iptables-converter(8) program to convert iptables commands from file to iptables-restore format


iptables-converter [-s iptables-plain-file]


The iptables-converter takes a regular file containing a series of iptables invocations and converts such a sequence to a format compatible with the iptables-restore command. No attempt is made to reorder the sequence of the commands, especially nothing in the input is interpreted in any way. All input lines not starting with "iptables" or "/sbin/iptables" are ignored. Any input lines starting with "#" are treated as comments and therefore are ignored.

if iptables-converter is run without any arguments, it tries to read a file named "rules" in workdir. That's the tribute to my way of doing.

Output generally is send to stdout for your convienience and nowhere else. So you can inspect it and write to file for later feeding the iptables-restore command.

Something needs to be mentioned: iptables -E intellectually still is an unsolved problem and not implemented for now, sorry. Thank you for any hints of how to do it, I can't imagine because of some lacks in my brain.


Normally iptables-converter returns a value of 0. In accidential case of errors exit status 1 is returned. For example, if there are shell variables or shell functions in the inputfile, these are treated as error, which is reported. To avoid these, execute your scripts and feed their output as a file to iptables-converter.


iptables-converter should be compatibe to any iptables implementations out in the wild. If not, keep me informed, thanks. I'll do my very best.


-s filename This option gives you a chance to take another filename instaed of "rules"


Johannes Hubertz <[email protected]> wrote this in 2013, 2014, 2015. Any comments welcome anytime.