Using iptables and watch command
Using iptables to list filtering rules is OK. Running this command in a shell loop can help but it needs that you write a shell script.
Another convenient way is to use the watch command:
watch --interval 0 'iptables -nvL'
or
sudo watch --interval 0 'iptables -nvL'
depending on whether you’re logged as super-user or not.
This will show a permanent iptables -L with a refresh interval that can be specified:
watch --interval 0 'iptables -nvL'
will refresh every second.
Typical output will be:
Every 10,0s: iptables -nvL Tue Nov 3 16:35:19 2015
Chain INPUT (policy DROP 44001 packets, 2444K bytes)
pkts bytes target prot opt in out source destination
3 160 fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 22
11M 1770M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
107K 6878K ACCEPT tcp -- * * 78.193.xx.xx 0.0.0.0/0
0 0 ACCEPT tcp -- * * 195.154.xx.xx 0.0.0.0/0
231K 14M ACCEPT tcp -- * * 213.36.xx.xx 0.0.0.0/0
0 0 ACCEPT tcp -- * * 195.154.xx.xx 0.0.0.0/0
2 92 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:548
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0
1475 139K ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
134 9600 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80
110 6563 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:943
136K 9529K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1194
1423 85360 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:4949
3 120 ACCEPT tcp -- eth0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 state NEW,ESTABLISHED
24 1910 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:162
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:119
2 92 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3000
156 7584 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8080
2952 177K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 172.27.xx.xx/24 0.0.0.0/0
0 0 ACCEPT tcp -- as0t0 * 0.0.0.0/0 0.0.0.0/0
3 192 ACCEPT tcp -- as0t1 * 0.0.0.0/0 0.0.0.0/0