|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" (C) Copyright 2016-2017, Arturo Borrero Gonzalez <arturo@netfilter.org>
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" %%%LICENSE_START(GPLv2+_DOC_FULL)
|
|
Packit |
7b22a4 |
.\" This is free documentation; you can redistribute it and/or
|
|
Packit |
7b22a4 |
.\" modify it under the terms of the GNU General Public License as
|
|
Packit |
7b22a4 |
.\" published by the Free Software Foundation; either version 2 of
|
|
Packit |
7b22a4 |
.\" the License, or (at your option) any later version.
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" The GNU General Public License's references to "object code"
|
|
Packit |
7b22a4 |
.\" and "executables" are to be interpreted as the output of any
|
|
Packit |
7b22a4 |
.\" document formatting or typesetting system, including
|
|
Packit |
7b22a4 |
.\" intermediate and printed output.
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" This manual is distributed in the hope that it will be useful,
|
|
Packit |
7b22a4 |
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
Packit |
7b22a4 |
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
Packit |
7b22a4 |
.\" GNU General Public License for more details.
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.\" You should have received a copy of the GNU General Public
|
|
Packit |
7b22a4 |
.\" License along with this manual; if not, see
|
|
Packit |
7b22a4 |
.\" <http://www.gnu.org/licenses/>.
|
|
Packit |
7b22a4 |
.\" %%%LICENSE_END
|
|
Packit |
7b22a4 |
.\"
|
|
Packit |
7b22a4 |
.TH XTABLES-LEGACY 8 "June 2018"
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH NAME
|
|
Packit |
7b22a4 |
xtables-legacy \(em iptables using old getsockopt/setsockopt-based kernel api
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH DESCRIPTION
|
|
Packit |
7b22a4 |
\fBxtables-legacy\fP are the original versions of iptables that use
|
|
Packit |
7b22a4 |
old getsockopt/setsockopt-based kernel interface.
|
|
Packit |
7b22a4 |
This kernel interface has some limitations, therefore iptables can also
|
|
Packit |
7b22a4 |
be used with the newer nf_tables based API.
|
|
Packit |
7b22a4 |
See
|
|
Packit |
7b22a4 |
.B xtables\-nft(8)
|
|
Packit |
7b22a4 |
for information about the xtables-nft variants of iptables.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH USAGE
|
|
Packit |
7b22a4 |
The xtables-legacy-multi binary can be linked to the traditional names:
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.nf
|
|
Packit |
7b22a4 |
/sbin/iptables -> /sbin/iptables\-legacy\-multi
|
|
Packit |
7b22a4 |
/sbin/ip6tables -> /sbin/ip6tables\-legacy\-multi
|
|
Packit |
7b22a4 |
/sbin/iptables\-save -> /sbin/ip6tables\-legacy\-multi
|
|
Packit |
7b22a4 |
/sbin/iptables\-restore -> /sbin/ip6tables\-legacy\-multi
|
|
Packit |
7b22a4 |
.fi
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
The iptables version string will indicate whether the legacy API (get/setsockopt) or
|
|
Packit |
7b22a4 |
the new nf_tables API is used:
|
|
Packit |
7b22a4 |
.nf
|
|
Packit |
7b22a4 |
iptables \-V
|
|
Packit |
7b22a4 |
iptables v1.7 (legacy)
|
|
Packit |
7b22a4 |
.fi
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH LIMITATIONS
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
When inserting a rule using
|
|
Packit |
7b22a4 |
iptables \-A or iptables \-I, iptables first needs to retrieve the current active
|
|
Packit |
7b22a4 |
ruleset, change it to include the new rule, and then commit back the result.
|
|
Packit |
7b22a4 |
This means that if two instances of iptables are running concurrently, one of the
|
|
Packit |
7b22a4 |
updates might be lost. This can be worked around partially with the \-\-wait option.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
There is also no method to monitor changes to the ruleset, except periodically calling
|
|
Packit |
7b22a4 |
iptables-legacy-save and checking for any differences in output.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.B xtables\-monitor(8)
|
|
Packit |
7b22a4 |
will need the
|
|
Packit |
7b22a4 |
.B xtables\-nft(8)
|
|
Packit |
7b22a4 |
versions to work, it cannot display changes made using the
|
|
Packit |
7b22a4 |
.B iptables-legacy
|
|
Packit |
7b22a4 |
tools.
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH SEE ALSO
|
|
Packit |
7b22a4 |
\fBxtables\-nft(8)\fP, \fBxtables\-translate(8)\fP
|
|
Packit |
7b22a4 |
|
|
Packit |
7b22a4 |
.SH AUTHORS
|
|
Packit |
7b22a4 |
Rusty Russell originally wrote iptables, in early consultation with Michael Neuling.
|