diff options
Diffstat (limited to 'iptables/xtables-translate.8')
-rw-r--r-- | iptables/xtables-translate.8 | 49 |
1 files changed, 29 insertions, 20 deletions
diff --git a/iptables/xtables-translate.8 b/iptables/xtables-translate.8 index 3dc72760..6fbbd617 100644 --- a/iptables/xtables-translate.8 +++ b/iptables/xtables-translate.8 @@ -28,24 +28,34 @@ iptables-translate \(em translation tool to migrate from iptables to nftables .P ip6tables-translate \(em translation tool to migrate from ip6tables to nftables +.P +ebtables-translate \(em translation tool to migrate from ebtables to nftables +.P +arptables-translate \(em translation tool to migrate from arptables to nftables .SH DESCRIPTION There is a set of tools to help the system administrator translate a given -ruleset from \fBiptables(8)\fP and \fBip6tables(8)\fP to \fBnftables(8)\fP. +ruleset from \fBiptables(8)\fP, \fBip6tables(8)\fP, \fBebtables(8)\fP and +\fBarptables(8)\fP to \fBnftables(8)\fP. The available commands are: .IP \[bu] 2 -iptables-translate +iptables\-translate .IP \[bu] -iptables-restore-translate +iptables\-restore\-translate .IP \[bu] 2 -ip6tables-translate +ip6tables\-translate .IP \[bu] -ip6tables-restore-translate +ip6tables\-restore\-translate +.IP \[bu] 2 +ebtables\-translate +.IP \[bu] 2 +arptables\-translate .SH USAGE -They take as input the original \fBiptables(8)\fP/\fBip6tables(8)\fP syntax and -output the native \fBnftables(8)\fP syntax. +They take as input the original +\fBiptables(8)\fP/\fBip6tables(8)\fP/\fBebtables(8)\fP/\fBarptables(8)\fP +syntax and output the native \fBnftables(8)\fP syntax. The \fBiptables-restore-translate\fP tool reads a ruleset in the syntax produced by \fBiptables-save(8)\fP. Likewise, the @@ -63,38 +73,38 @@ Basic operation examples. Single command translation: .nf -root@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT +root@machine:\(ti# iptables\-translate \-A INPUT \-p tcp \-\-dport 22 \-m conntrack \-\-ctstate NEW \-j ACCEPT nft add rule ip filter INPUT tcp dport 22 ct state new counter accept -root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT +root@machine:\(ti# ip6tables\-translate \-A FORWARD \-i eth0 \-o eth3 \-p udp \-m multiport \-\-dports 111,222 \-j ACCEPT nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept .fi Whole ruleset translation: .nf -root@machine:~# iptables-save > save.txt -root@machine:~# cat save.txt -# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016 +root@machine:\(ti# iptables\-save > save.txt +root@machine:\(ti# cat save.txt +# Generated by iptables\-save v1.6.0 on Sat Dec 24 14:26:40 2016 *filter :INPUT ACCEPT [5166:1752111] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [5058:628693] --A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT +\-A FORWARD \-p tcp \-m tcp \-\-dport 22 \-m conntrack \-\-ctstate NEW \-j ACCEPT COMMIT # Completed on Sat Dec 24 14:26:40 2016 -root@machine:~# iptables-restore-translate -f save.txt -# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016 +root@machine:\(ti# iptables\-restore\-translate \-f save.txt +# Translated by iptables\-restore\-translate v1.6.0 on Sat Dec 24 14:26:59 2016 add table ip filter add chain ip filter INPUT { type filter hook input priority 0; } add chain ip filter FORWARD { type filter hook forward priority 0; } add chain ip filter OUTPUT { type filter hook output priority 0; } add rule ip filter FORWARD tcp dport 22 ct state new counter accept -root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft -root@machine:~# nft -f ruleset.nft -root@machine:~# nft list ruleset +root@machine:\(ti# iptables\-restore\-translate \-f save.txt > ruleset.nft +root@machine:\(ti# nft \-f ruleset.nft +root@machine:\(ti# nft list ruleset table ip filter { chain INPUT { type filter hook input priority 0; policy accept; @@ -117,8 +127,7 @@ Some (few) extensions may be not supported (or fully-supported) for whatever reason (for example, they were considered obsolete, or we didn't have the time to work on them). -There are no translations available for \fBebtables(8)\fP and -\fBarptables(8)\fP. +There is no translation available for \fBarptables(8)\fP. To get up-to-date information about this, please head to \fBhttps://wiki.nftables.org/\fP. |