suzanne.soy/man-pages
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gh-pages
man-pages/man8/xtables-translate.8.html
Suzanne Soy 4c89183f2b Added man pages from my system
2021-03-31 01:06:50 +01:00

159 lines
5.7 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of IPTABLES-TRANSLATE</TITLE>
</HEAD><BODY>
<H1>IPTABLES-TRANSLATE</H1>
Section: Maintenance Commands (8)<BR>Updated: May 14, 2019<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
<P>
<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>
iptables-translate --- translation tool to migrate from iptables to nftables
<P>
ip6tables-translate --- translation tool to migrate from ip6tables to nftables
<A NAME="lbAC">&nbsp;</A>
<H2>DESCRIPTION</H2>
There is a set of tools to help the system administrator translate a given
ruleset from <B><A HREF="/cgi-bin/man/man2html?8+iptables">iptables</A>(8)</B> and <B><A HREF="/cgi-bin/man/man2html?8+ip6tables">ip6tables</A>(8)</B> to <B><A HREF="/cgi-bin/man/man2html?8+nftables">nftables</A>(8)</B>.
<P>
The available commands are:
<P>
<DL COMPACT>
<DT id="1">&bull;<DD>
iptables-translate
<DT id="2">&bull;<DD>
iptables-restore-translate
<DT id="3">&bull;<DD>
ip6tables-translate
<DT id="4">&bull;<DD>
ip6tables-restore-translate
<P>
</DL>
<A NAME="lbAD">&nbsp;</A>
<H2>USAGE</H2>
They take as input the original <B><A HREF="/cgi-bin/man/man2html?8+iptables">iptables</A>(8)</B>/<B><A HREF="/cgi-bin/man/man2html?8+ip6tables">ip6tables</A>(8)</B> syntax and
output the native <B><A HREF="/cgi-bin/man/man2html?8+nftables">nftables</A>(8)</B> syntax.
<P>
The <B>iptables-restore-translate</B> tool reads a ruleset in the syntax
produced by <B><A HREF="/cgi-bin/man/man2html?8+iptables-save">iptables-save</A>(8)</B>. Likewise, the
<B>ip6tables-restore-translate</B> tool reads one produced by
<B><A HREF="/cgi-bin/man/man2html?8+ip6tables-save">ip6tables-save</A>(8)</B>. No ruleset modifications occur, these tools are
text converters only.
<P>
The <B>iptables-translate</B> reads a command line as if it was entered to
<B><A HREF="/cgi-bin/man/man2html?8+iptables">iptables</A>(8)</B>, and <B>ip6tables-translate</B> reads a command like as if it
was entered to <B><A HREF="/cgi-bin/man/man2html?8+ip6tables">ip6tables</A>(8)</B>.
<P>
<A NAME="lbAE">&nbsp;</A>
<H2>EXAMPLES</H2>
Basic operation examples.
<P>
Single command translation:
<P>
<PRE>
<A HREF="mailto:root@machine">root@machine</A>:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
nft add rule ip filter INPUT tcp dport 22 ct state new counter accept
<A HREF="mailto:root@machine">root@machine</A>:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT
nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept
</PRE>
<P>
Whole ruleset translation:
<P>
<PRE>
<A HREF="mailto:root@machine">root@machine</A>:~# iptables-save &gt; save.txt
<A HREF="mailto:root@machine">root@machine</A>:~# cat save.txt
# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016
*filter
:INPUT ACCEPT [5166:1752111]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5058:628693]
-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Sat Dec 24 14:26:40 2016
<A HREF="mailto:root@machine">root@machine</A>:~# iptables-restore-translate -f save.txt
# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016
add table ip filter
add chain ip filter INPUT { type filter hook input priority 0; }
add chain ip filter FORWARD { type filter hook forward priority 0; }
add chain ip filter OUTPUT { type filter hook output priority 0; }
add rule ip filter FORWARD tcp dport 22 ct state new counter accept
<A HREF="mailto:root@machine">root@machine</A>:~# iptables-restore-translate -f save.txt &gt; ruleset.nft
<A HREF="mailto:root@machine">root@machine</A>:~# nft -f ruleset.nft
<A HREF="mailto:root@machine">root@machine</A>:~# nft list ruleset
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
tcp dport ssh ct state new counter packets 0 bytes 0 accept
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
}
}
</PRE>
<P>
<P>
<A NAME="lbAF">&nbsp;</A>
<H2>LIMITATIONS</H2>
Some (few) extensions may be not supported (or fully-supported) for whatever
reason (for example, they were considered obsolete, or we didn't have the time
to work on them).
<P>
There are no translations available for <B><A HREF="/cgi-bin/man/man2html?8+ebtables">ebtables</A>(8)</B> and
<B><A HREF="/cgi-bin/man/man2html?8+arptables">arptables</A>(8)</B>.
<P>
To get up-to-date information about this, please head to
<B><A HREF="https://wiki.nftables.org/">https://wiki.nftables.org/</A></B>.
<P>
<A NAME="lbAG">&nbsp;</A>
<H2>SEE ALSO</H2>
<B><A HREF="/cgi-bin/man/man2html?8+nft">nft</A>(8)</B>, <B><A HREF="/cgi-bin/man/man2html?8+iptables">iptables</A>(8)</B>
<P>
<A NAME="lbAH">&nbsp;</A>
<H2>AUTHORS</H2>
The nftables framework is written by the Netfilter project
(<A HREF="https://www.netfilter.org).">https://www.netfilter.org).</A>
<P>
This manual page was written by Arturo Borrero Gonzalez
&lt;<A HREF="mailto:arturo@netfilter.org">arturo@netfilter.org</A>&gt;.
<P>
This documentation is free/libre under the terms of the GPLv2+.
<P>
<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="5"><A HREF="#lbAB">NAME</A><DD>
<DT id="6"><A HREF="#lbAC">DESCRIPTION</A><DD>
<DT id="7"><A HREF="#lbAD">USAGE</A><DD>
<DT id="8"><A HREF="#lbAE">EXAMPLES</A><DD>
<DT id="9"><A HREF="#lbAF">LIMITATIONS</A><DD>
<DT id="10"><A HREF="#lbAG">SEE ALSO</A><DD>
<DT id="11"><A HREF="#lbAH">AUTHORS</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:18 GMT, March 31, 2021
</BODY>
</HTML>
Reference in New Issue View Git Blame Copy Permalink