Can you list iptables as a non-root user? and why?

Is it at all possible to execute the iptables --list … command without being root? Running it as non-root prints this: $ iptables --list iptables v1.4.21: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. If you must be root to list iptables, what is the reasoning behind that?  Is there a security concern with viewing the rules?  Is there a resource or service used by iptables --list that requires root access? Obviously, modifying iptables firewall rules requires privileges.  I am asking about viewing them. ---------------- Instead of being root, is there a capability that could permit listing the rules?  Does iptables use netlink to interface with the kernel?  Because netlink(7) mentions that > Only processes with an effective UID of 0 or the **CAP_NET_ADMIN** > capability may send or listen to a netlink multicast group. Maybe that does not apply to iptables. I am not sure whether this is the right way of doing it, but adding a capability to iptables does not let me list the rules, either: bash-4.1$ echo $UID 2000 bash-4.1$ getcap /sbin/iptables-multi-1.4.7 /sbin/iptables-multi-1.4.7 = cap_net_admin+ep bash-4.1$ /sbin/iptables-multi-1.4.7 main --list FATAL: Could not load /lib/modules/3.10.0-514.21.1.el7.x86_64/modules.dep: No such file or directory iptables v1.4.7: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. ------------ Here are some relevant questions: - iptables – add rules not as root     (Super User) - Using iptables without root privileges  (Server Fault) Both provide workarounds, in my opinion, and do not discuss the fundamental reason behind the restriction.