LinuxCommandLibrary

iptables-xml

Convert iptables rules to XML format

SYNOPSIS

iptables-xml [input-file [output-file]] [options]

PARAMETERS

--table name
    Process only the specified table (e.g., filter, nat).

--pre-eof string
    String expected before EOF in iptables-save input (default: empty).

--post-eof string
    String expected after EOF in iptables-save input (default: empty).

--stdin
    Read input from standard input (default if no infile).

--stdout
    Write output to standard output (default if no outfile).

DESCRIPTION

iptables-xml is a utility for bidirectional conversion between the plain-text output of iptables-save and an XML representation of iptables rules.

It automatically detects the input format: if the input resembles iptables-save output (with table headers like *filter), it converts to structured XML; if the input is XML, it translates to iptables-restore-compatible format.

This tool is particularly useful for firewall management applications like Firewall Builder (fwbuilder), which use XML for rule editing, visualization, and policy generation. Users can dump rules with iptables-save, convert to XML for modification, then convert back and restore.

Key features include table-specific processing, custom EOF markers for batch scripts, and flexible I/O via stdin/stdout or files. It supports all standard iptables chains, rules, matches, and targets, preserving semantics during conversion.

While powerful for legacy iptables setups, usage has declined with nftables adoption, but it remains essential for tools relying on iptables XML.

CAVEATS

XML format is iptables-specific and not compatible with nftables; deprecated in modern systems favoring JSON or native nft syntax.
Requires matching iptables version for full rule support.

FORMAT DETECTION

Auto-detects input: plain-text (*table headers) → XML; XML → plain-text for restore.

USAGE EXAMPLE

iptables-save | iptables-xml > rules.xml
iptables-xml rules.xml | iptables-restore

HISTORY

Introduced in iptables 1.4.0 (2008) to support XML-based firewall builders; maintained in iptables/legacy packages but overshadowed by nftables since Linux 3.13 (2014).

SEE ALSO

iptables(8), iptables-save(8), iptables-restore(8), ip6tables-xml(8)

Copied to clipboard