Key Pages: [ Rope Home Page | Basics (tutorial) | Language Reference | Download ]
ROPE - IpTables Programmable Match Module
ROPE is a "match module" for Linux IpTables that allows packets to be matched using highly flexible rules, written in a simple purpose-designed scripting language. It was written initially to provide support for the next phase of the P2PWall project for controlling various styles of peer-to-peer application traffic, but is much broader than this in it's possible uses. See the Basics page for a tutorial-style overview.
ROPE is available under the terms of the GPL license.
Operating System And IpTables Versions
To date, ROPE has been developed and tested against the 2.4.x and 2.6.x linux kernels (for single Intel CPU platforms) and IpTables from 1.2.x to 1.3.x. I will port it to SMP shortly. For now be aware that ROPE does not work with SMP (multple-CPU support) kernels.
A pre-build binary version is available for the excellent IPCop firewall distribution, version 1.4.x. Work on a binary version for IPCop 2.0 is now underway.
Starting Points
- Basics - A brief description of the basics of using ROPE to write packet matching logic for IpTables.
- UserLand - running ROPE scripts in "user space" for testing and debugging.
- KernelLand - running ROPE scripts inside the linux kernel to match packets for IpTables.
- Download - Download ROPE source code here.
- Building - Building and installing the ROPE software.
- LanguageReference - reference pages for the ROPE scripting language
- Compiling - how to compile a rope script
- ProcFileSystem - integration with /proc on linux.
- ReversePolish - A good overview of reverse polish notation:
- Forums - details of on-line forums where you can discuss ROPE, seek answers to questions / problems, or request new features - etc.
- MailingList - subscribe here to receive email notifications of major new releases.
Working Examples
- HttpContentLength - a real example ROPE script for matching HTTP transfers with a content length greater than a specified value.
- BlockingGnutella - how to block Gnutella-based applications including LimeWire and many others.
- BlockingBittorrent - how to block Bittorrent-based applications like Azureus and many others.
- BlockingEDonkey2000 - how to block eDonkey 2000-based applications like eMule and others.
- BlockingKademlia - how to block Kademlia traffic - details to follow
Using Rope With IpCop
- IpCopBinaries - Pre-built rope versions for IPCop 1.4.x releases.