Key Pages: [ Rope Home Page | Basics (tutorial) | Language Reference | Download ]

IpTables ROPE - Free Download For Linux

License Terms

You can download and use ROPE under the terms of the GPL. Please take careful note of the sections that detail the disclaimer of responsibility.

If you download Rope and find it useful, please help me by putting a link to the Rope home page ( on your website. Thanks. You can also make a financial contribution to this project.

Pre-Built Rope Binaries

Using Rope In A Commercial Product

If you wish to include ROPE in a commercial product, then you must comply with the terms of the GPL license, but I would also ask in good faith you make contact with me (or refer to MakingADonation ) to discuss an appropriate financial contribution to the project, bearing in mind that this software resource has cost me a substantial time investment.

I am also open to entering into a negotiable level of personal-contact support (including making requested enhancments or writing of scripts) for the software for an appropriate fee.

Most Recent Version

I am making fairly frequent releases as free time permits - so revisit this page often. If you wish to be notified of major releases, then subscribe to the MailingList.

  • rope-20051223.tgz (MD5: 07c61b1d60f404e37c49928240a64653) - 23rd December 2005. Changes include..
    • Support for Linux 2.6 kernels
    • Integration with IpSet.
    • Fix to gnutella.rope script to lift assumption that the CONNECT header line is always in a packet on it's own.
    • Rope version number reported in usage messages.
    • Simplified installation and kernel/iptables/pom patching using Makefile.
    • New "OpenNAP" identification sample script.
    • Sample "rc.d/" script for IpCop (rc.p2p-rope).
    • New language keywords: append, mac_ntoa, $srcmac, $dstmac.
    • Various other minor fixes.

Backdated Versions

[in reverse order - oldest at the bottom]

  • rope-20051212.tgz - 12th December 2005. Changes include..
    • Fix to EDonkey indentification logic to avoid benign errors in syslog.
    • Fix to iptables-save / iptables-restore utilities for ROPE.
    • New actions..
      • "abs" - absolute value of a number
      • "eqi", "nei" - test for string equality, ignoring case
      • "sysexec" - for running shell commands. Available in UserLand only.
      • "eval" - execute a block and trap (catch) exit statuses.
    • Fix to character set matched by isuri().
    • Makefile-driven patching of kernel, patch-o-matic-ng and iptables.
    • For pre-built binary version for IpCop 1.4.10, see IpCopBinaries
  • rope-20050724.tgz - 24th July 2005. Changes include..
    • Pre-built binary version of Rope for easy installation into single-CPU IPCop 1.4.6 systems (see: IPCop146AddIn)
  • rope-20050611.tgz - 11th June 2005. Changes include..
    • Addition of ed2k_hello.rope script to allow identification (and hence control) of the eDonkey 2000 protocol. See BlockingEDonkey2000 for details.
  • rope-20050524.tgz - 24th May 2005. Changes include..
    • "rddump" utility has been generalised to handle the format of more recent versions of tcpdump.
    • bittorrent.rope script (see BlockingBittorrent) now blocks download of .torrent files via HTTP as well as download of files using the bittorrent protcol.
  • rope-20050426.tgz - 26th April 2005. Changes include..
    • "iptables -m rope .." command: Ownership and mode check on the compiled script - a security precaution.
    • Minor correction to the bittorrent.rope script (see BlockingBittorrent).
  • rope-20050418.tgz - 18th April 2005. Changes include..
    • Extended the IP address syntax to allow strings of up to 255 characters to be specified (see string and IpAddress)
    • Strings can also be specified using hex digits in a MAC-address-like syntax (see string and MacAddress)
    • Minor corrections to a few error and help text messages.
  • rope-20050321.tgz - 21st March 2005. Changes include..
    • Handling of "!" for the "--rope-script" option of iptables, to invert the return of a rope script
    • --rope-push-int, --rope-push-str, --rope-push-ip options allow values to be pre-pushed onto the stack as command-line arguments (see PassingArguments).
    • UserLand debug mode includes a stack-depth print out.
    • Rationalisation of *.h header files
  • rope-20050216.tgz - 16th Feb 2005. Changes include..
    • Support for TimeAndDate calculations and testing in Rope scripts.
      • New registers: $kernel_time and $packet_time give the kernel time, or time when the packet arrived.
      • New action: localtime breaks down the time values into component parts of secs, mins, hours - etc, with reference to the local configured kernel timezone.
      • New action: gmtime does the same for the GMT timezone.
      • New actions: tm_sec, tm_min, tm_hour etc return the broken-down time components as usable integers.
  • rope-20050201.tgz - 1st Feb 2005. Changes include..
    • Global integer registers in /proc/net/ipt_rope/greg - now fully functional.
    • Sizing and config variables settable via "make menuconfig" etc
    • Error descriptions on web site, with links reported in error messages
    • Improved split of *.h header files and *.c sources
    • Easier building for use with IpCop
    • greg action - allow access to global registers in /proc/net/ipt_rope.
    • reg action - access to user registers by number
    • UserLand utility "rope" allows packet-related registers to be set on the command line for more complete testing.
  • rope-20041206.tgz - 6th Dec 2004. Changes include..
    • Symbolic constants from /etc/services, /etc/protocols and icmp.h
    • $ip_frag_off and $ip_check fixed
    • $ip_reserved_frag, $ip_dont_frag, $ip_more_frags added.
    • ICMP protocol header registers - $icmp_XXX .. etc
    • enhanced dump.rope script to cover ICMP and fixed frag registers.
    • /proc file system support has improved, but still incomplete / buggy (so disabled by default).
    • int2str_XXX actions replaced by be16_to_int (etc)
  • rope-20041201.tgz - 1st Dec 2004. Changes include..
    • IPv4 addresses are now 4-byte binary strings rather than long integers
    • ipv4_i2ip replaced with ipv4_ntoa
    • $ip_saddr and $ip_daddr now return 4-character binary strings.
    • started (but incomplete) work to integrate ProcFileSystem
    • Various speed optimizations
    • and, or and xor can work on binary strings as well as integers.
    • New action: substr
    • hotdrop takes an optional (anchored) argument - a string to be printed to syslog.
    • Further expect_while optimisation.
  • rope-20041121b.tgz - 21st Nov 2004. Changes include..
    • Corrected div and mod to test for (and report) division-by-zero.
  • rope-20041121.tgz - 21st Nov 2004. Changes include..
    • "bittorrent.rope" added - for blocking bittorrent downloads
    • new registers $data, $data_start, $data_len.
    • Fixed errors in sub, div and mod.
    • Numeric escapes in double-quoted strings now handled (eg: "\0" and "\0x19")
    • Escaped back-slash in double-quoted strings now works as expected.
  • rope-20041118.tgz - 18th Nov 2004. Changes include..
    • Fix for compilation for IpCop 1.3.0
    • Optimised expect_while and lift_while loops with single 'is....' criteria
    • Smaller compiled output
    • hexdump and dump actions disabled for kernel mode
    • Ipv4 addresses in source treated is 32bit integers

Scroll to Top