iptables-xml is used to convert the output of iptables-save into an easily manipulatable XML format to STDOUT. Use I/O-redirection provided by your shell to write to a file.
iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j targets in order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between a target like SNAT and another chain.
Some sample output is:
<iptables-rules>
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="63436"
byte-count="7137573">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<sport>8443</sport>
</tcp>
</conditions>
<actions>
<call>
<check_ip/>
</call>
<ACCEPT/>
</actions>
</rule>
</chain>
</table>
</iptables-rules>
Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using libxsltproc or similar; in this fashion:
xsltproc iptables.xslt my-iptables.xml | iptables-restore