path: root/iptables
diff options
authorFlorian Westphal <>2018-07-05 20:53:17 +0200
committerFlorian Westphal <>2018-07-05 20:53:34 +0200
commit7b66fc22aca000440fd6d6fbce7ff35811edea5e (patch)
treecee61ea15cd307ed13428f187ab7124aeb0717a9 /iptables
parentf7fec51277e4172d7d05db60e29b4c6cc9746c90 (diff)
man: clarify translate tools do not modify any state
Signed-off-by: Florian Westphal <>
Diffstat (limited to 'iptables')
2 files changed, 9 insertions, 1 deletions
diff --git a/iptables/xtables-nft.8 b/iptables/xtables-nft.8
index 9c223eda..702bf954 100644
--- a/iptables/xtables-nft.8
+++ b/iptables/xtables-nft.8
@@ -178,7 +178,14 @@ you would use:
root@machine:~# iptables\-legacy\-save > myruleset # reads from x_tables
root@machine:~# iptables\-nft\-restore myruleset # writes to nf_tables
+ root@machine:~# iptables\-legacy\-save | iptables-translate-restore | less
+to see how rules would look like in the nft
You should use \fBLinux kernel >= 4.17\fP.
diff --git a/iptables/xtables-translate.8 b/iptables/xtables-translate.8
index 1968239b..c40f9f02 100644
--- a/iptables/xtables-translate.8
+++ b/iptables/xtables-translate.8
@@ -49,7 +49,8 @@ output the native \fBnftables(8)\fP syntax.
The \fBiptables-restore-translate\fP tool reads a ruleset in the syntax
produced by \fBiptables-save(8)\fP. Likewise, the
\fBip6tables-restore-translate\fP tool reads one produced by
+\fBip6tables-save(8)\fP. No ruleset modifications occur, these tools are
+text converters only.
The \fBiptables-translate\fP reads a command line as if it was entered to
\fBiptables(8)\fP, and \fBip6tables-translate\fP reads a command like as if it