Diffstat (limited to 'iptables/iptables-xml.1.in')
1 files changed, 87 insertions, 0 deletions
diff --git a/iptables/iptables-xml.1.in b/iptables/iptables-xml.1.in
new file mode 100644
@@ -0,0 +1,87 @@
+.TH IPTABLES-XML 1 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
+.\" Man page written by Sam Liddicott <email@example.com>
+.\" It is based on the iptables-save man page.
+.\" This program is free software; you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation; either version 2 of the License, or
+.\" (at your option) any later version.
+.\" This program is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program; if not, write to the Free Software
+.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+iptables-xml \(em Convert iptables-save format to XML
+\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]
+is used to convert the output of iptables-save into an easily manipulatable
+XML format to STDOUT. Use I/O-redirection provided by your shell to write to
+combine consecutive rules with the same matches but different targets. iptables
+does not currently support more than one target per match, so this simulates
+that by collecting the targets from consecutive iptables rules into one action
+tag, but only when the rule matches are identical. Terminating actions like
+RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
+Output xml comments containing the iptables line from which the XML is derived
+iptables-xml does a mechanistic conversion to a very expressive xml
+format; the only semantic considerations are for \-g and \-j targets in
+order to discriminate between <call> <goto> and <nane-of-target> as it
+helps xml processing scripts if they can tell the difference between a
+target like SNAT and another chain.
+Some sample output is:
+ <table name="mangle">
+ <chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
+Conversion from XML to iptables-save format may be done using the
+iptables.xslt script and xsltproc, or a custom program using
+libxsltproc or similar; in this fashion:
+xsltproc iptables.xslt my-iptables.xml | iptables-restore
+None known as of iptables-1.3.7 release
+Sam Liddicott <firstname.lastname@example.org>
+.SH SEE ALSO
+\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)