On Thu, Nov 19, 2009 at 3:39 PM, Marco Savo <savomarco@gmail.com> wrote:

On Thu, Nov 19, 2009 at 3:07 PM, Lisa Kachold <lisakachold@obnosis.com> wrote:

On Thu, Nov 19, 2009 at 5:27 AM, Marco Savo <savomarco@gmail.com> wrote:

Hello,
I may find out the answer by myself, but may be useful to someone else...

I have an embedded router that runs openwrt.

I'd like to be able to read the firewall rules from iptables,
you can see all rules from iptables -nvL
How I can identify the rules for port forwarding or dmz? in particolar, I need to know the range of ports that are in port forwarding, or if all ports have been forwarded to dmz on the lan. I know this is wrong, but this is what I do:

DMZ for all ports:
iptables -nvL zone_dmz_forward | grep -e '*' | grep -v 'dpts:' | awk '{ print $9 }' | grep -v '0.0.0.0'

port ranges:
iptables -nvL | grep -e 'tcp dpts' | awk -F ':' '{ print $3":"$2 }' | sed 's/ //g'
iptables -nvL | grep -e 'tcp spts' | awk -F ':' '{ print $5":"$4 }' | sed 's/ //g'

single port:

iptables -nvL | grep 'tcp dpt:' | grep -e '*' -e 'ppp' | cut -d ':' -f 2

Thanks in advance

Thanks Marco!

Might just drop those into my .bashrc alias for each search!

Well, that was a question, I don't know if they are correct, the source port range may differ to the destination one, the iptables rules can be messed up...

--
'The Magic Is In the Movement'

___
{~._.~}
_( Y )_
(:_~*~_:)
(_)---(_)
(_Marco_)---(_Savo_)
___ ___
\-_-/SW Engineer\-_-/