# Show hit for rules with auto refresh
watch --interval 0 'iptables -nvL | grep -v "0     0"'

# Show hit for rule with auto refresh and highlight any changes since the last refresh
watch -d -n 2 iptables -nvL

# Block the port 902 and we hide this port from nmap.
iptables -A INPUT -i eth0 -p tcp --dport 902 -j REJECT --reject-with icmp-port-unreachable

# Note, --reject-with accept:
#	icmp-net-unreachable
#	icmp-host-unreachable
#	icmp-port-unreachable <- Hide a port to nmap
#	icmp-proto-unreachable
#	icmp-net-prohibited
#	icmp-host-prohibited or
#	icmp-admin-prohibited
#	tcp-reset