Listing Options

The default list command, iptables -L [<chain-name>], provides a very basic overview of the default filter table's current chains. Additional options provide more information:

• -v - Displays verbose output, such as the number of packets and bytes each chain has processed, the number of packets and bytes each rule has matched, and which interfaces apply to a particular rule.

• -x - Expands numbers into their exact values. On a busy system, the number of packets and bytes processed by a particular chain or rule may be abbreviated to Kilobytes, Megabytes (Megabytes) or Gigabytes. This option forces the full number to be displayed.
• -n - Displays IP addresses and port numbers in numeric format, rather than the default hostname and network service format.
• --line-numbers - Lists rules in each chain next to their numeric order in the chain. This option is useful when attempting to delete the specific rule in a chain or to locate where to insert a rule within a chain.
• -t <table-name> - Specifies a table name. If omitted, defaults to the filter table.

The following examples illustrate the use of several of these options. Note the difference in the byte display by including the -x option.

~]# iptables -L OUTPUT -v -n -x
Chain OUTPUT (policy ACCEPT 64005 packets, 6445791 bytes)
    pkts      bytes target     prot opt in     out     source               destination
    1593   133812 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
~]# iptables -L OUTPUT -v -n
Chain OUTPUT (policy ACCEPT 64783 packets, 6492K bytes)
    pkts bytes target     prot opt in     out     source               destination
    1819  153K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
~]#