Книга: Linux Network Administrator Guide, Second Edition

Listing Our Rules with ipchains

Listing Our Rules with ipchains

To list our rules with ipchains, we use its -L argument. Just as with ipfwadm, there are arguments that control the amount of detail in the output. In its simplest form, ipchains produces output that looks like:

# ipchains -L -n
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source              destination         ports
DENY       tcp  -y----  0.0.0.0/0           172.16.1.0/24       80 ->   *
ACCEPT     tcp  ------  172.16.1.0/24       0.0.0.0/0           * ->   80
ACCEPT     tcp  ------  0.0.0.0/0           172.16.1.0/24       80 ->   *
ACCEPT     tcp  ------  172.16.1.0/24       0.0.0.0/0           * ->   20
ACCEPT     tcp  ------  0.0.0.0/0           172.16.1.0/24       20 ->   *
ACCEPT     tcp  ------  172.16.1.0/24       0.0.0.0/0           * ->   21
ACCEPT     tcp  ------  0.0.0.0/0           172.16.1.0/24       21 ->   *
Chain output (policy ACCEPT):

If you don't supply the name of a chain to list, ipchains will list all rules in all chains. The -n argument in our example tells ipchains not to attempt to convert any address or ports into names. The information presented should be self-explanatory.

A verbose form, invoked by the -u option, provides much more detail. Its output adds fields for the datagram and byte counters, Type of Service AND and XOR flags, the interface name, the mark, and the outsize.

All rules created with ipchains have datagram and byte counters associated with them. This is how IP Accounting is implemented and will be discussed in detail in Chapter 10. By default these counters are presented in a rounded form using the suffixes K and M to represent units of one thousand and one million, respectively. If the -x argument is supplied, the counters are expanded to their full unrounded form.

Оглавление книги