88 lines
2.9 KiB
Groff
Executable File
88 lines
2.9 KiB
Groff
Executable File
.TH IPTABLES-XML 8 "Jul 16, 2007" "" ""
|
|
.\"
|
|
.\" Man page written by Sam Liddicott <azez@ufomechanic.net>
|
|
.\" It is based on the iptables-save man page.
|
|
.\"
|
|
.\" This program is free software; you can redistribute it and/or modify
|
|
.\" it under the terms of the GNU General Public License as published by
|
|
.\" the Free Software Foundation; either version 2 of the License, or
|
|
.\" (at your option) any later version.
|
|
.\"
|
|
.\" This program is distributed in the hope that it will be useful,
|
|
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
.\" GNU General Public License for more details.
|
|
.\"
|
|
.\" You should have received a copy of the GNU General Public License
|
|
.\" along with this program; if not, write to the Free Software
|
|
.\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
.\"
|
|
.\"
|
|
.SH NAME
|
|
iptables-xml \(em Convert iptables-save format to XML
|
|
.SH SYNOPSIS
|
|
\fBiptables\-xml\fP [\fB\-c\fP] [\fB\-v\fP]
|
|
.SH DESCRIPTION
|
|
.PP
|
|
.B iptables-xml
|
|
is used to convert the output of iptables-save into an easily manipulatable
|
|
XML format to STDOUT. Use I/O-redirection provided by your shell to write to
|
|
a file.
|
|
.TP
|
|
\fB\-c\fR, \fB\-\-combine\fR
|
|
combine consecutive rules with the same matches but different targets. iptables
|
|
does not currently support more than one target per match, so this simulates
|
|
that by collecting the targets from consecutive iptables rules into one action
|
|
tag, but only when the rule matches are identical. Terminating actions like
|
|
RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
|
|
.TP
|
|
\fB\-v\fR, \fB\-\-verbose\fR
|
|
Output xml comments containing the iptables line from which the XML is derived
|
|
|
|
.PP
|
|
iptables-xml does a mechanistic conversion to a very expressive xml
|
|
format; the only semantic considerations are for \-g and \-j targets in
|
|
order to discriminate between <call> <goto> and <nane-of-target> as it
|
|
helps xml processing scripts if they can tell the difference between a
|
|
target like SNAT and another chain.
|
|
|
|
Some sample output is:
|
|
|
|
<iptables-rules>
|
|
<table name="mangle">
|
|
<chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
|
|
byte-count="7137573">
|
|
<rule>
|
|
<conditions>
|
|
<match>
|
|
<p>tcp</p>
|
|
</match>
|
|
<tcp>
|
|
<sport>8443</sport>
|
|
</tcp>
|
|
</conditions>
|
|
<actions>
|
|
<call>
|
|
<check_ip/>
|
|
</call>
|
|
<ACCEPT/>
|
|
</actions>
|
|
</rule>
|
|
</chain>
|
|
</table>
|
|
</iptables-rules>
|
|
|
|
.PP
|
|
Conversion from XML to iptables-save format may be done using the
|
|
iptables.xslt script and xsltproc, or a custom program using
|
|
libxsltproc or similar; in this fashion:
|
|
|
|
xsltproc iptables.xslt my-iptables.xml | iptables-restore
|
|
|
|
.SH BUGS
|
|
None known as of iptables-1.3.7 release
|
|
.SH AUTHOR
|
|
Sam Liddicott <azez@ufomechanic.net>
|
|
.SH SEE ALSO
|
|
\fBiptables\-save\fP(8), \fBiptables\-restore\fP(8), \fBiptables\fP(8)
|