# info > xtables-translate

[IPTABLES-TRANSLATE(8)](https://www.chedong.com/phpMan.php/man/IPTABLES-TRANSLATE/8/markdown)       System Manager's Manual      [IPTABLES-TRANSLATE(8)](https://www.chedong.com/phpMan.php/man/IPTABLES-TRANSLATE/8/markdown)

## NAME
       iptables-translate  --  translation  tool  to  migrate from iptables to
       nftables

       ip6tables-translate -- translation tool to migrate  from  ip6tables  to
       nftables

## DESCRIPTION
       There  is  a  set of tools to help the system administrator translate a
       given ruleset from [iptables(8)](https://www.chedong.com/phpMan.php/man/iptables/8/markdown) and [ip6tables(8)](https://www.chedong.com/phpMan.php/man/ip6tables/8/markdown) to [nftables(8)](https://www.chedong.com/phpMan.php/man/nftables/8/markdown).

       The available commands are:

       o iptables-translate

       o iptables-restore-translate

       o ip6tables-translate

       o ip6tables-restore-translate

## USAGE
       They take as input the  original  [iptables(8)](https://www.chedong.com/phpMan.php/man/iptables/8/markdown)/[ip6tables(8)](https://www.chedong.com/phpMan.php/man/ip6tables/8/markdown)  syntax  and
       output the native [nftables(8)](https://www.chedong.com/phpMan.php/man/nftables/8/markdown) syntax.

       The  iptables-restore-translate tool reads a ruleset in the syntax pro-
       duced by [iptables-save(8)](https://www.chedong.com/phpMan.php/man/iptables-save/8/markdown).  Likewise,  the  ip6tables-restore-translate
       tool reads one produced by [ip6tables-save(8)](https://www.chedong.com/phpMan.php/man/ip6tables-save/8/markdown).  No ruleset modifications
       occur, these tools are text converters only.

       The iptables-translate reads a command line as if  it  was  entered  to
       [iptables(8)](https://www.chedong.com/phpMan.php/man/iptables/8/markdown),  and ip6tables-translate reads a command like as if it was
       entered to [ip6tables(8)](https://www.chedong.com/phpMan.php/man/ip6tables/8/markdown).

## EXAMPLES
       Basic operation examples.

       Single command translation:

       root@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
       nft add rule ip filter INPUT tcp dport 22 ct state new counter accept

       root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT
       nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept

       Whole ruleset translation:

       root@machine:~# iptables-save > save.txt
       root@machine:~# cat save.txt
       # Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016
       *filter
       :INPUT ACCEPT [5166:1752111]
       :FORWARD ACCEPT [0:0]
       :OUTPUT ACCEPT [5058:628693]
       -A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
       COMMIT
       # Completed on Sat Dec 24 14:26:40 2016

       root@machine:~# iptables-restore-translate -f save.txt
       # Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016
       add table ip filter
       add chain ip filter INPUT { type filter hook input priority 0; }
       add chain ip filter FORWARD { type filter hook forward priority 0; }
       add chain ip filter OUTPUT { type filter hook output priority 0; }
       add rule ip filter FORWARD tcp dport 22 ct state new counter accept

       root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft
       root@machine:~# nft -f ruleset.nft
       root@machine:~# nft list ruleset
       table ip filter {
            chain INPUT {
                 type filter hook input priority 0; policy accept;
            }

            chain FORWARD {
                 type filter hook forward priority 0; policy accept;
                 tcp dport ssh ct state new counter packets 0 bytes 0 accept
            }

            chain OUTPUT {
                 type filter hook output priority 0; policy accept;
            }
       }

## LIMITATIONS
       Some (few) extensions may be not  supported  (or  fully-supported)  for
       whatever  reason  (for  example,  they  were considered obsolete, or we
       didn't have the time to work on them).

       There are no translations available for [ebtables(8)](https://www.chedong.com/phpMan.php/man/ebtables/8/markdown) and [arptables(8)](https://www.chedong.com/phpMan.php/man/arptables/8/markdown).

       To  get   up-to-date   information   about   this,   please   head   to
       <https://wiki.nftables.org/>.

## SEE ALSO
       [nft(8)](https://www.chedong.com/phpMan.php/man/nft/8/markdown), [iptables(8)](https://www.chedong.com/phpMan.php/man/iptables/8/markdown)

## AUTHORS
       The   nftables   framework   is   written   by  the  Netfilter  project
       (<https://www.netfilter.org>).

       This manual page was written by Arturo Borrero Gonzalez <arturo@netfil-
       ter.org>.

       This documentation is free/libre under the terms of the GPLv2+.

                                 May 14, 2019            [IPTABLES-TRANSLATE(8)](https://www.chedong.com/phpMan.php/man/IPTABLES-TRANSLATE/8/markdown)
