Home / server / Questions / 868090
In Process
Hakan Baba
Asked: 2017-08-10 23:19:00 +0800 CST

How to get an accurate count of iptables rules?

  • 772

I have numerous rules in several chains in iptables. What is a reliable way to get the accurate count of all rules per table?

iptables --list --line-numbers prints something like this: 

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    cali-INPUT  all  --  anywhere             anywhere             /* cali:Cz_u1IQiXIMmKD4c */
2    KUBE-FIREWALL  all  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    cali-FORWARD  all  --  anywhere             anywhere             /* cali:wUHhoiAYhphO9Mso */
2    DOCKER-ISOLATION  all  --  anywhere             anywhere
3    DOCKER     all  --  anywhere             anywhere

Chain KUBE-SERVICES (1 references)
num  target     prot opt source               destination
1    REJECT     tcp  --  anywhere             10.17.6.000          /* ephemeral-1498158084 reject-with icmp-port-unreachable

….

Getting the line count of the output does not give the correct number of rules. There are empty rows, titles and headers. Looking for a way to get the rule count only.

firewall

2 Answers

  1. Run this command in your shell:

    iptables --list --line-numbers | sed '/^num\|^$\|^Chain/d' | wc -l

    Description:

    get list

    iptables --list --line-numbers

    Ignore lines starting with num or chain and whitelines

    sed '/^num\|^$\|^Chain/d'

    Count result lines

    wc -l

    • 3

  2. You could use this script. Looks like it should solve your problem.

    • 0