99 lines
3.0 KiB
HTML
99 lines
3.0 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of XTABLES-LEGACY</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>XTABLES-LEGACY</H1>
|
|
Section: Maintenance Commands (8)<BR>Updated: June 2018<BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
<P>
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
xtables-legacy --- iptables using old getsockopt/setsockopt-based kernel api
|
|
<P>
|
|
<A NAME="lbAC"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<B>xtables-legacy</B> are the original versions of iptables that use
|
|
old getsockopt/setsockopt-based kernel interface.
|
|
This kernel interface has some limitations, therefore iptables can also
|
|
be used with the newer nf_tables based API.
|
|
See
|
|
<B><A HREF="/cgi-bin/man/man2html?8+xtables-nft">xtables-nft</A>(8)</B>
|
|
|
|
for information about the xtables-nft variants of iptables.
|
|
<P>
|
|
<A NAME="lbAD"> </A>
|
|
<H2>USAGE</H2>
|
|
|
|
The xtables-legacy-multi binary can be linked to the traditional names:
|
|
<P>
|
|
<PRE>
|
|
/sbin/iptables -> /sbin/iptables-legacy-multi
|
|
/sbin/ip6tables -> /sbin/ip6tables-legacy-multi
|
|
/sbin/iptables-save -> /sbin/ip6tables-legacy-multi
|
|
/sbin/iptables-restore -> /sbin/ip6tables-legacy-multi
|
|
</PRE>
|
|
|
|
<P>
|
|
The iptables version string will indicate whether the legacy API (get/setsockopt) or
|
|
the new nf_tables API is used:
|
|
<PRE>
|
|
iptables -V
|
|
iptables v1.7 (legacy)
|
|
</PRE>
|
|
|
|
<P>
|
|
<A NAME="lbAE"> </A>
|
|
<H2>LIMITATIONS</H2>
|
|
|
|
<P>
|
|
When inserting a rule using
|
|
iptables -A or iptables -I, iptables first needs to retrieve the current active
|
|
ruleset, change it to include the new rule, and then commit back the result.
|
|
This means that if two instances of iptables are running concurrently, one of the
|
|
updates might be lost. This can be worked around partially with the --wait option.
|
|
<P>
|
|
There is also no method to monitor changes to the ruleset, except periodically calling
|
|
iptables-legacy-save and checking for any differences in output.
|
|
<P>
|
|
<B><A HREF="/cgi-bin/man/man2html?8+xtables-monitor">xtables-monitor</A>(8)</B>
|
|
|
|
will need the
|
|
<B><A HREF="/cgi-bin/man/man2html?8+xtables-nft">xtables-nft</A>(8)</B>
|
|
|
|
versions to work, it cannot display changes made using the
|
|
<B>iptables-legacy</B>
|
|
|
|
tools.
|
|
<P>
|
|
<A NAME="lbAF"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+xtables-nft">xtables-nft</A>(8)</B>, <B><A HREF="/cgi-bin/man/man2html?8+xtables-translate">xtables-translate</A>(8)</B>
|
|
<P>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>AUTHORS</H2>
|
|
|
|
Rusty Russell originally wrote iptables, in early consultation with Michael Neuling.
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="1"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="2"><A HREF="#lbAC">DESCRIPTION</A><DD>
|
|
<DT id="3"><A HREF="#lbAD">USAGE</A><DD>
|
|
<DT id="4"><A HREF="#lbAE">LIMITATIONS</A><DD>
|
|
<DT id="5"><A HREF="#lbAF">SEE ALSO</A><DD>
|
|
<DT id="6"><A HREF="#lbAG">AUTHORS</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:06:18 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|