130 lines
4.2 KiB
HTML
130 lines
4.2 KiB
HTML
|
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
|
|
<HTML><HEAD><TITLE>Man page of IPTABLES-XML</TITLE>
|
|
</HEAD><BODY>
|
|
<H1>IPTABLES-XML</H1>
|
|
Section: iptables 1.8.4 (1)<BR>Updated: <BR><A HREF="#index">Index</A>
|
|
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<A NAME="lbAB"> </A>
|
|
<H2>NAME</H2>
|
|
|
|
iptables-xml --- Convert iptables-save format to XML
|
|
<A NAME="lbAC"> </A>
|
|
<H2>SYNOPSIS</H2>
|
|
|
|
<B>iptables-xml</B> [<B>-c</B>] [<B>-v</B>]
|
|
<A NAME="lbAD"> </A>
|
|
<H2>DESCRIPTION</H2>
|
|
|
|
<P>
|
|
|
|
<B>iptables-xml</B>
|
|
|
|
is used to convert the output of iptables-save into an easily manipulatable
|
|
XML format to STDOUT. Use I/O-redirection provided by your shell to write to
|
|
a file.
|
|
<DL COMPACT>
|
|
<DT id="1"><B>-c</B>, <B>--combine</B><DD>
|
|
combine consecutive rules with the same matches but different targets. iptables
|
|
does not currently support more than one target per match, so this simulates
|
|
that by collecting the targets from consecutive iptables rules into one action
|
|
tag, but only when the rule matches are identical. Terminating actions like
|
|
RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
|
|
<DT id="2"><B>-v</B>, <B>--verbose</B><DD>
|
|
Output xml comments containing the iptables line from which the XML is derived
|
|
<P>
|
|
</DL>
|
|
<P>
|
|
|
|
iptables-xml does a mechanistic conversion to a very expressive xml
|
|
format; the only semantic considerations are for -g and -j targets in
|
|
order to discriminate between <call> <goto> and <nane-of-target> as it
|
|
helps xml processing scripts if they can tell the difference between a
|
|
target like SNAT and another chain.
|
|
<P>
|
|
Some sample output is:
|
|
<P>
|
|
<iptables-rules>
|
|
<BR> <table name="mangle">
|
|
<BR> <chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
|
|
byte-count="7137573">
|
|
<BR> <rule>
|
|
<BR> <conditions>
|
|
<BR> <match>
|
|
<BR> <p>tcp</p>
|
|
<BR> </match>
|
|
<BR> <tcp>
|
|
<BR> <sport>8443</sport>
|
|
<BR> </tcp>
|
|
<BR> </conditions>
|
|
<BR> <actions>
|
|
<BR> <call>
|
|
<BR> <check_ip/>
|
|
<BR> </call>
|
|
<BR> <ACCEPT/>
|
|
<BR> </actions>
|
|
<BR> </rule>
|
|
<BR> </chain>
|
|
<BR> </table>
|
|
</iptables-rules>
|
|
<P>
|
|
<P>
|
|
|
|
Conversion from XML to iptables-save format may be done using the
|
|
iptables.xslt script and xsltproc, or a custom program using
|
|
libxsltproc or similar; in this fashion:
|
|
<P>
|
|
xsltproc iptables.xslt my-iptables.xml | iptables-restore
|
|
<P>
|
|
<A NAME="lbAE"> </A>
|
|
<H2>BUGS</H2>
|
|
|
|
None known as of iptables-1.3.7 release
|
|
<A NAME="lbAF"> </A>
|
|
<H2>AUTHOR</H2>
|
|
|
|
Sam Liddicott <<A HREF="mailto:azez@ufomechanic.net">azez@ufomechanic.net</A>>
|
|
<A NAME="lbAG"> </A>
|
|
<H2>SEE ALSO</H2>
|
|
|
|
<B><A HREF="/cgi-bin/man/man2html?8+iptables-save">iptables-save</A></B>(8), <B><A HREF="/cgi-bin/man/man2html?8+iptables-restore">iptables-restore</A></B>(8), <B><A HREF="/cgi-bin/man/man2html?8+iptables">iptables</A></B>(8)
|
|
<P>
|
|
|
|
<HR>
|
|
<A NAME="index"> </A><H2>Index</H2>
|
|
<DL>
|
|
<DT id="3"><A HREF="#lbAB">NAME</A><DD>
|
|
<DT id="4"><A HREF="#lbAC">SYNOPSIS</A><DD>
|
|
<DT id="5"><A HREF="#lbAD">DESCRIPTION</A><DD>
|
|
<DT id="6"><A HREF="#lbAE">BUGS</A><DD>
|
|
<DT id="7"><A HREF="#lbAF">AUTHOR</A><DD>
|
|
<DT id="8"><A HREF="#lbAG">SEE ALSO</A><DD>
|
|
</DL>
|
|
<HR>
|
|
This document was created by
|
|
<A HREF="/cgi-bin/man/man2html">man2html</A>,
|
|
using the manual pages.<BR>
|
|
Time: 00:05:17 GMT, March 31, 2021
|
|
</BODY>
|
|
</HTML>
|