Книга: Linux Network Administrator Guide, Second Edition
Listing our rules
Listing our rules
After we've entered our rules, we ask ipfwadm to list them for us using the command:
# ipfwadm -F -l
This command will list all of the configured forwarding rules. The output should look something like this:
# ipfwadm -F -l
IP firewall forward rules, default policy: accept
type prot source destination ports
deny tcp anywhere 172.16.10.0/24 www -> any
acc tcp 172.16.1.0/24 anywhere any -> www
The ipfwadm command will attempt to translate the port number into a service name using the /etc/services if an entry exists there.
The default output is lacking in some important detail for us. In the default listing output, we can't see the effect of the -y argument. The ipfwadm command is able to produce a more detailed listing output if you specify the -e (extended output) argument too. We won't show the whole output here because it is too wide for the page, but it includes an opt (options) column that shows the -y option controlling SYN packets:
# ipfwadm -F -l -e
P firewall forward rules, default policy: accept
pkts bytes type prot opt tosa tosx ifname ifaddress source ...
0 0 deny tcp --y- 0xFF 0x00 any any anywhere ...
0 0 acc tcp b--- 0xFF 0x00 any any 172.16.1.0/24 ...
Оглавление книги
- Listing your active rule-set
- Scaling makes your object darker?
- Protecting Your Machine
- Planning Your Fedora Deployment
- Listing Our Rules with ipchains
- 8. Macros: Defining Your Own
- Open Source Insight and Discussion
- Chapter 12. Debugging your scripts
- Appendix E. Other resources and links
- Source Quench
- The final stage of our NAT machine
- Displacement of rules to different chains