XTABLES-LEGACY(8)          (June 2018)          XTABLES-LEGACY(8)

          xtables-legacy - iptables using old getsockopt/setsockopt-
          based kernel api

          xtables-legacy are the original versions of iptables that
          use old getsockopt/setsockopt-based kernel interface.  This
          kernel interface has some limitations, therefore iptables
          can also be used with the newer nf_tables based API.  See
          xtables-nft(8) for information about the xtables-nft vari-
          ants of iptables.

          The xtables-legacy-multi binary can be linked to the tradi-
          tional names:

               /sbin/iptables -> /sbin/iptables-legacy-multi
               /sbin/ip6tables -> /sbin/ip6tables-legacy-multi
               /sbin/iptables-save -> /sbin/ip6tables-legacy-multi
               /sbin/iptables-restore -> /sbin/ip6tables-legacy-multi

          The iptables version string will indicate whether the legacy
          API (get/setsockopt) or the new nf_tables API is used:
               iptables -V
               iptables v1.7 (legacy)

          When inserting a rule using iptables -A or iptables -I, ipt-
          ables first needs to retrieve the current active ruleset,
          change it to include the new rule, and then commit back the
          result.  This means that if two instances of iptables are
          running concurrently, one of the updates might be lost.
          This can be worked around partially with the --wait option.

          There is also no method to monitor changes to the ruleset,
          except periodically calling iptables-legacy-save and check-
          ing for any differences in output.

          xtables-monitor(8) will need the xtables-nft(8) versions to
          work, it cannot display changes made using the
          iptables-legacy tools.

          xtables-nft(8), xtables-translate(8)

     Page 1                       Plan 9             (printed 5/24/22)

     XTABLES-LEGACY(8)          (June 2018)          XTABLES-LEGACY(8)

          Rusty Russell originally wrote iptables, in early consulta-
          tion with Michael Neuling.

     Page 2                       Plan 9             (printed 5/24/22)