编程之路 > Linux > man-pages

xtables-legacy(8) — Linux manual page

NAME | DESCRIPTION | USAGE | LIMITATIONS | SEE ALSO | AUTHORS | COLOPHON 

XTABLES-LEGACY(8)          System Manager's Manual         XTABLES-LEGACY(8)

NAME top 

       xtables-legacy  — iptables using old getsockopt/setsockopt-based ker‐
       nel api

DESCRIPTION top 

       xtables-legacy are the original versions of iptables that use old
       getsockopt/setsockopt-based kernel interface.  This kernel interface
       has some limitations, therefore iptables can also be used with the
       newer nf_tables based API.  See xtables-nft(8) for information about
       the xtables-nft variants of iptables.

USAGE top 

       The xtables-legacy-multi binary can be linked to the traditional
       names:

            /sbin/iptables -> /sbin/iptables-legacy-multi
            /sbin/ip6tables -> /sbin/ip6tables-legacy-multi
            /sbin/iptables-save -> /sbin/ip6tables-legacy-multi
            /sbin/iptables-restore -> /sbin/ip6tables-legacy-multi

       The iptables version string will indicate whether the legacy API
       (get/setsockopt) or the new nf_tables API is used:
            iptables -V
            iptables v1.7 (legacy)

LIMITATIONS top 

       When inserting a rule using iptables -A or iptables -I, iptables
       first needs to retrieve the current active ruleset, change it to
       include the new rule, and then commit back the result.  This means
       that if two instances of iptables are running concurrently, one of
       the updates might be lost.  This can be worked around partially with
       the --wait option.

       There is also no method to monitor changes to the ruleset, except
       periodically calling iptables-legacy-save and checking for any
       differences in output.

       xtables-monitor(8) will need the xtables-nft(8) versions to work, it
       cannot display changes made using the iptables-legacy tools.

SEE ALSO top 

       xtables-nft(8), xtables-translate(8)

AUTHORS top 

       Rusty Russell originally wrote iptables, in early consultation with
       Michael Neuling.

COLOPHON top 

       This page is part of the iptables (administer and maintain packet
       filter rules) project.  Information about the project can be found at
       ⟨http://www.netfilter.org/⟩.  If you have a bug report for this man‐
       ual page, see ⟨http://bugzilla.netfilter.org/⟩.  This page was
       obtained from the project's upstream Git repository
       ⟨git://git.netfilter.org/iptables⟩ on 2020-08-13.  (At that time, the
       date of the most recent commit that was found in the repository was
       2020-07-31.)  If you discover any rendering problems in this HTML
       version of the page, or you believe there is a better or more up-to-
       date source for the page, or you have corrections or improvements to
       the information in this COLOPHON (which is not part of the original
       manual page), send a mail to man-pages@man7.org

                                  June 2018                XTABLES-LEGACY(8)

Copyright and license for this manual page