I understand and share your feelings. I have the same attitude. However, I would also not show those rules and allow them to be modified in the WUI if I were to decide myself how to implement a firewall. In other words, I understand the user interface choices made by the developers.
This is how I managed to see the gut of the firewall in the command line.
You can list the whole iptables rules using the command:
if you want to save the output on file to examine it with an editor:
iptables-save > my_iptables.txt
if you want to see only the tables, you can use this grep filter
iptables-save | grep '\*.*'
which will list the five tables:
each table contains the chains, grouped by similarity. If you want to list the tables followed by their chains, you can use this more complex grep filter:
iptables-save | pcregrep -Mo "(?s)(?<=#\s)(.*)(?=#\s)" | grep -e ":.*]" -e "\*"
this will give you the list of the tables, followed by their respective chains (starting with a
:), for example:
:INPUT ACCEPT [1250754:1319969297]
:FORWARD ACCEPT [1957707:1623612394]
:OUTPUT ACCEPT [675073:298049594]
:PREROUTING ACCEPT [20999204:18194585088]
:OUTPUT ACCEPT [3129983:1980078437]
:PREROUTING ACCEPT [20999169:18194580311]
:INPUT ACCEPT [4782692:4059878676]
:FORWARD ACCEPT [16207725:14134421571]
:OUTPUT ACCEPT [3129976:1980076781]
:POSTROUTING ACCEPT [19364163:16115312157]
:NAT_DESTINATION - [0:0]
if you want to see the tables, followed by the chains, followed by their rules
iptables-save | pcregrep -Mo "(?s)(?<=#\s)(.*)(?=#\s)" | grep -e ":.*]" -e "\*" -e "-" | grep -v "#\s"
Apologies for the complexity, but I could not find an easier filter. However It does the job.
You can see an outdated but still relevant flowchart of the chains implemented by IPFire in this wiki entry.
If you want to understand the IPTable inner working, this is the best reference I could find.
This is a generic and more updated flow chart of IPTables.