RE: iptables status

gnome@xxxxxxxxxxxxx · Tue, 19 Aug 2008 06:44:28 -0700

I believe iptables -L will list all currently applied rules; none if there aren't any applied and iptables isn't filtering traffic.  I imagine if you want to detect if it is loaded you could do something with lsmod to see if iptables related modules are loaded... lsmod | grep iptable ???  Looks like proc has entries like the following:

/proc/sys/net/ipv6/ip6frag_secret_interval
/proc/sys/net/ipv6/ip6frag_time
/proc/sys/net/ipv6/ip6frag_low_thresh
/proc/sys/net/ipv6/ip6frag_high_thresh
/proc/sys/net/ipv4/ip_conntrack_max
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_max_retrans
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_be_liberal
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_loose
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_max_retrans
/proc/sys/net/ipv4/netfilter/ip_conntrack_log_invalid
/proc/sys/net/ipv4/netfilter/ip_conntrack_generic_timeout
/proc/sys/net/ipv4/netfilter/ip_conntrack_icmp_timeout
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout_stream
/proc/sys/net/ipv4/netfilter/ip_conntrack_udp_timeout
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_time_wait
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_last_ack
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_close_wait
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_fin_wait
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_established
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_recv
/proc/sys/net/ipv4/netfilter/ip_conntrack_tcp_timeout_syn_sent
/proc/sys/net/ipv4/netfilter/ip_conntrack_checksum
/proc/sys/net/ipv4/netfilter/ip_conntrack_buckets
/proc/sys/net/ipv4/netfilter/ip_conntrack_count
/proc/sys/net/ipv4/netfilter/ip_conntrack_max
/proc/sys/net/ipv4/ipfrag_max_dist
/proc/sys/net/ipv4/ipfrag_secret_interval
/proc/sys/net/ipv4/ip_local_port_range
/proc/sys/net/ipv4/ipfrag_time
/proc/sys/net/ipv4/ip_dynaddr
/proc/sys/net/ipv4/ipfrag_low_thresh
/proc/sys/net/ipv4/ipfrag_high_thresh
/proc/sys/net/ipv4/ip_nonlocal_bind
/proc/sys/net/ipv4/ip_no_pmtu_disc
/proc/sys/net/ipv4/ip_default_ttl
/proc/sys/net/ipv4/ip_forward
/proc/net/ip6_tables_targets
/proc/net/ip6_tables_matches
/proc/net/ip6_tables_names
/proc/net/ip_conntrack_expect
/proc/net/ip_conntrack
/proc/net/ip_tables_targets
/proc/net/ip_tables_matches
/proc/net/ip_tables_names
/proc/net/ip6_flowlabel
/proc/net/ipv6_route
/proc/net/ip_mr_cache
/proc/net/ip_mr_vif
/proc/net/stat/ip_conntrack

I got that using find /proc -type f -name ip* .  Hope that helps.

-Adam

-------- Original Message --------

Subject: Re: iptables status

From: Hinko Kocevar <hinko.kocevar@xxxxxxxxxxxx>

Date: Tue, August 19, 2008 7:43 am

To: Mitul Modi <mituld.modi@xxxxxxxxx>

Cc: kernelnewbies@xxxxxxxxxxxx

Mitul Modi wrote:

> hi,

> 

> sorry use following command

> 

> "/etc/init.d/iptables status"

> 

The problem is that I'm the one writing /etc/init.d/iptables for my embedded system ;)

-- 

ČETRTA POT, d.o.o., Kranj

Planina 3

4000 Kranj

Slovenia, Europe

Tel. +386 (0) 4 280 66 03

E-mail: hinko.kocevar@xxxxxxxxxxxx

Http: www.cetrtapot.si

--

To unsubscribe from this list: send an email with

"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx

Please read the FAQ at http://kernelnewbies.org/FAQ

--
To unsubscribe from this list: send an email with
"unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx
Please read the FAQ at http://kernelnewbies.org/FAQ