Key Pages: [ Rope Home Page | Basics (tutorial) | Language Reference | Download ]

ROPE - IpTables Programmable Match Module

ROPE is a "match module" for Linux IpTables that allows packets to be matched using highly flexible rules, written in a simple purpose-designed scripting language. It was written initially to provide support for the next phase of the P2PWall project for controlling various styles of peer-to-peer application traffic, but is much broader than this in it's possible uses. See the Basics page for a tutorial-style overview.

ROPE is available under the terms of the GPL license.

Operating System And IpTables Versions

To date, ROPE has been developed and tested against the 2.4.x and 2.6.x linux kernels (for single Intel CPU platforms) and IpTables from 1.2.x to 1.3.x. I will port it to SMP shortly. For now be aware that ROPE does not work with SMP (multple-CPU support) kernels.

A pre-build binary version is available for the excellent IPCop firewall distribution, version 1.4.x. Work on a binary version for IPCop 2.0 is now underway.

Starting Points

  • Basics - A brief description of the basics of using ROPE to write packet matching logic for IpTables.
  • UserLand - running ROPE scripts in "user space" for testing and debugging.
  • KernelLand - running ROPE scripts inside the linux kernel to match packets for IpTables.
  • Download - Download ROPE source code here.
  • Building - Building and installing the ROPE software.
  • LanguageReference - reference pages for the ROPE scripting language
  • Compiling - how to compile a rope script
  • ProcFileSystem - integration with /proc on linux.
  • ReversePolish - A good overview of reverse polish notation:
  • Forums - details of on-line forums where you can discuss ROPE, seek answers to questions / problems, or request new features - etc.
  • MailingList - subscribe here to receive email notifications of major new releases.

Working Examples

Using Rope With IpCop

  • IpCopBinaries - Pre-built rope versions for IPCop 1.4.x releases.

Scroll to Top