Provided by: iptables_1.8.10-3ubuntu2_amd64 
NAME
iptables-xml — Convert iptables-save format to XML
SYNOPSIS
iptables-xml [-c] [-v]
DESCRIPTION
iptables-xml is used to convert the output of iptables-save into an easily manipulatable XML format to
STDOUT. Use I/O-redirection provided by your shell to write to a file.
-c, --combine
combine consecutive rules with the same matches but different targets. iptables does not currently
support more than one target per match, so this simulates that by collecting the targets from
consecutive iptables rules into one action tag, but only when the rule matches are identical.
Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
-v, --verbose
Output xml comments containing the iptables line from which the XML is derived
iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic
considerations are for -g and -j targets in order to discriminate between <call> <goto> and <nane-of-
target> as it helps xml processing scripts if they can tell the difference between a target like SNAT and
another chain.
Some sample output is:
<iptables-rules>
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<sport>8443</sport>
</tcp>
</conditions>
<actions>
<call>
<check_ip/>
</call>
<ACCEPT/>
</actions>
</rule>
</chain>
</table> </iptables-rules>
Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a
custom program using libxsltproc or similar; in this fashion:
xsltproc iptables.xslt my-iptables.xml | iptables-restore
BUGS
None known as of iptables-1.3.7 release
AUTHOR
Sam Liddicott <azez@ufomechanic.net>
SEE ALSO
iptables-save(8), iptables-restore(8), iptables(8)
iptables 1.8.10 IPTABLES-XML(1)