{"id":3614,"date":"2022-12-20T17:09:09","date_gmt":"2022-12-20T20:09:09","guid":{"rendered":"http:\/\/lode.uno\/linux-man\/index.php\/2022\/12\/20\/iptables-translate-man8\/"},"modified":"2022-12-20T17:09:09","modified_gmt":"2022-12-20T20:09:09","slug":"iptables-translate-man8","status":"publish","type":"post","link":"https:\/\/lode.uno\/linux-man\/2022\/12\/20\/iptables-translate-man8\/","title":{"rendered":"IPTABLES-TRANSLATE (man8)"},"content":{"rendered":"<h1 align=\"center\">IPTABLES-TRANSLATE<\/h1>\n<p> <a href=\"#NAME\">NAME<\/a><br \/> <a href=\"#DESCRIPTION\">DESCRIPTION<\/a><br \/> <a href=\"#USAGE\">USAGE<\/a><br \/> <a href=\"#EXAMPLES\">EXAMPLES<\/a><br \/> <a href=\"#LIMITATIONS\">LIMITATIONS<\/a><br \/> <a href=\"#SEE ALSO\">SEE ALSO<\/a><br \/> <a href=\"#AUTHORS\">AUTHORS<\/a> <\/p>\n<hr>\n<h2>NAME <a name=\"NAME\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">iptables-translate \u2014 translation tool to migrate from iptables to nftables<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">ip6tables-translate \u2014 translation tool to migrate from ip6tables to nftables<\/p>\n<h2>DESCRIPTION <a name=\"DESCRIPTION\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">There is a set of tools to help the system administrator translate a given ruleset from <b>iptables(8)<\/b> and <b>ip6tables(8)<\/b> to <b>nftables(8)<\/b>.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">The available commands are:<\/p>\n<table width=\"100%\" border=\"0\" rules=\"none\" frame=\"void\" cellspacing=\"0\" cellpadding=\"0\">\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"1%\">\n<p>\u2022<\/p>\n<\/td>\n<td width=\"2%\"><\/td>\n<td width=\"41%\">\n<p>iptables-translate<\/p>\n<\/td>\n<td width=\"45%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"1%\">\n<p>\u2022<\/p>\n<\/td>\n<td width=\"2%\"><\/td>\n<td width=\"41%\">\n<p>iptables-restore-translate<\/p>\n<\/td>\n<td width=\"45%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"1%\">\n<p>\u2022<\/p>\n<\/td>\n<td width=\"2%\"><\/td>\n<td width=\"41%\">\n<p>ip6tables-translate<\/p>\n<\/td>\n<td width=\"45%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"11%\"><\/td>\n<td width=\"1%\">\n<p>\u2022<\/p>\n<\/td>\n<td width=\"2%\"><\/td>\n<td width=\"41%\">\n<p>ip6tables-restore-translate<\/p>\n<\/td>\n<td width=\"45%\"> <\/td>\n<\/tr>\n<\/table>\n<h2>USAGE <a name=\"USAGE\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">They take as input the original <b>iptables(8)<\/b>\/<b>ip6tables(8)<\/b> syntax and output the native <b>nftables(8)<\/b> syntax.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">The <b>iptables-restore-translate<\/b> tool reads a ruleset in the syntax produced by <b>iptables-save(8)<\/b>. Likewise, the <b>ip6tables-restore-translate<\/b> tool reads one produced by <b>ip6tables-save(8)<\/b>. No ruleset modifications occur, these tools are text converters only.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">The <b>iptables-translate<\/b> reads a command line as if it was entered to <b>iptables(8)<\/b>, and <b>ip6tables-translate<\/b> reads a command like as if it was entered to <b>ip6tables(8)<\/b>.<\/p>\n<h2>EXAMPLES <a name=\"EXAMPLES\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">Basic operation examples.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">Single command translation:<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">root@machine:~# iptables-translate -A INPUT -p tcp &#8211;dport 22 -m conntrack &#8211;ctstate NEW -j ACCEPT <br \/> nft add rule ip filter INPUT tcp dport 22 ct state new counter accept<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport &#8211;dports 111,222 -j ACCEPT <br \/> nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">Whole ruleset translation:<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">root@machine:~# iptables-save > save.txt <br \/> root@machine:~# cat save.txt <br \/> # Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016 <br \/> *filter <br \/> :INPUT ACCEPT [5166:1752111] <br \/> :FORWARD ACCEPT [0:0] <br \/> :OUTPUT ACCEPT [5058:628693] <br \/> -A FORWARD -p tcp -m tcp &#8211;dport 22 -m conntrack &#8211;ctstate NEW -j ACCEPT <br \/> COMMIT <br \/> # Completed on Sat Dec 24 14:26:40 2016<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">root@machine:~# iptables-restore-translate -f save.txt <br \/> # Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016 <br \/> add table ip filter <br \/> add chain ip filter INPUT { type filter hook input priority 0; } <br \/> add chain ip filter FORWARD { type filter hook forward priority 0; } <br \/> add chain ip filter OUTPUT { type filter hook output priority 0; } <br \/> add rule ip filter FORWARD tcp dport 22 ct state new counter accept<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft <br \/> root@machine:~# nft -f ruleset.nft <br \/> root@machine:~# nft list ruleset <br \/> table ip filter {<\/p>\n<table width=\"100%\" border=\"0\" rules=\"none\" frame=\"void\" cellspacing=\"0\" cellpadding=\"0\">\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\">\n<p>chain INPUT {<\/p>\n<\/td>\n<td width=\"77%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"> <\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"77%\">\n<p>type filter hook input priority 0; policy accept;<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\">\n<p>}<\/p>\n<\/td>\n<td width=\"77%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\">\n<p>chain FORWARD {<\/p>\n<\/td>\n<td width=\"77%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"> <\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"77%\">\n<p>type filter hook forward priority 0; policy accept;<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"> <\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"77%\">\n<p>tcp dport ssh ct state new counter packets 0 bytes 0 accept<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\">\n<p>}<\/p>\n<\/td>\n<td width=\"77%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\">\n<p>chain OUTPUT {<\/p>\n<\/td>\n<td width=\"77%\"> <\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"> <\/td>\n<td width=\"8%\"> <\/td>\n<td width=\"77%\">\n<p>type filter hook output priority 0; policy accept;<\/p>\n<\/td>\n<\/tr>\n<tr valign=\"top\" align=\"left\">\n<td width=\"8%\"><\/td>\n<td width=\"7%\"><\/td>\n<td width=\"8%\">\n<p>}<\/p>\n<\/td>\n<td width=\"77%\"> <\/td>\n<\/tr>\n<\/table>\n<p style=\"margin-left:11%;\">}<\/p>\n<h2>LIMITATIONS <a name=\"LIMITATIONS\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">Some (few) extensions may be not supported (or fully-supported) for whatever reason (for example, they were considered obsolete, or we didn\u2019t have the time to work on them).<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">There are no translations available for <b>ebtables(8)<\/b> and <b>arptables(8)<\/b>.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">To get up-to-date information about this, please head to <b>https:\/\/wiki.nftables.org\/<\/b>.<\/p>\n<h2>SEE ALSO <a name=\"SEE ALSO\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\"><b>nft(8)<\/b>, <b>iptables(8)<\/b><\/p>\n<h2>AUTHORS <a name=\"AUTHORS\"><\/a> <\/h2>\n<p style=\"margin-left:11%; margin-top: 1em\">The nftables framework is written by the Netfilter project (https:\/\/www.netfilter.org).<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">This manual page was written by Arturo Borrero Gonzalez <arturo@netfilter.org>.<\/p>\n<p style=\"margin-left:11%; margin-top: 1em\">This documentation is free\/libre under the terms of the GPLv2+.<\/p>\n<hr>\n","protected":false},"excerpt":{"rendered":"<p>  iptables-translate \u2014 translation tool to migrate from iptables to nftables ip6tables-translate \u2014 translation tool to migrate from ip6tables to nftables <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[5,52,4,730],"class_list":["post-3614","post","type-post","status-publish","format-standard","hentry","category-8-administracion-del-sistema","tag-5","tag-administracion","tag-man8","tag-xtables-translate"],"gutentor_comment":0,"_links":{"self":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3614","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/comments?post=3614"}],"version-history":[{"count":0,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/posts\/3614\/revisions"}],"wp:attachment":[{"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/media?parent=3614"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/categories?post=3614"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lode.uno\/linux-man\/wp-json\/wp\/v2\/tags?post=3614"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}