1IPSET-TRANSLATE(8)          System Manager's Manual         IPSET-TRANSLATE(8)
2
3
4

NAME

6       ipset-translate — translation tool to migrate from ipset to nftables
7

DESCRIPTION

9       This  tool  allows  system  administrators to translate a given IP sets
10       file to nftables(8).
11
12       The only available command is:
13
14
15       • ipset-translate restore < file.ipt
16
17

USAGE

19       The ipset-translate tool reads an IP sets file in the  syntax  produced
20       by  ipset(8) save. No set modifications occur, this tool is a text con‐
21       verter.
22
23

EXAMPLES

25       Basic operation examples.
26
27       Single command translation, assuming the original file:
28
29       create test1 hash:ip,port family inet counters timeout 300 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d
30       add test1 1.1.1.1,udp:20
31       add test1 1.1.1.1,21
32       create test2 hash:ip,port family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d
33
34       which results in the following translation:
35
36       root@machine:~# ipset-translate restore < file.ipt
37       add set inet global test1 { type ipv4_addr . inet_proto . inet_service; counter; timeout 300s; size 65536; }
38       add element inet global test1 { 1.1.1.1 . udp . 20 }
39       add element inet global test1 { 1.1.1.1 . tcp . 21 }
40       add set inet global test2 { type ipv4_addr . inet_proto . inet_service; size 65536; }
41
42

LIMITATIONS

44       A few IP sets options may be not supported because they are not yet im‐
45       plemented in nftables(8).
46
47       Contrary  to nftables(8), IP sets are not attached to a specific table.
48       The translation utility assumes that sets are created in a table  whose
49       name is global and family is inet. You might want to update the result‐
50       ing translation to use a different table name and family for your sets.
51
52       To  get   up-to-date   information   about   this,   please   head   to
53       https://wiki.nftables.org/.
54
55

SEE ALSO

57       nft(8), ipset(8)
58
59

AUTHORS

61       The  nftables  framework  has  been  written  by  the Netfilter Project
62       (https://www.netfilter.org).
63
64       This manual page  was  written  by  Pablo  Neira  Ayuso  <pablo@netfil‐
65       ter.org>.
66
67       This documentation is free/libre under the terms of the GPLv2+.
68
69       This  tool  was funded through the NGI0 PET Fund, a fund established by
70       NLnet with financial support from the European Commission's Next Gener‐
71       ation  Internet  programme,  under  the aegis of DG Communications Net‐
72       works, Content and Technology under grant agreement No 825310.
73
74
75
76                                 May 31, 2021               IPSET-TRANSLATE(8)