How to monitor IP Tables changes in Linux ?
There is no direct way to monitor IP Tables change in Linux.
However today we will look at an interesting article how to monitor the ip tables status to confirm what all packets are rejected/accepted in real time.
There is no easy way to see what rule you are hitting.
However we can watch the counter for each rule.
Monitor IP tables counter
[root@nglinux ~]# watch -n 2 -d "iptables -vnxL | grep -v -e pkts -e Chain | sort -nk1 | tac | column -t" Every 2.0s: iptables -vnxL | grep -v -e pkts -e Chain | sort -nk1 | tac | column -t Fri Mar 2 21:37:16 2018 2340 174838 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 104 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22 1 60 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0