{
    "content": [
        {
            "type": "text",
            "text": "# xtables-translate(8) (man)\n\n**Summary:** iptables-translate — translation tool to migrate from iptables to nftables  ip6tables-translate — translation tool to migrate from ip6tables to nftables\n\n## Examples\n\n- `Basic operation examples.`\n- `Single command translation:`\n- `root@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT`\n- `nft add rule ip filter INPUT tcp dport 22 ct state new counter accept`\n- `root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT`\n- `nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept`\n- `Whole ruleset translation:`\n- `root@machine:~# iptables-save > save.txt`\n- `root@machine:~# cat save.txt`\n- `# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016`\n- `*filter`\n- `:INPUT ACCEPT [5166:1752111]`\n- `:FORWARD ACCEPT [0:0]`\n- `:OUTPUT ACCEPT [5058:628693]`\n- `-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT`\n- `COMMIT`\n- `# Completed on Sat Dec 24 14:26:40 2016`\n- `root@machine:~# iptables-restore-translate -f save.txt`\n- `# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016`\n- `add table ip filter`\n- `add chain ip filter INPUT { type filter hook input priority 0; }`\n- `add chain ip filter FORWARD { type filter hook forward priority 0; }`\n- `add chain ip filter OUTPUT { type filter hook output priority 0; }`\n- `add rule ip filter FORWARD tcp dport 22 ct state new counter accept`\n- `root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft`\n- `root@machine:~# nft -f ruleset.nft`\n- `root@machine:~# nft list ruleset`\n- `table ip filter {`\n- `chain INPUT {`\n- `type filter hook input priority 0; policy accept;`\n- `chain FORWARD {`\n- `type filter hook forward priority 0; policy accept;`\n- `tcp dport ssh ct state new counter packets 0 bytes 0 accept`\n- `chain OUTPUT {`\n- `type filter hook output priority 0; policy accept;`\n\n## See Also\n\n- nft(8)\n- iptables(8)\n\n## Section Outline\n\n- **NAME** (4 lines)\n- **DESCRIPTION** (15 lines)\n- **USAGE** (11 lines)\n- **EXAMPLES** (51 lines)\n- **LIMITATIONS** (8 lines)\n- **SEE ALSO** (3 lines)\n- **AUTHORS** (9 lines)\n\n## Full Content\n\n### NAME\n\niptables-translate — translation tool to migrate from iptables to nftables\n\nip6tables-translate — translation tool to migrate from ip6tables to nftables\n\n### DESCRIPTION\n\nThere is a set of tools to help the system administrator translate a given ruleset from ipta‐‐\nbles(8) and ip6tables(8) to nftables(8).\n\nThe available commands are:\n\n\n• iptables-translate\n\n• iptables-restore-translate\n\n• ip6tables-translate\n\n• ip6tables-restore-translate\n\n### USAGE\n\nThey take as input the original iptables(8)/ip6tables(8) syntax and output the  native  nfta‐‐\nbles(8) syntax.\n\nThe  iptables-restore-translate  tool  reads  a  ruleset  in the syntax produced by iptables-\nsave(8). Likewise, the ip6tables-restore-translate tool  reads  one  produced  by  ip6tables-\nsave(8).  No ruleset modifications occur, these tools are text converters only.\n\nThe  iptables-translate  reads a command line as if it was entered to iptables(8), and ip6ta‐‐\nbles-translate reads a command like as if it was entered to ip6tables(8).\n\n### EXAMPLES\n\nBasic operation examples.\n\nSingle command translation:\n\nroot@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\nnft add rule ip filter INPUT tcp dport 22 ct state new counter accept\n\nroot@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT\nnft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept\n\nWhole ruleset translation:\n\nroot@machine:~# iptables-save > save.txt\nroot@machine:~# cat save.txt\n# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016\n*filter\n:INPUT ACCEPT [5166:1752111]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [5058:628693]\n-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT\nCOMMIT\n# Completed on Sat Dec 24 14:26:40 2016\n\nroot@machine:~# iptables-restore-translate -f save.txt\n# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016\nadd table ip filter\nadd chain ip filter INPUT { type filter hook input priority 0; }\nadd chain ip filter FORWARD { type filter hook forward priority 0; }\nadd chain ip filter OUTPUT { type filter hook output priority 0; }\nadd rule ip filter FORWARD tcp dport 22 ct state new counter accept\n\nroot@machine:~# iptables-restore-translate -f save.txt > ruleset.nft\nroot@machine:~# nft -f ruleset.nft\nroot@machine:~# nft list ruleset\ntable ip filter {\nchain INPUT {\ntype filter hook input priority 0; policy accept;\n}\n\nchain FORWARD {\ntype filter hook forward priority 0; policy accept;\ntcp dport ssh ct state new counter packets 0 bytes 0 accept\n}\n\nchain OUTPUT {\ntype filter hook output priority 0; policy accept;\n}\n}\n\n### LIMITATIONS\n\nSome (few) extensions may be not supported (or fully-supported) for whatever reason (for  ex‐\nample, they were considered obsolete, or we didn't have the time to work on them).\n\nThere are no translations available for ebtables(8) and arptables(8).\n\nTo get up-to-date information about this, please head to https://wiki.nftables.org/.\n\n### SEE ALSO\n\nnft(8), iptables(8)\n\n### AUTHORS\n\nThe nftables framework is written by the Netfilter project (https://www.netfilter.org).\n\nThis manual page was written by Arturo Borrero Gonzalez <arturo@netfilter.org>.\n\nThis documentation is free/libre under the terms of the GPLv2+.\n\n\n\nMay 14, 2019                       IPTABLES-TRANSLATE(8)\n\n"
        }
    ],
    "structuredContent": {
        "command": "xtables-translate",
        "section": "8",
        "mode": "man",
        "summary": "iptables-translate — translation tool to migrate from iptables to nftables  ip6tables-translate — translation tool to migrate from ip6tables to nftables",
        "synopsis": null,
        "flags": [],
        "examples": [
            "Basic operation examples.",
            "Single command translation:",
            "root@machine:~# iptables-translate -A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT",
            "nft add rule ip filter INPUT tcp dport 22 ct state new counter accept",
            "root@machine:~# ip6tables-translate -A FORWARD -i eth0 -o eth3 -p udp -m multiport --dports 111,222 -j ACCEPT",
            "nft add rule ip6 filter FORWARD iifname eth0 oifname eth3 meta l4proto udp udp dport { 111,222} counter accept",
            "Whole ruleset translation:",
            "root@machine:~# iptables-save > save.txt",
            "root@machine:~# cat save.txt",
            "# Generated by iptables-save v1.6.0 on Sat Dec 24 14:26:40 2016",
            "*filter",
            ":INPUT ACCEPT [5166:1752111]",
            ":FORWARD ACCEPT [0:0]",
            ":OUTPUT ACCEPT [5058:628693]",
            "-A FORWARD -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT",
            "COMMIT",
            "# Completed on Sat Dec 24 14:26:40 2016",
            "root@machine:~# iptables-restore-translate -f save.txt",
            "# Translated by iptables-restore-translate v1.6.0 on Sat Dec 24 14:26:59 2016",
            "add table ip filter",
            "add chain ip filter INPUT { type filter hook input priority 0; }",
            "add chain ip filter FORWARD { type filter hook forward priority 0; }",
            "add chain ip filter OUTPUT { type filter hook output priority 0; }",
            "add rule ip filter FORWARD tcp dport 22 ct state new counter accept",
            "root@machine:~# iptables-restore-translate -f save.txt > ruleset.nft",
            "root@machine:~# nft -f ruleset.nft",
            "root@machine:~# nft list ruleset",
            "table ip filter {",
            "chain INPUT {",
            "type filter hook input priority 0; policy accept;",
            "chain FORWARD {",
            "type filter hook forward priority 0; policy accept;",
            "tcp dport ssh ct state new counter packets 0 bytes 0 accept",
            "chain OUTPUT {",
            "type filter hook output priority 0; policy accept;"
        ],
        "see_also": [
            {
                "name": "nft",
                "section": "8",
                "url": "https://www.chedong.com/phpMan.php/man/nft/8/json"
            },
            {
                "name": "iptables",
                "section": "8",
                "url": "https://www.chedong.com/phpMan.php/man/iptables/8/json"
            }
        ],
        "section_outline": [
            {
                "name": "NAME",
                "lines": 4,
                "subsections": []
            },
            {
                "name": "DESCRIPTION",
                "lines": 15,
                "subsections": []
            },
            {
                "name": "USAGE",
                "lines": 11,
                "subsections": []
            },
            {
                "name": "EXAMPLES",
                "lines": 51,
                "subsections": []
            },
            {
                "name": "LIMITATIONS",
                "lines": 8,
                "subsections": []
            },
            {
                "name": "SEE ALSO",
                "lines": 3,
                "subsections": []
            },
            {
                "name": "AUTHORS",
                "lines": 9,
                "subsections": []
            }
        ]
    }
}