From 74bd60b23135fa58a6d8423ec2e9f97e08a6b832 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 22 Aug 2013 13:11:45 +0200
Subject: build: add software version to manpage first line at configure stage

This patch adds the software version to the first line of the
following manpages:

	iptables-save.8
	iptables-restore.8
	iptables-apply.8
	iptables-xml.1

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 configure.ac                   |  2 +
 iptables/iptables-apply.8      | 44 ---------------------
 iptables/iptables-apply.8.in   | 44 +++++++++++++++++++++
 iptables/iptables-restore.8    | 72 ----------------------------------
 iptables/iptables-restore.8.in | 72 ++++++++++++++++++++++++++++++++++
 iptables/iptables-save.8       | 62 ------------------------------
 iptables/iptables-save.8.in    | 62 ++++++++++++++++++++++++++++++
 iptables/iptables-xml.1        | 87 ------------------------------------------
 iptables/iptables-xml.1.in     | 87 ++++++++++++++++++++++++++++++++++++++++++
 9 files changed, 267 insertions(+), 265 deletions(-)
 delete mode 100644 iptables/iptables-apply.8
 create mode 100644 iptables/iptables-apply.8.in
 delete mode 100644 iptables/iptables-restore.8
 create mode 100644 iptables/iptables-restore.8.in
 delete mode 100644 iptables/iptables-save.8
 create mode 100644 iptables/iptables-save.8.in
 delete mode 100644 iptables/iptables-xml.1
 create mode 100644 iptables/iptables-xml.1.in

diff --git a/configure.ac b/configure.ac
index 52d6b54d..76d0b37b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -156,6 +156,8 @@ AC_SUBST([libxtables_vmajor])
 AC_CONFIG_FILES([Makefile extensions/GNUmakefile include/Makefile
 	iptables/Makefile iptables/xtables.pc
 	iptables/iptables.8 iptables/iptables-extensions.8.tmpl
+	iptables/iptables-save.8 iptables/iptables-restore.8
+	iptables/iptables-apply.8 iptables/iptables-xml.1
 	libipq/Makefile libipq/libipq.pc
 	libiptc/Makefile libiptc/libiptc.pc
 	libiptc/libip4tc.pc libiptc/libip6tc.pc
diff --git a/iptables/iptables-apply.8 b/iptables/iptables-apply.8
deleted file mode 100644
index 66eaf57a..00000000
--- a/iptables/iptables-apply.8
+++ /dev/null
@@ -1,44 +0,0 @@
-.\"     Title: iptables-apply
-.\"    Author: Martin F. Krafft
-.\"      Date: Jun 04, 2006
-.\"
-.TH iptables\-apply 8 2006-06-04
-.\" disable hyphenation
-.nh
-.SH NAME
-iptables-apply \- a safer way to update iptables remotely
-.SH SYNOPSIS
-\fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] \fIruleset\-file\fP
-.SH "DESCRIPTION"
-.PP
-iptables\-apply will try to apply a new ruleset (as output by
-iptables\-save/read by iptables\-restore) to iptables, then prompt the
-user whether the changes are okay. If the new ruleset cut the existing
-connection, the user will not be able to answer affirmatively. In this
-case, the script rolls back to the previous ruleset after the timeout
-expired. The timeout can be set with \fB\-t\fP.
-.PP
-When called as \fBip6tables\-apply\fP, the script will use
-ip6tables\-save/\-restore instead.
-.SH OPTIONS
-.TP
-\fB\-t\fP \fIseconds\fR, \fB\-\-timeout\fP \fIseconds\fR
-Sets the timeout after which the script will roll back to the previous
-ruleset.
-.TP
-\fB\-h\fP, \fB\-\-help\fP
-Display usage information.
-.TP
-\fB\-V\fP, \fB\-\-version\fP
-Display version information.
-.SH "SEE ALSO"
-.PP
-\fBiptables-restore\fP(8), \fBiptables-save\fP(8), \fBiptables\fR(8).
-.SH LEGALESE
-.PP
-iptables\-apply is copyright by Martin F. Krafft.
-.PP
-This manual page was written by Martin F. Krafft <madduck@madduck.net>
-.PP
-Permission is granted to copy, distribute and/or modify this document
-under the terms of the Artistic License 2.0.
diff --git a/iptables/iptables-apply.8.in b/iptables/iptables-apply.8.in
new file mode 100644
index 00000000..cdc9c447
--- /dev/null
+++ b/iptables/iptables-apply.8.in
@@ -0,0 +1,44 @@
+.\"     Title: iptables-apply
+.\"    Author: Martin F. Krafft
+.\"      Date: Jun 04, 2006
+.\"
+.TH IPTABLES\-APPLY 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
+.\" disable hyphenation
+.nh
+.SH NAME
+iptables-apply \- a safer way to update iptables remotely
+.SH SYNOPSIS
+\fBiptables\-apply\fP [\-\fBhV\fP] [\fB-t\fP \fItimeout\fP] \fIruleset\-file\fP
+.SH "DESCRIPTION"
+.PP
+iptables\-apply will try to apply a new ruleset (as output by
+iptables\-save/read by iptables\-restore) to iptables, then prompt the
+user whether the changes are okay. If the new ruleset cut the existing
+connection, the user will not be able to answer affirmatively. In this
+case, the script rolls back to the previous ruleset after the timeout
+expired. The timeout can be set with \fB\-t\fP.
+.PP
+When called as \fBip6tables\-apply\fP, the script will use
+ip6tables\-save/\-restore instead.
+.SH OPTIONS
+.TP
+\fB\-t\fP \fIseconds\fR, \fB\-\-timeout\fP \fIseconds\fR
+Sets the timeout after which the script will roll back to the previous
+ruleset.
+.TP
+\fB\-h\fP, \fB\-\-help\fP
+Display usage information.
+.TP
+\fB\-V\fP, \fB\-\-version\fP
+Display version information.
+.SH "SEE ALSO"
+.PP
+\fBiptables-restore\fP(8), \fBiptables-save\fP(8), \fBiptables\fR(8).
+.SH LEGALESE
+.PP
+iptables\-apply is copyright by Martin F. Krafft.
+.PP
+This manual page was written by Martin F. Krafft <madduck@madduck.net>
+.PP
+Permission is granted to copy, distribute and/or modify this document
+under the terms of the Artistic License 2.0.
diff --git a/iptables/iptables-restore.8 b/iptables/iptables-restore.8
deleted file mode 100644
index 8567147a..00000000
--- a/iptables/iptables-restore.8
+++ /dev/null
@@ -1,72 +0,0 @@
-.TH IPTABLES-RESTORE 8 "Jan 04, 2001" "" ""
-.\"
-.\" Man page written by Harald Welte <laforge@gnumonks.org>
-.\" It is based on the iptables man page.
-.\"
-.\"	This program is free software; you can redistribute it and/or modify
-.\"	it under the terms of the GNU General Public License as published by
-.\"	the Free Software Foundation; either version 2 of the License, or
-.\"	(at your option) any later version.
-.\"
-.\"	This program is distributed in the hope that it will be useful,
-.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\"	GNU General Public License for more details.
-.\"
-.\"	You should have received a copy of the GNU General Public License
-.\"	along with this program; if not, write to the Free Software
-.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-iptables-restore \(em Restore IP Tables
-.P
-ip6tables-restore \(em Restore IPv6 Tables
-.SH SYNOPSIS
-\fBiptables\-restore\fP [\fB\-chntv\fP] [\fB\-M\fP \fImodprobe\fP]
-.P
-\fBip6tables\-restore\fP [\fB\-chntv\fP] [\fB\-M\fP \fImodprobe\fP]
-[\fB\-T\fP \fIname\fP]
-.SH DESCRIPTION
-.PP
-.B iptables-restore
-and
-.B ip6tables-restore
-are used to restore IP and IPv6 Tables from data specified on STDIN. Use
-I/O redirection provided by your shell to read from a file
-.TP
-\fB\-c\fR, \fB\-\-counters\fR
-restore the values of all packet and byte counters
-.TP
-\fB\-h\fP, \fB\-\-help\fP
-Print a short option summary.
-.TP
-\fB\-n\fR, \fB\-\-noflush\fR
-don't flush the previous contents of the table. If not specified,
-both commands flush (delete) all previous contents of the respective table.
-.TP
-\fB\-t\fP, \fB\-\-test\fP
-Only parse and construct the ruleset, but do not commit it.
-.TP
-\fB\-v\fP, \fB\-\-verbose\fP
-Print additional debug info during ruleset processing.
-.TP
-\fB\-M\fP, \fB\-\-modprobe\fP \fImodprobe_program\fP
-Specify the path to the modprobe program. By default, iptables-restore will
-inspect /proc/sys/kernel/modprobe to determine the executable's path.
-.TP
-\fB\-T\fP, \fB\-\-table\fP \fIname\fP
-Restore only the named table even if the input stream contains other ones.
-.SH BUGS
-None known as of iptables-1.2.1 release
-.SH AUTHORS
-Harald Welte <laforge@gnumonks.org> wrote iptables-restore based on code
-from Rusty Russell.
-.br
-Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-restore.
-.SH SEE ALSO
-\fBiptables\-save\fP(8), \fBiptables\fP(8)
-.PP
-The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
-which details NAT, and the netfilter-hacking-HOWTO which details the
-internals.
diff --git a/iptables/iptables-restore.8.in b/iptables/iptables-restore.8.in
new file mode 100644
index 00000000..feb57efa
--- /dev/null
+++ b/iptables/iptables-restore.8.in
@@ -0,0 +1,72 @@
+.TH IPTABLES-RESTORE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
+.\"
+.\" Man page written by Harald Welte <laforge@gnumonks.org>
+.\" It is based on the iptables man page.
+.\"
+.\"	This program is free software; you can redistribute it and/or modify
+.\"	it under the terms of the GNU General Public License as published by
+.\"	the Free Software Foundation; either version 2 of the License, or
+.\"	(at your option) any later version.
+.\"
+.\"	This program is distributed in the hope that it will be useful,
+.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\"	GNU General Public License for more details.
+.\"
+.\"	You should have received a copy of the GNU General Public License
+.\"	along with this program; if not, write to the Free Software
+.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\"
+.\"
+.SH NAME
+iptables-restore \(em Restore IP Tables
+.P
+ip6tables-restore \(em Restore IPv6 Tables
+.SH SYNOPSIS
+\fBiptables\-restore\fP [\fB\-chntv\fP] [\fB\-M\fP \fImodprobe\fP]
+.P
+\fBip6tables\-restore\fP [\fB\-chntv\fP] [\fB\-M\fP \fImodprobe\fP]
+[\fB\-T\fP \fIname\fP]
+.SH DESCRIPTION
+.PP
+.B iptables-restore
+and
+.B ip6tables-restore
+are used to restore IP and IPv6 Tables from data specified on STDIN. Use
+I/O redirection provided by your shell to read from a file
+.TP
+\fB\-c\fR, \fB\-\-counters\fR
+restore the values of all packet and byte counters
+.TP
+\fB\-h\fP, \fB\-\-help\fP
+Print a short option summary.
+.TP
+\fB\-n\fR, \fB\-\-noflush\fR
+don't flush the previous contents of the table. If not specified,
+both commands flush (delete) all previous contents of the respective table.
+.TP
+\fB\-t\fP, \fB\-\-test\fP
+Only parse and construct the ruleset, but do not commit it.
+.TP
+\fB\-v\fP, \fB\-\-verbose\fP
+Print additional debug info during ruleset processing.
+.TP
+\fB\-M\fP, \fB\-\-modprobe\fP \fImodprobe_program\fP
+Specify the path to the modprobe program. By default, iptables-restore will
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
+.TP
+\fB\-T\fP, \fB\-\-table\fP \fIname\fP
+Restore only the named table even if the input stream contains other ones.
+.SH BUGS
+None known as of iptables-1.2.1 release
+.SH AUTHORS
+Harald Welte <laforge@gnumonks.org> wrote iptables-restore based on code
+from Rusty Russell.
+.br
+Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-restore.
+.SH SEE ALSO
+\fBiptables\-save\fP(8), \fBiptables\fP(8)
+.PP
+The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
+which details NAT, and the netfilter-hacking-HOWTO which details the
+internals.
diff --git a/iptables/iptables-save.8 b/iptables/iptables-save.8
deleted file mode 100644
index d796a96c..00000000
--- a/iptables/iptables-save.8
+++ /dev/null
@@ -1,62 +0,0 @@
-.TH IPTABLES-SAVE 8 "Jan 04, 2001" "" ""
-.\"
-.\" Man page written by Harald Welte <laforge@gnumonks.org>
-.\" It is based on the iptables man page.
-.\"
-.\"	This program is free software; you can redistribute it and/or modify
-.\"	it under the terms of the GNU General Public License as published by
-.\"	the Free Software Foundation; either version 2 of the License, or
-.\"	(at your option) any later version.
-.\"
-.\"	This program is distributed in the hope that it will be useful,
-.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\"	GNU General Public License for more details.
-.\"
-.\"	You should have received a copy of the GNU General Public License
-.\"	along with this program; if not, write to the Free Software
-.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-iptables-save \(em dump iptables rules to stdout
-.P
-ip6tables-save \(em dump iptables rules to stdout
-.SH SYNOPSIS
-\fBiptables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
-[\fB\-t\fP \fItable\fP]
-.P
-\fBip6tables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
-[\fB\-t\fP \fItable\fP
-.SH DESCRIPTION
-.PP
-.B iptables-save
-and
-.B ip6tables-save
-are used to dump the contents of IP or IPv6 Table in easily parseable format
-to STDOUT. Use I/O-redirection provided by your shell to write to a file.
-.TP
-\fB\-M\fP \fImodprobe_program\fP
-Specify the path to the modprobe program. By default, iptables-save will
-inspect /proc/sys/kernel/modprobe to determine the executable's path.
-.TP
-\fB\-c\fR, \fB\-\-counters\fR
-include the current values of all packet and byte counters in the output
-.TP
-\fB\-t\fR, \fB\-\-table\fR \fItablename\fP
-restrict output to only one table. If not specified, output includes all
-available tables.
-.SH BUGS
-None known as of iptables-1.2.1 release
-.SH AUTHORS
-Harald Welte <laforge@gnumonks.org>
-.br
-Rusty Russell <rusty@rustcorp.com.au>
-.br
-Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-save.
-.SH SEE ALSO
-\fBiptables\-restore\fP(8), \fBiptables\fP(8)
-.PP
-The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
-which details NAT, and the netfilter-hacking-HOWTO which details the
-internals.
diff --git a/iptables/iptables-save.8.in b/iptables/iptables-save.8.in
new file mode 100644
index 00000000..5e939b1a
--- /dev/null
+++ b/iptables/iptables-save.8.in
@@ -0,0 +1,62 @@
+.TH IPTABLES-SAVE 8 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
+.\"
+.\" Man page written by Harald Welte <laforge@gnumonks.org>
+.\" It is based on the iptables man page.
+.\"
+.\"	This program is free software; you can redistribute it and/or modify
+.\"	it under the terms of the GNU General Public License as published by
+.\"	the Free Software Foundation; either version 2 of the License, or
+.\"	(at your option) any later version.
+.\"
+.\"	This program is distributed in the hope that it will be useful,
+.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\"	GNU General Public License for more details.
+.\"
+.\"	You should have received a copy of the GNU General Public License
+.\"	along with this program; if not, write to the Free Software
+.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\"
+.\"
+.SH NAME
+iptables-save \(em dump iptables rules to stdout
+.P
+ip6tables-save \(em dump iptables rules to stdout
+.SH SYNOPSIS
+\fBiptables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
+[\fB\-t\fP \fItable\fP]
+.P
+\fBip6tables\-save\fP [\fB\-M\fP \fImodprobe\fP] [\fB\-c\fP]
+[\fB\-t\fP \fItable\fP
+.SH DESCRIPTION
+.PP
+.B iptables-save
+and
+.B ip6tables-save
+are used to dump the contents of IP or IPv6 Table in easily parseable format
+to STDOUT. Use I/O-redirection provided by your shell to write to a file.
+.TP
+\fB\-M\fP \fImodprobe_program\fP
+Specify the path to the modprobe program. By default, iptables-save will
+inspect /proc/sys/kernel/modprobe to determine the executable's path.
+.TP
+\fB\-c\fR, \fB\-\-counters\fR
+include the current values of all packet and byte counters in the output
+.TP
+\fB\-t\fR, \fB\-\-table\fR \fItablename\fP
+restrict output to only one table. If not specified, output includes all
+available tables.
+.SH BUGS
+None known as of iptables-1.2.1 release
+.SH AUTHORS
+Harald Welte <laforge@gnumonks.org>
+.br
+Rusty Russell <rusty@rustcorp.com.au>
+.br
+Andras Kis-Szabo <kisza@sch.bme.hu> contributed ip6tables-save.
+.SH SEE ALSO
+\fBiptables\-restore\fP(8), \fBiptables\fP(8)
+.PP
+The iptables-HOWTO, which details more iptables usage, the NAT-HOWTO,
+which details NAT, and the netfilter-hacking-HOWTO which details the
+internals.
diff --git a/iptables/iptables-xml.1 b/iptables/iptables-xml.1
deleted file mode 100644
index 70b2c1fd..00000000
--- a/iptables/iptables-xml.1
+++ /dev/null
@@ -1,87 +0,0 @@
-.TH IPTABLES-XML 1 "Jul 16, 2007" "" ""
-.\"
-.\" Man page written by Sam Liddicott <azez@ufomechanic.net>
-.\" It is based on the iptables-save man page.
-.\"
-.\"	This program is free software; you can redistribute it and/or modify
-.\"	it under the terms of the GNU General Public License as published by
-.\"	the Free Software Foundation; either version 2 of the License, or
-.\"	(at your option) any later version.
-.\"
-.\"	This program is distributed in the hope that it will be useful,
-.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
-.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-.\"	GNU General Public License for more details.
-.\"
-.\"	You should have received a copy of the GNU General Public License
-.\"	along with this program; if not, write to the Free Software
-.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-.\"
-.\"
-.SH NAME
-iptables-xml \(em Convert iptables-save format to XML
-.SH SYNOPSIS
-\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]
-.SH DESCRIPTION
-.PP
-.B iptables-xml
-is used to convert the output of iptables-save into an easily manipulatable
-XML format to STDOUT.  Use I/O-redirection provided by your shell to write to 
-a file.
-.TP
-\fB\-c\fR, \fB\-\-combine\fR
-combine consecutive rules with the same matches but different targets. iptables
-does not currently support more than one target per match, so this simulates 
-that by collecting the targets from consecutive iptables rules into one action
-tag, but only when the rule matches are identical. Terminating actions like
-RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
-.TP
-\fB\-v\fR, \fB\-\-verbose\fR
-Output xml comments containing the iptables line from which the XML is derived
-
-.PP
-iptables-xml does a mechanistic conversion to a very expressive xml
-format; the only semantic considerations are for \-g and \-j targets in
-order to discriminate between <call> <goto> and <nane-of-target> as it
-helps xml processing scripts if they can tell the difference between a
-target like SNAT and another chain.
-
-Some sample output is:
-
-<iptables-rules>
-  <table name="mangle">
-    <chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
-byte-count="7137573">
-      <rule>
-       <conditions>
-        <match>
-          <p>tcp</p>
-        </match>
-        <tcp>
-          <sport>8443</sport>
-        </tcp>
-       </conditions>
-       <actions>
-        <call>
-          <check_ip/>
-        </call>
-        <ACCEPT/>
-       </actions>
-      </rule>
-    </chain>
-  </table>
-</iptables-rules>
-
-.PP
-Conversion from XML to iptables-save format may be done using the 
-iptables.xslt script and xsltproc, or a custom program using
-libxsltproc or similar; in this fashion:
-
-xsltproc iptables.xslt my-iptables.xml | iptables-restore
-
-.SH BUGS
-None known as of iptables-1.3.7 release
-.SH AUTHOR
-Sam Liddicott <azez@ufomechanic.net>
-.SH SEE ALSO
-\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)
diff --git a/iptables/iptables-xml.1.in b/iptables/iptables-xml.1.in
new file mode 100644
index 00000000..7b7878f8
--- /dev/null
+++ b/iptables/iptables-xml.1.in
@@ -0,0 +1,87 @@
+.TH IPTABLES-XML 1 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
+.\"
+.\" Man page written by Sam Liddicott <azez@ufomechanic.net>
+.\" It is based on the iptables-save man page.
+.\"
+.\"	This program is free software; you can redistribute it and/or modify
+.\"	it under the terms of the GNU General Public License as published by
+.\"	the Free Software Foundation; either version 2 of the License, or
+.\"	(at your option) any later version.
+.\"
+.\"	This program is distributed in the hope that it will be useful,
+.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+.\"	GNU General Public License for more details.
+.\"
+.\"	You should have received a copy of the GNU General Public License
+.\"	along with this program; if not, write to the Free Software
+.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+.\"
+.\"
+.SH NAME
+iptables-xml \(em Convert iptables-save format to XML
+.SH SYNOPSIS
+\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]
+.SH DESCRIPTION
+.PP
+.B iptables-xml
+is used to convert the output of iptables-save into an easily manipulatable
+XML format to STDOUT.  Use I/O-redirection provided by your shell to write to 
+a file.
+.TP
+\fB\-c\fR, \fB\-\-combine\fR
+combine consecutive rules with the same matches but different targets. iptables
+does not currently support more than one target per match, so this simulates 
+that by collecting the targets from consecutive iptables rules into one action
+tag, but only when the rule matches are identical. Terminating actions like
+RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
+.TP
+\fB\-v\fR, \fB\-\-verbose\fR
+Output xml comments containing the iptables line from which the XML is derived
+
+.PP
+iptables-xml does a mechanistic conversion to a very expressive xml
+format; the only semantic considerations are for \-g and \-j targets in
+order to discriminate between <call> <goto> and <nane-of-target> as it
+helps xml processing scripts if they can tell the difference between a
+target like SNAT and another chain.
+
+Some sample output is:
+
+<iptables-rules>
+  <table name="mangle">
+    <chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
+byte-count="7137573">
+      <rule>
+       <conditions>
+        <match>
+          <p>tcp</p>
+        </match>
+        <tcp>
+          <sport>8443</sport>
+        </tcp>
+       </conditions>
+       <actions>
+        <call>
+          <check_ip/>
+        </call>
+        <ACCEPT/>
+       </actions>
+      </rule>
+    </chain>
+  </table>
+</iptables-rules>
+
+.PP
+Conversion from XML to iptables-save format may be done using the 
+iptables.xslt script and xsltproc, or a custom program using
+libxsltproc or similar; in this fashion:
+
+xsltproc iptables.xslt my-iptables.xml | iptables-restore
+
+.SH BUGS
+None known as of iptables-1.3.7 release
+.SH AUTHOR
+Sam Liddicott <azez@ufomechanic.net>
+.SH SEE ALSO
+\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)
-- 
cgit v1.2.3