On Apr 23, 2016 3:54 PM, "Joe" <joe@jretrading.com> wrote:
>
.
>
> You might also try iptables -S which will list the rules in the form
> that you would enter by hand as arguments to the iptables command. It is
> a different view, and you may see things that are less obvious in the
> -L view.
>
I'm guessing -S is the same as iptables-save...? If so, then yes that's the way to look at rules and what you want to paste when asking for help. There are two times when I went nL output - when testing and want a delete number (so with the --line-numbers option) and when I think a table is useless and want to call reference count. That's literally it. Otherwise you probably want to see the rules closer to how the kernel does.
Also, if you script your restore (I'm guessing ufw handles this... properly) do use a restore file vs looping the iptables command for each rule - besides being proper, it's also a *hell* of a lot faster.
> Remember that IPv6 is alive and well in quite a lot of hardware these
> days, and there is an ip6tables to deal with it.
>
Ie, unless you're using it, disable it (both with ip6tables and blacklist modules)