Sam Liddicott | 8e52815 | 2007-07-17 17:02:04 +0000 | [diff] [blame] | 1 | .TH IPTABLES-XML 8 "Jul 16, 2007" "" "" |
| 2 | .\" |
| 3 | .\" Man page written by Sam Liddicott <azez@ufomechanic.net> |
| 4 | .\" It is based on the iptables-save man page. |
| 5 | .\" |
| 6 | .\" This program is free software; you can redistribute it and/or modify |
| 7 | .\" it under the terms of the GNU General Public License as published by |
| 8 | .\" the Free Software Foundation; either version 2 of the License, or |
| 9 | .\" (at your option) any later version. |
| 10 | .\" |
| 11 | .\" This program is distributed in the hope that it will be useful, |
| 12 | .\" but WITHOUT ANY WARRANTY; without even the implied warranty of |
| 13 | .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| 14 | .\" GNU General Public License for more details. |
| 15 | .\" |
| 16 | .\" You should have received a copy of the GNU General Public License |
| 17 | .\" along with this program; if not, write to the Free Software |
| 18 | .\" Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 19 | .\" |
| 20 | .\" |
| 21 | .SH NAME |
| 22 | iptables-xml \- Convert iptables-save format to XML |
| 23 | .SH SYNOPSIS |
| 24 | .BR "iptables-xml " "[-c] [-v]" |
| 25 | .br |
| 26 | .SH DESCRIPTION |
| 27 | .PP |
| 28 | .B iptables-xml |
| 29 | is used to convert the output of iptables-save into an easily manipulatable |
| 30 | XML format to STDOUT. Use I/O-redirection provided by your shell to write to |
| 31 | a file. |
| 32 | .TP |
| 33 | \fB\-c\fR, \fB\-\-combine\fR |
| 34 | combine consecutive rules with the same matches but different targets. iptables |
| 35 | does not currently support more than one target per match, so this simulates |
| 36 | that by collecting the targets from consecutive iptables rules into one action |
| 37 | tag, but only when the rule matches are identical. Terminating actions like |
| 38 | RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets. |
| 39 | .TP |
| 40 | \fB\-v\fR, \fB\-\-verbose\fR |
| 41 | Output xml comments containing the iptables line from which the XML is derived |
| 42 | |
| 43 | .PP |
| 44 | iptables-xml does a mechanistic conversion to a very expressive xml |
| 45 | format; the only semantic considerations are for -g and -j targets in |
| 46 | order to discriminate between <call> <goto> and <nane-of-target> as it |
| 47 | helps xml processing scripts if they can tell the difference between a |
| 48 | target like SNAT and another chain. |
| 49 | |
| 50 | Some sample output is: |
| 51 | |
| 52 | <iptables-rules> |
Filippo Zangheri | 7149688 | 2008-03-06 02:19:26 +0100 | [diff] [blame] | 53 | <table name="mangle"> |
Sam Liddicott | 8e52815 | 2007-07-17 17:02:04 +0000 | [diff] [blame] | 54 | <chain name="PREROUTING" policy="ACCEPT" packet-count="63436" |
Filippo Zangheri | 7149688 | 2008-03-06 02:19:26 +0100 | [diff] [blame] | 55 | byte-count="7137573"> |
| 56 | <rule> |
Sam Liddicott | 8e52815 | 2007-07-17 17:02:04 +0000 | [diff] [blame] | 57 | <conditions> |
Filippo Zangheri | 7149688 | 2008-03-06 02:19:26 +0100 | [diff] [blame] | 58 | <match> |
| 59 | <p>tcp</p> |
Sam Liddicott | 8e52815 | 2007-07-17 17:02:04 +0000 | [diff] [blame] | 60 | </match> |
Filippo Zangheri | 7149688 | 2008-03-06 02:19:26 +0100 | [diff] [blame] | 61 | <tcp> |
| 62 | <sport>8443</sport> |
Sam Liddicott | 8e52815 | 2007-07-17 17:02:04 +0000 | [diff] [blame] | 63 | </tcp> |
| 64 | </conditions> |
| 65 | <actions> |
Filippo Zangheri | 7149688 | 2008-03-06 02:19:26 +0100 | [diff] [blame] | 66 | <call> |
| 67 | <check_ip/> |
Sam Liddicott | 8e52815 | 2007-07-17 17:02:04 +0000 | [diff] [blame] | 68 | </call> |
| 69 | <ACCEPT/> |
| 70 | </actions> |
| 71 | </rule> |
| 72 | </chain> |
| 73 | </table> |
| 74 | </iptables-rules> |
| 75 | |
| 76 | .PP |
| 77 | Conversion from XML to iptables-save format may be done using the |
| 78 | iptables.xslt script and xsltproc, or a custom program using |
| 79 | libxsltproc or similar; in this fashion: |
| 80 | |
| 81 | xsltproc iptables.xslt my-iptables.xml | iptables-restore |
| 82 | |
| 83 | .SH BUGS |
| 84 | None known as of iptables-1.3.7 release |
| 85 | .SH AUTHOR |
| 86 | Sam Liddicott <azez@ufomechanic.net> |
| 87 | .SH SEE ALSO |
| 88 | .BR iptables-save "(8), " iptables-restore "(8), " iptables "(8) " |
| 89 | .PP |