0

I want to understand why a kind of specific packets through or not through a chain (OUTPUT for example), but the chain was written in a structured manner which can jump to a lot of sub chains, within which a lot of rules were indeed defined. For this situation, what's the command line to easily accomplish the monitoring with the '-vL' feature?

OS is Linux of course.

Thanks in advance!

Woody Wu
  • 191
  • 8
  • `iptables-save`? – Lenniey Feb 01 '19 at 13:59
  • AFAIK Ultimately there is no other option than displaying your full rule set and following the flow a specific packet should following by reading (with your own eyes) the rules in sequential order, marking the position where you need to follow a JUMP to a new chain in case you need to return there until you reach the rule that will definitely(dis-)allow the packet/flow. I haven't seen a tool yet that will that for you. A great help may be marking the specific packet / flow that gives you trouble with the [`TRACE`](https://serverfault.com/a/126079/37681) target or liberal use of LOG targets. – HBruijn Feb 01 '19 at 15:18
  • Thanks HBrujin. I like to study 'trace', just the target I am debugging has not installed the kernel module to support it. – Woody Wu Feb 01 '19 at 15:32

0 Answers0