Linux / Security: Iptables CLI – List Rules Without DNS Resolution
This is quick and a little basic, but most people do not actually read the “man pages” or documentation. The majority of the time, requests for access comes in specifying IP address instead of hostnames (FQDN). I actually prefer this, but when doing a typical “iptables -L”, the reverse DNS is automatically checked for all IPs.
Most of the time I do not actually know the hostname that is associated and makes it hard to confirm the rule without doing a dns lookup on my own. Below is the typical output of the command.
[root@testserver ~]# iptables -L
Chain Firewall-INPUT (2 references) target prot opt source destination ACCEPT tcp -- mail.asdf.com anywhere tcp dpt:ssh ACCEPT tcp -- static.123.net anywhere tcp dpt:ssh ACCEPT tcp -- private.9z.com anywhere tcp dpts:ftp-data:ftp ACCEPT tcp -- nto.ntpgr.com anywhere tcp dpts:ftp-data:ftp
Iptables has a built in option to disable DNS resolution. This is done by passing “-n” in conjunction with “-L” and shown below.
[root@testserver ~]# iptables -L -n Chain Firewall-INPUT (2 references) target prot opt source destination ACCEPT tcp -- 10.1.129.119 0.0.0.0/0 tcp dpt:22 ACCEPT tcp -- 172.168.22.87 0.0.0.0/0 tcp dpt:22 ACCEPT tcp -- 172.33.100.2 0.0.0.0/0 tcp dpts:ftp-data:ftp ACCEPT tcp -- 10.90.15.104 0.0.0.0/0 tcp dpts:ftp-data:ftp
Above you can see how easy it would be to verify the rules now without knowing the hostname or performing a lookup on your own.
Notes: The iptables output was edited to remove non-relevant information and all IPs/hostnames were changed.
Leave a Reply