Is there a way to find which iptables rule was responsible for dropping a packet?

You could add a TRACE rule early in the chain to log every rule that the packet traverses.

I would consider using iptables -L -v -n | less to let you search the rules. I would look port; address; and interface rules that apply. Given that you have so many rules you are likely running a mostly closed firewall, and are missing a permit rule for the traffic.

How is the firewall built? It may be easier to look at the builder rules than the built rules.

Since iptables -L -v -n has counters you could do the following.

iptables -L -v -n > Sample1
#Cause the packet that you suspect is being dropped by iptables
iptables -L -v -n > Sample2
diff Sample1 Sample2

This way you will see only the rules that incremented.

Run iptables -L -v -n to see the packet and byte counters for every table and for every rule.

Is there a way to find which iptables rule was responsible for dropping a packet?

Tags:

Firewall

Iptables

Related

Recent Posts