Man Linux: Main Page and Category List


       iptables-xml - Convert iptables-save format to XML


       iptables-xml [-c] [-v]


       iptables-xml  is  used  to  convert the output of iptables-save into an
       easily  manipulatable  XML  format  to  STDOUT.   Use   I/O-redirection
       provided by your shell to write to a file.

       -c, --combine
              combine  consecutive  rules  with the same matches but different
              targets. iptables does  not  currently  support  more  than  one
              target  per  match,  so  this  simulates  that by collecting the
              targets from consecutive iptables rules into one action tag, but
              only  when  the  rule matches are identical. Terminating actions
              like RETURN, DROP,  ACCEPT  and  QUEUE  are  not  combined  with
              subsequent targets.

       -v, --verbose
              Output  xml comments containing the iptables line from which the
              XML is derived

       iptables-xml does a mechanistic conversion to  a  very  expressive  xml
       format;  the  only semantic considerations are for -g and -j targets in
       order to discriminate between <call> <goto> and <nane-of-target> as  it
       helps  xml processing scripts if they can tell the difference between a
       target like SNAT and another chain.

       Some sample output is:

         <table name="mangle">
           <chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-
         </table> </iptables-rules>

       Conversion  from  XML  to  iptables-save  format  may be done using the
       iptables.xslt  script  and  xsltproc,  or  a   custom   program   using
       libxsltproc or similar; in this fashion:

       xsltproc iptables.xslt my-iptables.xml | iptables-restore


       None known as of iptables-1.3.7 release


       Sam Liddicott <>


       iptables-save(8), iptables-restore(8), iptables(8)

                                 Jul 16, 2007