{
    "mode": "info",
    "parameter": "IPTABLES-TRANSLATE",
    "section": "",
    "url": "https://www.chedong.com/phpMan.php/info/IPTABLES-TRANSLATE/json",
    "generated": "2026-07-05T13:24:18Z",
    "sections": {
        "NAME": {
            "content": "iptables-translate  --  translation  tool  to  migrate from iptables to\nnftables\n\nip6tables-translate -- translation tool to migrate  from  ip6tables  to\nnftables\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "There  is  a  set of tools to help the system administrator translate a\ngiven ruleset from iptables(8) and ip6tables(8) to nftables(8).\n\nThe available commands are:\n\no iptables-translate\n\no iptables-restore-translate\n\no ip6tables-translate\n\no ip6tables-restore-translate\n",
            "subsections": []
        },
        "USAGE": {
            "content": "They take as input the  original  iptables(8)/ip6tables(8)  syntax  and\noutput the native nftables(8) syntax.\n\nThe  iptables-restore-translate tool reads a ruleset in the syntax pro-\nduced by iptables-save(8).  Likewise,  the  ip6tables-restore-translate\ntool reads one produced by ip6tables-save(8).  No ruleset modifications\noccur, these tools are text converters only.\n\nThe iptables-translate reads a command line as if  it  was  entered  to\niptables(8),  and ip6tables-translate reads a command like as if it was\nentered to ip6tables(8).\n",
            "subsections": []
        },
        "EXAMPLES": {
            "content": "Basic operation examples.\n\nSingle command translation:\n\nroot@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\nnft add rule ip filter INPUT tcp dport 22 ct state new counter accept\n\nroot@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT\nnft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept\n\nWhole ruleset translation:\n\nroot@machine:~# iptables-save > save.txt\nroot@machine:~# cat save.txt\n# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016\n*filter\n:INPUT ACCEPT [5166:1752111]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [5058:628693]\n-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\nCOMMIT\n# Completed on Sat Dec 24 14:26:40 2016\n\nroot@machine:~# iptables-restore-translate -f save.txt\n# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016\nadd table ip filter\nadd chain ip filter INPUT { type filter hook input priority 0; }\nadd chain ip filter FORWARD { type filter hook forward priority 0; }\nadd chain ip filter OUTPUT { type filter hook output priority 0; }\nadd rule ip filter FORWARD tcp dport 22 ct state new counter accept\n\nroot@machine:~# iptables-restore-translate -f save.txt > ruleset.nft\nroot@machine:~# nft -f ruleset.nft\nroot@machine:~# nft list ruleset\ntable ip filter {\nchain INPUT {\ntype filter hook input priority 0; policy accept;\n}\n\nchain FORWARD {\ntype filter hook forward priority 0; policy accept;\ntcp dport ssh ct state new counter packets 0 bytes 0 accept\n}\n\nchain OUTPUT {\ntype filter hook output priority 0; policy accept;\n}\n}\n",
            "subsections": []
        },
        "LIMITATIONS": {
            "content": "Some (few) extensions may be not  supported  (or  fully-supported)  for\nwhatever  reason  (for  example,  they  were considered obsolete, or we\ndidn't have the time to work on them).\n\nThere are no translations available for ebtables(8) and arptables(8).\n\nTo  get   up-to-date   information   about   this,   please   head   to\nhttps://wiki.nftables.org/.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "nft(8), iptables(8)\n",
            "subsections": []
        },
        "AUTHORS": {
            "content": "The   nftables   framework   is   written   by  the  Netfilter  project\n(https://www.netfilter.org).\n\nThis manual page was written by Arturo Borrero Gonzalez <arturo@netfil-\nter.org>.\n\nThis documentation is free/libre under the terms of the GPLv2+.\n\nMay 14, 2019            IPTABLES-TRANSLATE(8)",
            "subsections": []
        }
    },
    "summary": "iptables-translate  --  translation  tool  to  migrate from iptables to nftables  ip6tables-translate -- translation tool to migrate  from  ip6tables  to nftables",
    "flags": [],
    "examples": [
        "Basic operation examples.",
        "Single command translation:",
        "root@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT",
        "nft add rule ip filter INPUT tcp dport 22 ct state new counter accept",
        "root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT",
        "nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept",
        "Whole ruleset translation:",
        "root@machine:~# iptables-save > save.txt",
        "root@machine:~# cat save.txt",
        "# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016",
        "*filter",
        ":INPUT ACCEPT [5166:1752111]",
        ":FORWARD ACCEPT [0:0]",
        ":OUTPUT ACCEPT [5058:628693]",
        "-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT",
        "COMMIT",
        "# Completed on Sat Dec 24 14:26:40 2016",
        "root@machine:~# iptables-restore-translate -f save.txt",
        "# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016",
        "add table ip filter",
        "add chain ip filter INPUT { type filter hook input priority 0; }",
        "add chain ip filter FORWARD { type filter hook forward priority 0; }",
        "add chain ip filter OUTPUT { type filter hook output priority 0; }",
        "add rule ip filter FORWARD tcp dport 22 ct state new counter accept",
        "root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft",
        "root@machine:~# nft -f ruleset.nft",
        "root@machine:~# nft list ruleset",
        "table ip filter {",
        "chain INPUT {",
        "type filter hook input priority 0; policy accept;",
        "chain FORWARD {",
        "type filter hook forward priority 0; policy accept;",
        "tcp dport ssh ct state new counter packets 0 bytes 0 accept",
        "chain OUTPUT {",
        "type filter hook output priority 0; policy accept;"
    ],
    "see_also": [
        {
            "name": "nft",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/nft/8/json"
        },
        {
            "name": "iptables",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/iptables/8/json"
        }
    ]
}