Accueil > Réseau, Sécurité, Système > Using iptables and watch command

Using iptables and watch command

03/11/2015 Categories: Réseau, Sécurité, Système Tags: , , ,

Using iptables to list filtering rules is OK. Running this command in a shell loop can help but it needs that you write a shell script.

Another convenient way is to use the watch command:

watch --interval 0 'iptables -nvL'

or

sudo watch --interval 0 'iptables -nvL'

depending on whether you’re logged as super-user or not.

This will show a permanent iptables -L with a refresh interval that can be specified:

watch --interval 0 'iptables -nvL'

will refresh every second.

Typical output will be:

Every 10,0s: iptables -nvL                                                                                         Tue Nov  3 16:35:19 2015

Chain INPUT (policy DROP 44001 packets, 2444K bytes)
 pkts bytes target     prot opt in     out     source               destination
    3   160 fail2ban-ssh  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 22
  11M 1770M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 107K 6878K ACCEPT     tcp  --  *      *       78.193.xx.xx         0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       195.154.xx.xx        0.0.0.0/0
 231K   14M ACCEPT     tcp  --  *      *       213.36.xx.xx         0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       195.154.xx.xx        0.0.0.0/0
    2    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:548
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 0
 1475  139K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
  134  9600 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:80
  110  6563 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:943
 136K 9529K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1194
 1423 85360 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:4949
    3   120 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0            tcp dpt:873 state NEW,ESTABLISHED
   24  1910 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:161
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:162
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:119
    2    92 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:3000
  156  7584 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
 2952  177K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0
    0     0 ACCEPT     tcp  --  *      *       172.27.xx.xx/24      0.0.0.0/0
    0     0 ACCEPT     tcp  --  as0t0  *       0.0.0.0/0            0.0.0.0/0
    3   192 ACCEPT     tcp  --  as0t1  *       0.0.0.0/0            0.0.0.0/0
Print Friendly, PDF & Email

Related Post

Les commentaires sont fermés.