How to check iptables traffic on the fly?
Here are a few commands that can help:
watch --interval 0 'iptables -nvL | grep -v "0 0"'
This will allow you to watch as matches occur in real-time. To filter out only ACCEPT, DROP, LOG..etc, then run the following command: watch ‘iptables -nvL | grep -v « 0 0 » && grep « ACCEPT »‘ The -v is used to do an inverted filter. ie. NOT « 0 0 »
watch 'iptables -vL'
Watch the number of packets/bytes coming through the firewall. Useful in setting up new iptables rules or chains. Use this output to reorder rules for efficiency.
while true; do iptables -nvL > /tmp/now; diff -U0 /tmp/prev /tmp/now > /tmp/diff; clear; cat /tmp/diff; mv /tmp/now /tmp/prev; sleep 1; done
this alternative shows the differences as they occur so that they are made plain
watch -d -n 2 iptables -nvL
This will highlight (with a box over it) any changes since the last refresh.