logo
Free, unlimited AI code reviews that run on commit
git-lrc git-lrc GitHub Install Now We'd appreciate a star git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt git-lrc - Free, unlimited AI code reviews that run on commit | Product Hunt

ipset-translate — translation tool to migrate from ipset to nftables

Contents

Authors

       The nftables framework has been written by the Netfilter Project (https://www.netfilter.org).

       This manual page was written by Pablo Neira Ayuso <pablo@netfilter.org>.

       This documentation is free/libre under the terms of the GPLv2+.

       This tool was funded through the NGI0 PET Fund, a fund established by NLnet with financial  support  from
       the  European  Commission's  Next  Generation  Internet  programme,  under the aegis of DG Communications
       Networks, Content and Technology under grant agreement No 825310.

                                                  May 31, 2021                                IPSET-TRANSLATE(8)

Description

       This tool allows system administrators to translate a given IP sets file to nftables(8).

       The only available command is:

       • ipset-translate restore < file.ipt

Examples

       Basic operation examples.

       Single command translation, assuming the original file:

       create test1 hash:ip,port family inet counters timeout 300 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d
       add test1 1.1.1.1,udp:20
       add test1 1.1.1.1,21
       create test2 hash:ip,port family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d

       which results in the following translation:

       root@machine:~# ipset-translate restore < file.ipt
       add set inet global test1 { type ipv4_addr . inet_proto . inet_service; counter; timeout 300s; size 65536; }
       add element inet global test1 { 1.1.1.1 . udp . 20 }
       add element inet global test1 { 1.1.1.1 . tcp . 21 }
       add set inet global test2 { type ipv4_addr . inet_proto . inet_service; size 65536; }

Limitations

       A few IP sets options may be not supported because they are not yet implemented in nftables(8).

       Contrary to nftables(8), IP sets are not attached to a specific table.  The translation  utility  assumes
       that  sets  are  created in a table whose name is global and family is inet. You might want to update the
       resulting translation to use a different table name and family for your sets.

       To get up-to-date information about this, please head to https://wiki.nftables.org/.

Name

       ipset-translate — translation tool to migrate from ipset to nftables

See Also

nft(8), ipset(8)

Usage

       The  ipset-translate  tool  reads  an  IP  sets  file  in  the  syntax  produced by ipset(8) save. No set
       modifications occur, this tool is a text converter.

See Also

Man Pages
ipsets Man Pages
Man Pages
inet Man Pages
Translate
Translate PNG Icons
Man Pages
libnftables Man Pages
Cheatsheets
Ping Command - Network Connectivity Test Cheatsheets
Man Pages
sets Man Pages
Installerpedia
YiiGuxing/TranslationPlugin Installerpedia
Tool
Tool PNG Icons
Filing
Filing PNG Icons
← View System admin Category← Back to Filesystem management🙏  Credits & Acknowledgments