.TH IPTABLES-XML 1 "" "@PACKAGE_STRING@" "@PACKAGE_STRING@"

.\"

.\" Man page written by Sam Liddicott <azez@ufomechanic.net>

.\" It is based on the iptables-save man page.

.\"

.\"	This program is free software; you can redistribute it and/or modify

.\"	it under the terms of the GNU General Public License as published by

.\"	the Free Software Foundation; either version 2 of the License, or

.\"	(at your option) any later version.

.\"

.\"	This program is distributed in the hope that it will be useful,

.\"	but WITHOUT ANY WARRANTY; without even the implied warranty of

.\"	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

.\"	GNU General Public License for more details.

.\"

.\"	You should have received a copy of the GNU General Public License

.\"	along with this program; if not, write to the Free Software

.\"	Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.

.\"

.\"

.SH NAME

iptables-xml \(em Convert iptables-save format to XML

.SH SYNOPSIS

\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]

.SH DESCRIPTION

.PP

.B iptables-xml

is used to convert the output of iptables-save into an easily manipulatable

XML format to STDOUT.  Use I/O-redirection provided by your shell to write to 

a file.

.TP

\fB\-c\fR, \fB\-\-combine\fR

combine consecutive rules with the same matches but different targets. iptables

does not currently support more than one target per match, so this simulates 

that by collecting the targets from consecutive iptables rules into one action

tag, but only when the rule matches are identical. Terminating actions like

RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.

.TP

\fB\-v\fR, \fB\-\-verbose\fR

Output xml comments containing the iptables line from which the XML is derived

.PP

iptables-xml does a mechanistic conversion to a very expressive xml

format; the only semantic considerations are for \-g and \-j targets in

order to discriminate between <call> <goto> and <nane-of-target> as it

helps xml processing scripts if they can tell the difference between a

target like SNAT and another chain.

Some sample output is:

<iptables-rules>

byte-count="7137573">

      <rule>

       <conditions>

        <match>

          
tcp

        </match>

        <tcp>

          <sport>8443</sport>

        </tcp>

       </conditions>

       <actions>

        <call>

          <check_ip/>

        </call>

        <ACCEPT/>

       </actions>

      </rule>

    </chain>

</iptables-rules>

.PP

Conversion from XML to iptables-save format may be done using the 

iptables.xslt script and xsltproc, or a custom program using

libxsltproc or similar; in this fashion:

xsltproc iptables.xslt my-iptables.xml | iptables-restore

.SH BUGS

None known as of iptables-1.3.7 release

.SH AUTHOR

Sam Liddicott <azez@ufomechanic.net>

.SH SEE ALSO

\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)