Skip to main content
Viptela is now part of Cisco.
Support
Product Documentation
Viptela Documentation

show system netfilter

show system netfilter—Display the iptable entries, also called iptable/netfilter entries, on the local device (on vSmart controllers and vManage NMSs only). The netfilter is a kernel module that does packet filtering based on firewall rules.

Command Syntax

show system netfilter

Options

None

Output Fields

Iptables places the rules into predefined chains, including Input, Police, Police-Prot, and Logging. It checks these chains against the IP packets relevant to those chains and decides what to do with each packet based on the output of the rules, such as accepting or dropping the packet. The actions are referred to as targets.

Example Output

vSmart# show system netfilter 
Chain INPUT (policy ACCEPT 60302 packets, 6353K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 4649  391K POLICE     all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            limit: avg 10000/sec burst 1000
 4649  391K POLICE_PROT  all  --  eth1   *       0.0.0.0/0            0.0.0.0/0            limit: avg 10000/sec burst 1000
   53  5102 LOGGING    all  --  eth1   *       0.0.0.0/0            0.0.0.0/0           

Chain POLICE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain POLICE_PROT (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp spts:67:68 dpts:67:68
    0     0 ACCEPT     tcp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            tcp spt:53
    0     0 ACCEPT     udp  --  eth1   *       0.0.0.0/0            0.0.0.0/0            udp spt:53
 4596  386K ACCEPT     icmp --  eth1   *       0.0.0.0/0            0.0.0.0/0           

Chain LOGGING (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   53  5102 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 10/sec burst 5 LOG flags 0 level 6 prefix "IPTables-dropped: "
   53  5102 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Release Information

Command introduced in Viptela Software Release 15.4.3.

Additional Information

iptables-enable

  • Was this article helpful?