Re: Iptables rules

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Marco Savo
Date:  
To: Main PLUG discussion list
Subject: Re: Iptables rules
On Thu, Nov 19, 2009 at 3:07 PM, Lisa Kachold <>wrote:

>
>
> On Thu, Nov 19, 2009 at 5:27 AM, Marco Savo <> wrote:
>
>> Hello,
>> I may find out the answer by myself, but may be useful to someone else...
>>
>> I have an embedded router that runs openwrt.
>>
>> I'd like to be able to read the firewall rules from iptables,
>> you can see all rules from iptables -nvL
>> How I can identify the rules for port forwarding or dmz? in particolar, I
>> need to know the range of ports that are in port forwarding, or if all ports
>> have been forwarded to dmz on the lan. I know this is wrong, but this is
>> what I do:
>>
>> DMZ for all ports:
>> iptables -nvL zone_dmz_forward | grep -e '*' | grep -v 'dpts:' | awk '{
>> print $9 }' | grep -v '0.0.0.0'
>>
>> port ranges:
>> iptables -nvL | grep -e 'tcp dpts' | awk -F ':' '{ print $3":"$2 }' | sed
>> 's/ //g'
>> iptables -nvL | grep -e 'tcp spts' | awk -F ':' '{ print $5":"$4 }' | sed
>> 's/ //g'
>>
>> single port:
>>
>> iptables -nvL | grep 'tcp dpt:' | grep -e '*' -e 'ppp' | cut -d ':' -f 2
>>
>>
>> Thanks in advance
>>
>>
>> Thanks Marco!
>
> Might just drop those into my .bashrc alias for each search!
>
> Well, that was a question, I don't know if they are correct, the source

port range may differ to the destination one, the iptables rules can be
messed up...
--
'The Magic Is In the Movement'

            ___
          {~._.~}
          _( Y )_
         (:_~*~_:)
          (_)---(_)
(_Marco_)---(_Savo_)
___                    ___
\-_-/SW Engineer\-_-/

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss