{
    "mode": "man",
    "parameter": "iptables-legacy-save",
    "section": "8",
    "url": "https://www.chedong.com/phpMan.php/man/iptables-legacy-save/8/json",
    "generated": "2026-05-30T08:17:10Z",
    "sections": {
        "NAME": {
            "content": "xtables-legacy — iptables using old getsockopt/setsockopt-based kernel api\n\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "xtables-legacy are the original versions of iptables that use old getsockopt/setsockopt-based\nkernel interface.  This kernel interface has some limitations, therefore iptables can also be\nused  with  the newer nftables based API.  See xtables-nft(8) for information about the xta‐\nbles-nft variants of iptables.\n\n",
            "subsections": []
        },
        "USAGE": {
            "content": "The xtables-legacy-multi binary can be linked to the traditional names:\n\n/sbin/iptables -> /sbin/iptables-legacy-multi\n/sbin/ip6tables -> /sbin/ip6tables-legacy-multi\n/sbin/iptables-save -> /sbin/ip6tables-legacy-multi\n/sbin/iptables-restore -> /sbin/ip6tables-legacy-multi\n\nThe iptables version string will indicate whether the legacy API (get/setsockopt) or the  new\nnftables API is used:\niptables -V\niptables v1.7 (legacy)\n\n",
            "subsections": []
        },
        "LIMITATIONS": {
            "content": "When  inserting a rule using iptables -A or iptables -I, iptables first needs to retrieve the\ncurrent active ruleset, change it to include the new rule, and then commit back  the  result.\nThis  means  that  if  two instances of iptables are running concurrently, one of the updates\nmight be lost.  This can be worked around partially with the --wait option.\n\nThere is also no method to monitor changes to the ruleset, except periodically calling  ipta‐\nbles-legacy-save and checking for any differences in output.\n\nxtables-monitor(8)  will  need the xtables-nft(8) versions to work, it cannot display changes\nmade using the iptables-legacy tools.\n\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "xtables-nft(8), xtables-translate(8)\n\n",
            "subsections": []
        },
        "AUTHORS": {
            "content": "Rusty Russell originally wrote iptables, in early consultation with Michael Neuling.\n\n\n\nJune 2018                            XTABLES-LEGACY(8)",
            "subsections": []
        }
    },
    "summary": "xtables-legacy — iptables using old getsockopt/setsockopt-based kernel api",
    "flags": [],
    "examples": [],
    "see_also": [
        {
            "name": "xtables-nft",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/xtables-nft/8/json"
        },
        {
            "name": "xtables-translate",
            "section": "8",
            "url": "https://www.chedong.com/phpMan.php/man/xtables-translate/8/json"
        }
    ]
}