How can i find firewall rules and settings via command line in linux

linux networking iptables firewall scripting

5,598

Solution 1

You can get the interface status by:

ifconfig

Or even better, use the "ip" command, for example:

ip addr

To get the route info, use one of these:

route
route -n #no ptr resolving
ip route

For firewall rules, use:

iptables -L # you can add -n to prevent name resolving

For IPv6 you can add "-6" to "ip" commands:

ip -6 addr
ip -6 route
...

You can also check "ethtool" to get link status and speed/duplex:

ethtool eth0

Solution 2

routel

List lots of information, albeit in a not really readable form, but it is a full dump of all routing tables of the host, and gives enough information to reconstitute the IP configuration on the host. This information is not complete enough to reconstitute policy routing. If you happen to use that, you also need ip rule. Anyway, as an example, for IPv4 (even if IPv6 is also listed):

# list all interfaces addresses (unicast/broadcast/anycast)
routel | grep "local"
# list all (except ipv6 link-local) addresses of interfaces
routel | grep "local" | grep "host"
# list all broadcast addresses of interfaces
routel | grep "local" | grep "link"
# list all routing entries
routel | grep -v "local" | grep -v "unspec"
# list all on-link routing entries
routel | grep -v "local" | grep -v "unspec" | grep "link"
# list all on-link routing entries that are added by the kernel, 
# (which also matches the netmask of the IP addresses).
routel | grep -v "local" | grep -v "unspec" | grep "link" | grep "kernel"
# list non-on-link routes (aka gatewayed or routed)
routel | grep -v "local" | grep -v "unspec" | grep -v "link"

Contrary to ip route or the 1999's route, routel list all routing tables, while the other only list the main table. If someone uses policy routing, you will get no clues when using ip route, while routel will spell you the name of routing tables.

Also, you may want to dump the sysctl knobs, to know if someone enabled forwarding, ARP proxying or some other funky stuff. Just dump sysctl -a

If you want more complete flags or interface informations, also dump ip addr. Really special configuration might need more, like ip link or ip tunnel.

As for firewall configuration, there is iptables-save or iptables-save -c if you also want counters. This will list all tables (and not only filter like iptables -L or iptables -S) You can even use iptables-restore that takes the output of iptables-save and restore its configuration.

5,598

Author by

San

Updated on September 18, 2022

Comments

San over 1 year

I'm writing a script to find all the firewall details, routing information, and important network related via command line. I can fetch the firewall configuration with iptables -nvL, but I'm not sure about the rest. What commands should I use to gather everything else?
mulaz over 11 years

...just dont try the "routef" command (mentioned at the end of the routel man page) on a remote machine :) (don't ask which idiot did it just now, without reading what it does) ... :)
BatchyX over 11 years

@mulaz: routel works as a user, routef does not ;)
San over 11 years

Awesome !! thanks a lot :-) It is really helpful :-)
San over 11 years

I have tried in different linux boxes, i couldn't able to see this file itself. Can you share which OS may have this ?