IPTABLES-TRANSLATE - Online Linux Manual PageSection : 8
Updated : May 14, 2019
NAMEiptables-translate — translation tool to migrate from iptables to nftables ip6tables-translate — translation tool to migrate from ip6tables to nftables ebtables-translate — translation tool to migrate from ebtables to nftables
DESCRIPTIONThere is a set of tools to help the system administrator translate a given ruleset from iptables(8), ip6tables(8) and ebtables(8) to nftables(8). The available commands are: • iptables-translate • iptables-restore-translate • ip6tables-translate • ip6tables-restore-translate • ebtables-translate
USAGEThey take as input the original iptables(8)/ip6tables(8)/ebtables(8) syntax and output the native nftables(8) syntax. The iptables-restore-translate tool reads a ruleset in the syntax produced by iptables-save(8). Likewise, the ip6tables-restore-translate tool reads one produced by ip6tables-save(8). No ruleset modifications occur, these tools are text converters only. The iptables-translate reads a command line as if it was entered to iptables(8), and ip6tables-translate reads a command like as if it was entered to ip6tables(8).
EXAMPLESBasic operation examples. Single command translation: root@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
nft add rule ip filter INPUT tcp dport 22 ct state new counter accept
root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT
nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter acceptWhole ruleset translation: root@machine:~# iptables-save > save.txt
root@machine:~# cat save.txt
# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016
*filter
:INPUT ACCEPT [5166:1752111]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5058:628693]
-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Sat Dec 24 14:26:40 2016
root@machine:~# iptables-restore-translate -f save.txt
# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016
add table ip filter
add chain ip filter INPUT { type filter hook input priority 0; }
add chain ip filter FORWARD { type filter hook forward priority 0; }
add chain ip filter OUTPUT { type filter hook output priority 0; }
add rule ip filter FORWARD tcp dport 22 ct state new counter accept
root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft
root@machine:~# nft -f ruleset.nft
root@machine:~# nft list ruleset
table ip filter {
chain INPUT {
type filter hook input priority 0; policy accept;
}
chain FORWARD {
type filter hook forward priority 0; policy accept;
tcp dport ssh ct state new counter packets 0 bytes 0 accept
}
chain OUTPUT {
type filter hook output priority 0; policy accept;
}
}
LIMITATIONSSome (few) extensions may be not supported (or fully-supported) for whatever reason (for example, they were considered obsolete, or we didn't have the time to work on them). There is no translation available for arptables(8). To get up-to-date information about this, please head to https://wiki.nftables.org/.
SEE ALSOnft(8), iptables(8)
AUTHORSThe nftables framework is written by the Netfilter project (https://www.netfilter.org). This manual page was written by Arturo Borrero Gonzalez <arturo@netfilter.org>. This documentation is free/libre under the terms of the GPLv2+. 0
Johanes Gumabo
Data Size : 10,696 byte
man-xtables-translate.8Build : 2024-12-05, 20:55 :
Visitor Screen : x
Visitor Counter ( page / site ) : 2 / 197,720
Visitor ID : :
Visitor IP : 18.224.32.243 :
Visitor Provider : AMAZON-02 :
Provider Position ( lat x lon ) : 39.962500 x -83.006100 : x
Provider Accuracy Radius ( km ) : 1000 :
Provider City : Columbus :
Provider Province : Ohio , : ,
Provider Country : United States :
Provider Continent : North America :
Visitor Recorder : Version :
Visitor Recorder : Library :
Online Linux Manual Page : Version : Online Linux Manual Page - Fedora.40 - march=x86-64 - mtune=generic - 24.12.05
Online Linux Manual Page : Library : lib_c - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Online Linux Manual Page : Library : lib_m - 24.10.03 - march=x86-64 - mtune=generic - Fedora.40
Data Base : Version : Online Linux Manual Page Database - 24.04.13 - march=x86-64 - mtune=generic - fedora-38
Data Base : Library : lib_c - 23.02.07 - march=x86-64 - mtune=generic - fedora.36
Very long time ago, I have the best tutor, Wenzel Svojanovsky . If someone knows the email address of Wenzel Svojanovsky , please send an email to johanes_gumabo@yahoo.co.id .
If error, please print screen and send to johanes_gumabo@yahoo.co.id
Under development. Support me via PayPal.