$ Linux One Liners
Back to commands

Cybersecurity Triage

Changes system state

Show iptables INPUT Rules

You need a concise view of the iptables INPUT chain policy and rules.

Command

iptables -S INPUT

Before you run this

System impact: Changes system or application state. Needs inspection, scoping, and rollback notes before production use.

When not to use it: Do not assume iptables output covers nftables-native rules on every modern distribution.

Expected output

INPUT policy and append rules for accepted or dropped traffic.

System impact

Changes system state. Nothing changes. iptables prints the INPUT chain in a reusable rule format, but firewall policy can be distro- and stack-specific.

Recovery / rollback: no state is changed.

When to use it

Use on systems where iptables rules may still be active or where tooling reports iptables syntax.

When not to use it

Do not assume iptables output covers nftables-native rules on every modern distribution.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ iptables -S INPUT

-P INPUT DROP
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -s 203.0.113.0/24 --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 5432 -j DROP

$ iptables -S INPUT | grep -- '--dport'

-A INPUT -p tcp -s 203.0.113.0/24 --dport 22 -j ACCEPT
-A INPUT -p tcp -m multiport --dports 80,443 -j ACCEPT
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 5432 -j DROP
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. iptables -S INPUT
  2. iptables -S INPUT | grep -- '--dport'

next steps

Related commands

Cybersecurity Triage Read-only

Show the nftables Input Chain

The packet path was hiding below UFW.

nft list ruleset | sed -n '/chain input/,/}/p'
Cybersecurity Triage State change

Read UFW Policy Verbosely

The firewall was active, but the defaults mattered more than the rule list.

ufw status verbose
Cybersecurity Triage State change

List Numbered UFW Rules

Numbered rules make firewall review less ambiguous.

ufw status numbered
Cybersecurity Triage Sensitive output

Review sudo Grants

Privilege paths should be visible before you remove or approve access.

awk -F: '$1=="sudo" {print "sudo group: " $4}' fixtures/user-access-audit/etc/group; grep -RhnE '^[^#].*ALL=' fixtures/user-access-audit/etc/sudoers fixtures/user-access-audit/etc/sudoers.d
Cybersecurity Triage Sensitive output

Show Successful Logins and sudo Use

Access reviews need both who logged in and who elevated privileges.

grep -E 'Accepted publickey|sudo:' fixtures/user-access-audit/logs/auth.log
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:109-networking
  • lpic1:110-security
  • lfcs:networking
  • lfcs:security-hygiene
  • linuxplus:provisional
  • linuxplus:security
  • linuxplus:troubleshooting
  • risk:production-state-change
  • risk:security-sensitive

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.