ipset-translate - Man Page
translation tool to migrate from ipset to nftables
Description
This tool allows system administrators to translate a given IP sets file to nftables(8).
The only available command is:
- ipset-translate restore < file.ipt
Usage
The ipset-translate tool reads an IP sets file in the syntax produced by ipset(8) save. No set modifications occur, this tool is a text converter.
Examples
Basic operation examples.
Single command translation, assuming the original file:
create test1 hash:ip,port family inet counters timeout 300 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d add test1 1.1.1.1,udp:20 add test1 1.1.1.1,21 create test2 hash:ip,port family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d
which results in the following translation:
root@machine:~# ipset-translate restore < file.ipt
add set inet global test1 { type ipv4_addr . inet_proto . inet_service; counter; timeout 300s; size 65536; }
add element inet global test1 { 1.1.1.1 . udp . 20 }
add element inet global test1 { 1.1.1.1 . tcp . 21 }
add set inet global test2 { type ipv4_addr . inet_proto . inet_service; size 65536; }Limitations
A few IP sets options may be not supported because they are not yet implemented in nftables(8).
Contrary to nftables(8), IP sets are not attached to a specific table. The translation utility assumes that sets are created in a table whose name is global and family is inet. You might want to update the resulting translation to use a different table name and family for your sets.
To get up-to-date information about this, please head to https://wiki.nftables.org/.
See Also
Authors
The nftables framework has been written by the Netfilter Project (https://www.netfilter.org).
This manual page was written by Pablo Neira Ayuso <pablo@netfilter.org>.
This documentation is free/libre under the terms of the GPLv2+.
This tool was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.