Join Log in
Score:1
Arany Péter avatar Server

Nft list ruleset with ports

gb flag
Arany Péter

Is there a way to list the actual ports when listing the rules?

I mean:

nft list ruleset

table ip filter {
    chain INPUT {
        type filter hook input priority 0; policy drop;
        iifname "lo" counter packets 114 bytes 316154 accept
        ct state established,related counter packets 415 bytes 70571 accept
        tcp dport http counter packets 13 bytes 728 accept
        tcp dport http-alt counter packets 0 bytes 0 accept
        tcp dport tproxy counter packets 0 bytes 0 accept
        tcp dport https counter packets 0 bytes 0 accept

http is 80 I think https is 443 I think

Is there a way to list the ports not the names?

448
1 + 1
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
`-n` or `--numeric` should do that
1
Reply
Score:1
diya avatar Server
la flag
diya

@NikitaKipriyanov provided the answer to your question in the comment.

man nft

Ruleset list output formatting that modify the output of the list ruleset command:
...
-n, --numeric

Print fully numerical output.

The source of the port number <==> service name mapping is the file /etc/services which in turn based on the IANA port assignments list maintained here: http://www.iana.org/assignments/port-numbers

I really understand a preference to look at the actual port numbers:

Often (& especially the higher) port numbers can be in use by other applications/services than /etc/services service mapping suggests. And to add to the confusion: applications with an actual reserved port number are usually not prevented from using different port numbers (in addition to their own) as well.
For example I often see Squid web proxies listening on port 8080, http-alt rather than the reserved port for squid, 3128...

+ 1
Nikita Kipriyanov avatar
za flag
Nikita Kipriyanov
Actually I can't even check if that really work, because on my systems where I use nftables, `nft list ruleset` shows numeric ports even for ports registered in the `/etc/services`, without any additional switches. On the contrary, it requires `-S` to actually resolve those port numbers to symbolic service names. Probably different versions behave differently/.
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.