From 7b66fc22aca000440fd6d6fbce7ff35811edea5e Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Thu, 5 Jul 2018 20:53:17 +0200 Subject: man: clarify translate tools do not modify any state Signed-off-by: Florian Westphal --- iptables/xtables-nft.8 | 7 +++++++ iptables/xtables-translate.8 | 3 ++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/iptables/xtables-nft.8 b/iptables/xtables-nft.8 index 9c223eda..702bf954 100644 --- a/iptables/xtables-nft.8 +++ b/iptables/xtables-nft.8 @@ -178,7 +178,14 @@ you would use: root@machine:~# iptables\-legacy\-save > myruleset # reads from x_tables root@machine:~# iptables\-nft\-restore myruleset # writes to nf_tables .fi +or +.nf + root@machine:~# iptables\-legacy\-save | iptables-translate-restore | less +.fi +to see how rules would look like in the nft +\fBnft(8)\fP +syntax. .SH LIMITATIONS You should use \fBLinux kernel >= 4.17\fP. diff --git a/iptables/xtables-translate.8 b/iptables/xtables-translate.8 index 1968239b..c40f9f02 100644 --- a/iptables/xtables-translate.8 +++ b/iptables/xtables-translate.8 @@ -49,7 +49,8 @@ output the native \fBnftables(8)\fP syntax. The \fBiptables-restore-translate\fP tool reads a ruleset in the syntax produced by \fBiptables-save(8)\fP. Likewise, the \fBip6tables-restore-translate\fP tool reads one produced by -\fBip6tables-save(8)\fP. +\fBip6tables-save(8)\fP. No ruleset modifications occur, these tools are +text converters only. The \fBiptables-translate\fP reads a command line as if it was entered to \fBiptables(8)\fP, and \fBip6tables-translate\fP reads a command like as if it -- cgit v1.2.3