Viewing all iptables rules
When using the -L, --list option to list the current firewall rules, you also need to specify the appropriate Netfilter table (one of filter, nat, mangle, raw or security). So, if you’ve added a rule for the nat table, you should explicitly specify this table using the -t, --table option:
iptables --table nat --list
Or using the options short form:
iptables -t nat -L
If you don’t specify a specific table, the filter table is used as the default.
For faster results, it can be useful to also include the -n, --numeric option to print numeric IP addresses instead of hostnames, thus avoiding the need to wait for reverse DNS lookups.
You can get even more information by including the -v, --verbose option.
iptables controls five different tables: filter, nat, mangle, raw and security. On a given call, iptables only displays or modifies one of these tables, specified by the argument to the option -t (defaulting to filter). To see the complete state of the firewall, you need to call iptables on each of the tables successively.
Additionally, to get an accurate representation of the rules, you need to pass the option -v. Otherwise some important criteria are omitted in the output, such as the interface in filter rules (e.g. a rule that says “accept everything” and a rule that says “accept everything on the loopback interface” can only be distinguished with -v).
Thus, to get a complete presentation of the netfilter rules, you need
iptables -vL -t filter
iptables -vL -t nat
iptables -vL -t mangle
iptables -vL -t raw
iptables -vL -t security
Alternatively, you can call the iptables-save program, which displays all the rules in all tables in a format that can be parsed by iptables-restore. This format is also reasonably readable by humans (it's pretty much like a series of calls to the iptables command to build the table).
iptables -S does the trick for me. It seems to list all the active rules, even when the service is off.
From the man page:
-S, --list-rules [chain] Print all rules in the selected chain. If no chain is selected, all chains are printed like iptables-save. Like every other iptables command, it applies to the specified table (filter is the default).