1IPTABLES-XML(1) iptables 1.8.8 IPTABLES-XML(1)
2
6 iptables-xml — Convert iptables-save format to XML
7
9 iptables-xml [-c] [-v]
10
12 iptables-xml is used to convert the output of iptables-save into an
13 easily manipulatable XML format to STDOUT. Use I/O-redirection pro‐
14 vided by your shell to write to a file.
15 -c, --combine
17 combine consecutive rules with the same matches but different
18 targets. iptables does not currently support more than one tar‐
19 get per match, so this simulates that by collecting the targets
20 from consecutive iptables rules into one action tag, but only
21 when the rule matches are identical. Terminating actions like
22 RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent
23 targets.
24 -v, --verbose
26 Output xml comments containing the iptables line from which the
27 XML is derived
28 iptables-xml does a mechanistic conversion to a very expressive xml
31 format; the only semantic considerations are for -g and -j targets in
32 order to discriminate between <call> <goto> and <nane-of-target> as it
33 helps xml processing scripts if they can tell the difference between a
34 target like SNAT and another chain.
35 Some sample output is:
37 <iptables-rules>
39 <table name="mangle">
40 <chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-
41 count="7137573">
42 <rule>
43 <conditions>
44 <match>
45 <p>tcp</p>
46 </match>
47 <tcp>
48 <sport>8443</sport>
49 </tcp>
50 </conditions>
51 <actions>
52 <call>
53 <check_ip/>
54 </call>
55 <ACCEPT/>
56 </actions>
57 </rule>
58 </chain>
59 </table> </iptables-rules>
60 Conversion from XML to iptables-save format may be done using the ipta‐
63 bles.xslt script and xsltproc, or a custom program using libxsltproc or
64 similar; in this fashion:
65 xsltproc iptables.xslt my-iptables.xml | iptables-restore
67
70 None known as of iptables-1.3.7 release
71
73 Sam Liddicott <azez@ufomechanic.net>
74
76 iptables-save(8), iptables-restore(8), iptables(8)
77iptables 1.8.8 IPTABLES-XML(1)