How to monitor IP Tables changes in Linux ?

There is no direct way to monitor IP Tables change in Linux.

However today we will look at an interesting article how to monitor the ip tables status to confirm what all packets are rejected/accepted in real time.

There is no easy way to see what rule you are hitting.

However we can watch the counter for each rule.

Monitor IP tables counter

[root@nglinux ~]# watch -n 2 -d "iptables -vnxL | grep -v -e pkts -e Chain | sort -nk1 | tac | column -t"

Every 2.0s: iptables -vnxL | grep -v -e pkts -e Chain | sort -nk1 | tac | column -t                             Fri Mar  2 21:37:16 2018

2340  174838  ACCEPT  all   --  *   *  0.0.0.0/0  0.0.0.0/0  state        RELATED,ESTABLISHED
2     104     ACCEPT  tcp   --  *   *  0.0.0.0/0  0.0.0.0/0  state        NEW                   tcp  dpt:22
1     60      ACCEPT  all   --  lo  *  0.0.0.0/0  0.0.0.0/0
0     0       REJECT  all   --  *   *  0.0.0.0/0  0.0.0.0/0  reject-with  icmp-host-prohibited
0     0       ACCEPT  icmp  --  *   *  0.0.0.0/0  0.0.0.0/0
The watch command is very handy, it reruns a command at a specified interval.
And then it highlights the changes in reverse order since the last run.

Leave a Reply

Your email address will not be published.