{
    "content": [
        {
            "type": "text",
            "text": "# IPTABLES-TRANSLATE (info)\n\n## NAME\n\niptables-translate  --  translation  tool  to  migrate from iptables to nftables  ip6tables-translate -- translation tool to migrate  from  ip6tables  to nftables\n\n## DESCRIPTION\n\nThere  is  a  set of tools to help the system administrator translate a\ngiven ruleset from iptables(8) and ip6tables(8) to nftables(8).\n\n## Sections\n\n- **NAME**\n- **DESCRIPTION**\n- **USAGE**\n- **EXAMPLES**\n- **LIMITATIONS**\n- **SEE ALSO**\n- **AUTHORS**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n"
        }
    ],
    "structuredContent": {
        "command": "IPTABLES-TRANSLATE",
        "section": "",
        "mode": "info",
        "summary": "iptables-translate  --  translation  tool  to  migrate from iptables to nftables  ip6tables-translate -- translation tool to migrate  from  ip6tables  to nftables",
        "synopsis": null,
        "tldr_summary": null,
        "tldr_examples": [],
        "tldr_source": null,
        "flags": [],
        "examples": [
            "Basic operation examples.",
            "Single command translation:",
            "root@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT",
            "nft add rule ip filter INPUT tcp dport 22 ct state new counter accept",
            "root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT",
            "nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept",
            "Whole ruleset translation:",
            "root@machine:~# iptables-save > save.txt",
            "root@machine:~# cat save.txt",
            "# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016",
            "*filter",
            ":INPUT ACCEPT [5166:1752111]",
            ":FORWARD ACCEPT [0:0]",
            ":OUTPUT ACCEPT [5058:628693]",
            "-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT",
            "COMMIT",
            "# Completed on Sat Dec 24 14:26:40 2016",
            "root@machine:~# iptables-restore-translate -f save.txt",
            "# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016",
            "add table ip filter",
            "add chain ip filter INPUT { type filter hook input priority 0; }",
            "add chain ip filter FORWARD { type filter hook forward priority 0; }",
            "add chain ip filter OUTPUT { type filter hook output priority 0; }",
            "add rule ip filter FORWARD tcp dport 22 ct state new counter accept",
            "root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft",
            "root@machine:~# nft -f ruleset.nft",
            "root@machine:~# nft list ruleset",
            "table ip filter {",
            "chain INPUT {",
            "type filter hook input priority 0; policy accept;",
            "chain FORWARD {",
            "type filter hook forward priority 0; policy accept;",
            "tcp dport ssh ct state new counter packets 0 bytes 0 accept",
            "chain OUTPUT {",
            "type filter hook output priority 0; policy accept;"
        ],
        "see_also": [
            {
                "name": "nft",
                "section": "8",
                "url": "https://www.chedong.com/phpMan.php/man/nft/8/json"
            },
            {
                "name": "iptables",
                "section": "8",
                "url": "https://www.chedong.com/phpMan.php/man/iptables/8/json"
            }
        ],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 6,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 13,
                "subsections": []
            },
            {
                "name": "USAGE",
                "lines": 12,
                "subsections": []
            },
            {
                "name": "EXAMPLES",
                "lines": 49,
                "subsections": []
            },
            {
                "name": "LIMITATIONS",
                "lines": 9,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 2,
                "subsections": []
            },
            {
                "name": "AUTHORS",
                "lines": 9,
                "subsections": []
            }
        ],
        "sections": {
            "NAME": {
                "content": "iptables-translate  --  translation  tool  to  migrate from iptables to\nnftables\n\nip6tables-translate -- translation tool to migrate  from  ip6tables  to\nnftables\n",
                "subsections": []
            },
            "DESCRIPTION": {
                "content": "There  is  a  set of tools to help the system administrator translate a\ngiven ruleset from iptables(8) and ip6tables(8) to nftables(8).\n\nThe available commands are:\n\no iptables-translate\n\no iptables-restore-translate\n\no ip6tables-translate\n\no ip6tables-restore-translate\n",
                "subsections": []
            },
            "USAGE": {
                "content": "They take as input the  original  iptables(8)/ip6tables(8)  syntax  and\noutput the native nftables(8) syntax.\n\nThe  iptables-restore-translate tool reads a ruleset in the syntax pro-\nduced by iptables-save(8).  Likewise,  the  ip6tables-restore-translate\ntool reads one produced by ip6tables-save(8).  No ruleset modifications\noccur, these tools are text converters only.\n\nThe iptables-translate reads a command line as if  it  was  entered  to\niptables(8),  and ip6tables-translate reads a command like as if it was\nentered to ip6tables(8).\n",
                "subsections": []
            },
            "EXAMPLES": {
                "content": "Basic operation examples.\n\nSingle command translation:\n\nroot@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\nnft add rule ip filter INPUT tcp dport 22 ct state new counter accept\n\nroot@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT\nnft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept\n\nWhole ruleset translation:\n\nroot@machine:~# iptables-save > save.txt\nroot@machine:~# cat save.txt\n# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016\n*filter\n:INPUT ACCEPT [5166:1752111]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [5058:628693]\n-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\nCOMMIT\n# Completed on Sat Dec 24 14:26:40 2016\n\nroot@machine:~# iptables-restore-translate -f save.txt\n# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016\nadd table ip filter\nadd chain ip filter INPUT { type filter hook input priority 0; }\nadd chain ip filter FORWARD { type filter hook forward priority 0; }\nadd chain ip filter OUTPUT { type filter hook output priority 0; }\nadd rule ip filter FORWARD tcp dport 22 ct state new counter accept\n\nroot@machine:~# iptables-restore-translate -f save.txt > ruleset.nft\nroot@machine:~# nft -f ruleset.nft\nroot@machine:~# nft list ruleset\ntable ip filter {\nchain INPUT {\ntype filter hook input priority 0; policy accept;\n}\n\nchain FORWARD {\ntype filter hook forward priority 0; policy accept;\ntcp dport ssh ct state new counter packets 0 bytes 0 accept\n}\n\nchain OUTPUT {\ntype filter hook output priority 0; policy accept;\n}\n}\n",
                "subsections": []
            },
            "LIMITATIONS": {
                "content": "Some (few) extensions may be not  supported  (or  fully-supported)  for\nwhatever  reason  (for  example,  they  were considered obsolete, or we\ndidn't have the time to work on them).\n\nThere are no translations available for ebtables(8) and arptables(8).\n\nTo  get   up-to-date   information   about   this,   please   head   to\nhttps://wiki.nftables.org/.\n",
                "subsections": []
            },
            "SEE ALSO": {
                "content": "nft(8), iptables(8)\n",
                "subsections": []
            },
            "AUTHORS": {
                "content": "The   nftables   framework   is   written   by  the  Netfilter  project\n(https://www.netfilter.org).\n\nThis manual page was written by Arturo Borrero Gonzalez <arturo@netfil-\nter.org>.\n\nThis documentation is free/libre under the terms of the GPLv2+.\n\nMay 14, 2019            IPTABLES-TRANSLATE(8)",
                "subsections": []
            }
        }
    }
}