptables --list [chain_name]In these commands, the -L and –list options are interchangeable. Their task is to print all the rules in the optionally selected chain. The main difference between these options and -S or –list-rules is the output format.
Let’s run the iptables command without specifying any chain:
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destinationFrom the output, we can see that the default policy is to accept all packets for the three chains: INPUT, FORWARD, and OUTPUT. We can notice how the output format is slightly different, but the rules are essentially the same.
4. Showing the Rules of Various Tables
Sometimes, the above-mentioned options aren’t enough to print all the rules from all the tables. As mentioned, there are five individual tables that iptables controls. Therefore, to see the complete list of all the rules in the firewall, we need to call iptables on each of these tables successively.
We can use the -t option to specify a particular table:
iptables -L -v -t table_nameHere, we’re using the same -L option from the previous section, which lists all the rules in all the chains. The -v or –verbose option enables iptables to show additional information such as interface names, rule options, and more. Verbosity is particularly useful as it can list various important criteria in the output that would normally not get printed out.
Thus, to print the rules of all the five tables, we would run:
iptables -L -v -t filter
iptables -L -v -t nat
iptables -L -v -t mangle
iptables -L -v -t raw
iptables -L -v -t securityLet’s see one particular example of printing all the default rules of the security table:
# iptables -L -v -t security
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destinationSimilarly, we can list the rules contained in the other four tables.
5. Viewing the Rules of Different Chains
Lastly, we could also list all the rules for particular chains of any table. This might be useful if we want to view rules according to chains, as the rules in a chain execute sequentially. Observing rules in the same chain provides additional insight into how a network packet is processed.
To view a chain in one particular table, we can run:
iptables -L chain_name -v -t table_nameHere, we’re specifying both the chain_name and table_name arguments, which give us more control over which rules to view. Also, chain_name must be specified right after the -L option. Again, we can replace the -L option with the -S option to format the output differently.
Let’s see an example of listing all the INPUT rules of the nat table:
# iptables -L INPUT -v -t nat
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destinationThis is the default rule, which accepts any packet for Network Address Translation (NAT). This is how we could specify and control both the chains and tables to view firewall rules.
6. Conclusion
In this article, we learned how to retrieve the comprehensive list of rules from the well-known Linux network firewall, iptables. Understanding and reviewing these rules is important for proper network packet filtering and troubleshooting connectivity problems.
We began with a brief review of iptables, including its installation, fundamental rules, chains, and tables. Then, we saw a couple of options that helped in printing the list of rules for the default table. Finally, we learned how to narrow our focus to a specific table and examine all of its firewall rules.