/usr/share/doc/iptables-converter-doc/html/iptables-converter.html is in iptables-converter-doc 0.9.8-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>iptables-converter - intro — iptables-converter 0.9.8 documentation</title>
<link rel="stylesheet" href="_static/classic.css" type="text/css" />
<link rel="stylesheet" href="_static/pygments.css" type="text/css" />
<script type="text/javascript">
var DOCUMENTATION_OPTIONS = {
URL_ROOT: './',
VERSION: '0.9.8',
COLLAPSE_INDEX: false,
FILE_SUFFIX: '.html',
HAS_SOURCE: true
};
</script>
<script type="text/javascript" src="_static/jquery.js"></script>
<script type="text/javascript" src="_static/underscore.js"></script>
<script type="text/javascript" src="_static/doctools.js"></script>
<link rel="top" title="iptables-converter 0.9.8 documentation" href="index.html" />
<link rel="next" title="iptables-converter - tests" href="converter-tests.html" />
<link rel="prev" title="Welcome to iptables-converter’s documentation!" href="index.html" />
</head>
<body role="document">
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="converter-tests.html" title="iptables-converter - tests"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="index.html" title="Welcome to iptables-converter’s documentation!"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">iptables-converter 0.9.8 documentation</a> »</li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<div class="section" id="iptables-converter-intro">
<h1>iptables-converter - intro<a class="headerlink" href="#iptables-converter-intro" title="Permalink to this headline">¶</a></h1>
<p>Assume a plain file with following contents:</p>
<div class="highlight-python"><div class="highlight"><pre>iptables -F
iptables -t nat -F
iptables -N USER_CHAIN
iptables -A INPUT -p tcp --dport 23 -j ACCEPT
iptables -A USER_CHAIN -p icmp -j DROP
iptables -P INPUT DROP
iptables -t nat -A POSTROUTING -s 10.0.0.0/21 -p tcp --dport 80 -j SNAT --to-source 192.168.1.15
iptables -t nat -A PREROUTING -d 192.0.2.5/32 -p tcp --dport 443 -j DNAT --to-destination 10.0.0.5:1500
</pre></div>
</div>
<p>As times goes by, the script will grow. The more lines the longer will it take to be loaded.
There should be a quicker way of getting things done. Using iptables-save we easily can save the
actual ruleset from the kernel to a file. To load it’s content into the kernel again is a very quick
action compared to the loading of the originating shellscript. So the idea came up to have a
converter just for saving time.</p>
<p><strong>iptables-converter</strong> by default reads a file <strong>rules</strong>, using comandline parameter <code class="docutils literal"><span class="pre">-s</span></code> any other
file. After having read completely, output is written to stdout for full flexibility.
Given the above file as input the following is printed out:</p>
<div class="highlight-python"><div class="highlight"><pre>*raw
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
COMMIT
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -d 192.0.2.5/32 -p tcp --dport 443 -j DNAT --to-destination 10.0.0.5:1500
-A POSTROUTING -s 10.0.0.0/21 -p tcp --dport 80 -j SNAT --to-source 192.168.1.15
COMMIT
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:FORWARD ACCEPT [0:0]
:INPUT DROP [0:0]
:USER_CHAIN - [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -p tcp --dport 23 -j ACCEPT
-A USER_CHAIN -p icmp -j DROP
COMMIT
</pre></div>
</div>
<p>As a file this might be read by iptables-restore, which works immediately.</p>
<p>As the file read is not interpreted in any way, there are few known errorconditions:</p>
<blockquote>
<div><ol class="arabic simple">
<li>the file contains some shell variables, indicated by ‘$’,
this leads to an errormessage and exits immediately with returncode 1.</li>
<li>the file contains some shell functions, indicated by ‘(‘ and/or ‘)’,
this leads to an errormessage and exits immediately with returncode 1.</li>
</ol>
</div></blockquote>
<p>If you have such a file, and oyu want to speed up by converting, please
execute it and feed the output as a file to iptables-converter.</p>
<p>iptables-converter does some error-checking while reading input.
Just to mention it: <strong>iptables -E xyz</strong> and <strong>iptables -L</strong> are not implemented and throw exceptions for now!</p>
</div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="main navigation">
<div class="sphinxsidebarwrapper">
<h4>Previous topic</h4>
<p class="topless"><a href="index.html"
title="previous chapter">Welcome to iptables-converter’s documentation!</a></p>
<h4>Next topic</h4>
<p class="topless"><a href="converter-tests.html"
title="next chapter">iptables-converter - tests</a></p>
<div id="searchbox" style="display: none" role="search">
<h3>Quick search</h3>
<form class="search" action="search.html" method="get">
<input type="text" name="q" />
<input type="submit" value="Go" />
<input type="hidden" name="check_keywords" value="yes" />
<input type="hidden" name="area" value="default" />
</form>
<p class="searchtip" style="font-size: 90%">
Enter search terms or a module, class or function name.
</p>
</div>
<script type="text/javascript">$('#searchbox').show(0);</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="related navigation">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="py-modindex.html" title="Python Module Index"
>modules</a> |</li>
<li class="right" >
<a href="converter-tests.html" title="iptables-converter - tests"
>next</a> |</li>
<li class="right" >
<a href="index.html" title="Welcome to iptables-converter’s documentation!"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="index.html">iptables-converter 0.9.8 documentation</a> »</li>
</ul>
</div>
<div class="footer" role="contentinfo">
© Copyright 2013 - 2015, Johannes Hubertz.
Created using <a href="http://sphinx-doc.org/">Sphinx</a> 1.3.1.
</div>
</body>
</html>
|