1. Manuals
  2. Leap-15.6
  3. ipset
  4. ipset-translate(8)

Scroll to navigation

IPSET-TRANSLATE(8) System Manager's Manual IPSET-TRANSLATE(8)

NAME

ipset-translate — translation tool to migrate from ipset to nftables

DESCRIPTION

This tool allows system administrators to translate a given IP sets file to nftables(8).

The only available command is:

ipset-translate restore < file.ipt

USAGE

The ipset-translate tool reads an IP sets file in the syntax produced by ipset(8) save. No set modifications occur, this tool is a text converter.

EXAMPLES

Basic operation examples.

Single command translation, assuming the original file:

create test1 hash:ip,port family inet counters timeout 300 hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d
add test1 1.1.1.1,udp:20
add test1 1.1.1.1,21
create test2 hash:ip,port family inet hashsize 1024 maxelem 65536 bucketsize 12 initval 0xb5c4be5d

which results in the following translation:

root@machine:~# ipset-translate restore < file.ipt
add set inet global test1 { type ipv4_addr . inet_proto . inet_service; counter; timeout 300s; size 65536; }
add element inet global test1 { 1.1.1.1 . udp . 20 }
add element inet global test1 { 1.1.1.1 . tcp . 21 }
add set inet global test2 { type ipv4_addr . inet_proto . inet_service; size 65536; }

LIMITATIONS

A few IP sets options may be not supported because they are not yet implemented in nftables(8).

Contrary to nftables(8), IP sets are not attached to a specific table. The translation utility assumes that sets are created in a table whose name is global and family is inet. You might want to update the resulting translation to use a different table name and family for your sets.

To get up-to-date information about this, please head to https://wiki.nftables.org/.

SEE ALSO

nft(8), ipset(8)

AUTHORS

The nftables framework has been written by the Netfilter Project (https://www.netfilter.org).

This manual page was written by Pablo Neira Ayuso <pablo@netfilter.org>.

This documentation is free/libre under the terms of the GPLv2+.

This tool was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.

May 31, 2021