xtables: rename xt-multi binaries to -nft, -legacy

This adds a clear distinction between old iptables (formerly
xtables-multi, now xtables-legacy-multi) and new iptables
(formerly xtables-compat-multi, now xtables-nft-multi).

Users will get the ip/ip6tables names via symbolic links, having
a distinct name postfix for the legacy/nft variants helps to
make a clear distinction, as iptables-nft will always use
nf_tables and iptables-legacy always uses get/setsockopt wheres
"iptables" could be symlinked to either -nft or -legacy.

Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 0 insertions, 177 deletions

diff --git a/iptables/xtables-compat.8 b/iptables/xtables-compat.8
deleted file mode 100644
index 90f887e1..00000000
--- a/iptables/xtables-compat.8
+++ /dev/null
@@ -1,177 +0,0 @@
-.\"
-.\" (C) Copyright 2016-2017, Arturo Borrero Gonzalez <arturo@netfilter.org>
-.\"
-.\" %%%LICENSE_START(GPLv2+_DOC_FULL)
-.\" This is free documentation; you can redistribute it and/or
-.\" modify it under the terms of the GNU General Public License as
-.\" published by the Free Software Foundation; either version 2 of
-.\" the License, or (at your option) any later version.
-.\"
-.\" The GNU General Public License's references to "object code"
-.\" and "executables" are to be interpreted as the output of any
-.\" document formatting or typesetting system, including
-.\" intermediate and printed output.
-.\"
-.\" This manual is distributed in the hope that it will be useful,
-.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\" GNU General Public License for more details.
-.\"
-.\" You should have received a copy of the GNU General Public
-.\" License along with this manual; if not, see
-.\" <http://www.gnu.org/licenses/>.
-.\" %%%LICENSE_END
-.\"
-.TH XTABLES-COMPAT 8 "Feb 25, 2017"
-
-.SH NAME
-xtables-compat \- compat tools to migrate from iptables to nftables
-
-.SH DESCRIPTION
-\fBxtables-compat\fP is set of tools to help the system administrator migrate the
-ruleset from \fBiptables(8)\fP, \fBip6tables(8)\fP, \fBarptables(8)\fP, and
-\fBebtables(8)\fP to \fBnftables(8)\fP.
-
-The \fBxtables-compat\fP set is composed of several commands:
-.IP \[bu] 2
-iptables-compat
-.IP \[bu]
-iptables-compat-save
-.IP \[bu]
-iptables-compat-restore
-.IP \[bu]
-ip6tables-compat
-.IP \[bu]
-ip6tables-compat-save
-.IP \[bu]
-ip6tables-compat-restore
-.IP \[bu]
-arptables-compat
-.IP \[bu]
-ebtables-compat
-
-These tools use the libxtables framework extensions and hook to the nf_tables
-kernel subsystem using the \fBnft_compat\fP module.
-
-.SH USAGE
-The compat tools set allows you to manage the nf_tables backend using the
-native syntax of \fBiptables(8)\fP, \fBip6tables(8)\fP, \fBarptables(8)\fP, and
-\fBebtables(8)\fP.
-
-You should use the compat tools exactly the same way as you would use the
-corresponding original tool.
-
-Adding a rule will result in that rule being added to the nf_tables kernel
-subsystem instead.
-Listing the ruleset will use the nf_tables backend as well.
-
-When these tools were designed, the main idea was to replace each legacy binary
-with a symlink to the corresponding compat tool, for example:
-
-.nf
-	/sbin/iptables  --> /usr/sbin/iptables-compat
-	/sbin/ip6tables --> /usr/sbin/ip6tables-compat
-	/sbin/arptables --> /usr/sbin/arptables-compat
-	/sbin/ebtables  --> /usr/sbin/ebtables-compat
-.fi
-
-.SH EXAMPLES
-One basic example is creating the skeleton ruleset in nf_tables from the
-compat tools, in a fresh machine:
-
-.nf
-	root@machine:~# iptables-compat -L
-	[...]
-	root@machine:~# ip6tables-compat -L
-	[...]
-	root@machine:~# arptables-compat -L
-	[...]
-	root@machine:~# ebtables-compat -L
-	[...]
-	root@machine:~# nft list ruleset
-	table ip filter {
-		chain INPUT {
-			type filter hook input priority 0; policy accept;
-		}
-
-		chain FORWARD {
-			type filter hook forward priority 0; policy accept;
-		}
-
-		chain OUTPUT {
-			type filter hook output priority 0; policy accept;
-		}
-	}
-	table ip6 filter {
-		chain INPUT {
-			type filter hook input priority 0; policy accept;
-		}
-
-		chain FORWARD {
-			type filter hook forward priority 0; policy accept;
-		}
-
-		chain OUTPUT {
-			type filter hook output priority 0; policy accept;
-		}
-	}
-	table bridge filter {
-		chain INPUT {
-			type filter hook input priority -200; policy accept;
-		}
-
-		chain FORWARD {
-			type filter hook forward priority -200; policy accept;
-		}
-
-		chain OUTPUT {
-			type filter hook output priority -200; policy accept;
-		}
-	}
-	table arp filter {
-		chain INPUT {
-			type filter hook input priority 0; policy accept;
-		}
-
-		chain FORWARD {
-			type filter hook forward priority 0; policy accept;
-		}
-
-		chain OUTPUT {
-			type filter hook output priority 0; policy accept;
-		}
-	}
-.fi
-
-(please note that in fresh machines, listing the ruleset for the first time
-results in all tables an chain being created).
-
-To migrate your complete filter ruleset, in the case of \fBiptables(8)\fP,
-you would use:
-
-.nf
-	root@machine:~# iptables-save > myruleset		# reads from x_tables
-	root@machine:~# iptables-compat-restore myruleset	# writes to nf_tables
-.fi
-
-
-.SH LIMITATIONS
-You should use \fBLinux kernel >= 4.2\fP.
-
-Some (few) extensions may be not supported (or fully-supported) for whatever
-reason (for example, they were considered obsolete).
-
-To get up-to-date information about this, please head to
-\fBhttp://wiki.nftables.org/\fP.
-
-.SH SEE ALSO
-\fBnft(8)\fP, \fBxtables-translate(8)\fP
-
-.SH AUTHORS
-The nftables framework is written by the Netfilter project
-(https://www.netfilter.org).
-
-This manual page was written by Arturo Borrero Gonzalez
-<arturo@debian.org> for the Debian project, but may be used by others.
-
-This documentation is free/libre under the terms of the GPLv2+.