|
Packit Service |
d1fe03 |
.TH IPTABLES-XML 1 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"
|
|
Packit Service |
d1fe03 |
.\"
|
|
Packit Service |
d1fe03 |
.\" Man page written by Sam Liddicott <azez@ufomechanic.net>
|
|
Packit Service |
d1fe03 |
.\" It is based on the iptables-save man page.
|
|
Packit Service |
d1fe03 |
.\"
|
|
Packit Service |
d1fe03 |
.\" This program is free software; you can redistribute it and/or modify
|
|
Packit Service |
d1fe03 |
.\" it under the terms of the GNU General Public License as published by
|
|
Packit Service |
d1fe03 |
.\" the Free Software Foundation; either version 2 of the License, or
|
|
Packit Service |
d1fe03 |
.\" (at your option) any later version.
|
|
Packit Service |
d1fe03 |
.\"
|
|
Packit Service |
d1fe03 |
.\" This program is distributed in the hope that it will be useful,
|
|
Packit Service |
d1fe03 |
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit Service |
d1fe03 |
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit Service |
d1fe03 |
.\" GNU General Public License for more details.
|
|
Packit Service |
d1fe03 |
.\"
|
|
Packit Service |
d1fe03 |
.\" You should have received a copy of the GNU General Public License
|
|
Packit Service |
d1fe03 |
.\" along with this program; if not, write to the Free Software
|
|
Packit Service |
d1fe03 |
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
Packit Service |
d1fe03 |
.\"
|
|
Packit Service |
d1fe03 |
.\"
|
|
Packit Service |
d1fe03 |
.SH NAME
|
|
Packit Service |
d1fe03 |
iptables-xml \(em Convert iptables-save format to XML
|
|
Packit Service |
d1fe03 |
.SH SYNOPSIS
|
|
Packit Service |
d1fe03 |
\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]
|
|
Packit Service |
d1fe03 |
.SH DESCRIPTION
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
.B iptables-xml
|
|
Packit Service |
d1fe03 |
is used to convert the output of iptables-save into an easily manipulatable
|
|
Packit Service |
d1fe03 |
XML format to STDOUT. Use I/O-redirection provided by your shell to write to
|
|
Packit Service |
d1fe03 |
a file.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-c\fR, \fB\-\-combine\fR
|
|
Packit Service |
d1fe03 |
combine consecutive rules with the same matches but different targets. iptables
|
|
Packit Service |
d1fe03 |
does not currently support more than one target per match, so this simulates
|
|
Packit Service |
d1fe03 |
that by collecting the targets from consecutive iptables rules into one action
|
|
Packit Service |
d1fe03 |
tag, but only when the rule matches are identical. Terminating actions like
|
|
Packit Service |
d1fe03 |
RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
|
|
Packit Service |
d1fe03 |
.TP
|
|
Packit Service |
d1fe03 |
\fB\-v\fR, \fB\-\-verbose\fR
|
|
Packit Service |
d1fe03 |
Output xml comments containing the iptables line from which the XML is derived
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
iptables-xml does a mechanistic conversion to a very expressive xml
|
|
Packit Service |
d1fe03 |
format; the only semantic considerations are for \-g and \-j targets in
|
|
Packit Service |
d1fe03 |
order to discriminate between <call> <goto> and <nane-of-target> as it
|
|
Packit Service |
d1fe03 |
helps xml processing scripts if they can tell the difference between a
|
|
Packit Service |
d1fe03 |
target like SNAT and another chain.
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
Some sample output is:
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
<iptables-rules>
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
byte-count="7137573">
|
|
Packit Service |
d1fe03 |
<rule>
|
|
Packit Service |
d1fe03 |
<conditions>
|
|
Packit Service |
d1fe03 |
<match>
|
|
Packit Service |
d1fe03 |
tcp
|
|
Packit Service |
d1fe03 |
</match>
|
|
Packit Service |
d1fe03 |
<tcp>
|
|
Packit Service |
d1fe03 |
<sport>8443</sport>
|
|
Packit Service |
d1fe03 |
</tcp>
|
|
Packit Service |
d1fe03 |
</conditions>
|
|
Packit Service |
d1fe03 |
<actions>
|
|
Packit Service |
d1fe03 |
<call>
|
|
Packit Service |
d1fe03 |
<check_ip/>
|
|
Packit Service |
d1fe03 |
</call>
|
|
Packit Service |
d1fe03 |
<ACCEPT/>
|
|
Packit Service |
d1fe03 |
</actions>
|
|
Packit Service |
d1fe03 |
</rule>
|
|
Packit Service |
d1fe03 |
</chain>
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
</iptables-rules>
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
.PP
|
|
Packit Service |
d1fe03 |
Conversion from XML to iptables-save format may be done using the
|
|
Packit Service |
d1fe03 |
iptables.xslt script and xsltproc, or a custom program using
|
|
Packit Service |
d1fe03 |
libxsltproc or similar; in this fashion:
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
xsltproc iptables.xslt my-iptables.xml | iptables-restore
|
|
Packit Service |
d1fe03 |
|
|
Packit Service |
d1fe03 |
.SH BUGS
|
|
Packit Service |
d1fe03 |
None known as of iptables-1.3.7 release
|
|
Packit Service |
d1fe03 |
.SH AUTHOR
|
|
Packit Service |
d1fe03 |
Sam Liddicott <azez@ufomechanic.net>
|
|
Packit Service |
d1fe03 |
.SH SEE ALSO
|
|
Packit Service |
d1fe03 |
\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)
|