ROPE: Experimental IpTables scripting language released
|
|
ROPE is a scripting language that runs in the linux kernel, and allows complex iptables match logic to be written without the need to write modules in C.
|
|
ROPE get's it's name from the idea of "strong string". IpTables already includes a "POM" module called "string" that allows IP packets to be matched on the basis of the existance of a specified string anywhere in the data payload. ROPE was originally developed to provide a more flexible and more tightly controlled mechanism for the same style of test, however it quickly evolved into a general purpose in-kernel scripting language with a tight focus on packet matching.
The software is now available for download under the GPL although it should currently be seen as "experimental" and should not (without extensive testing) yet be deployed on mission-critical systems.
A tutorial overview is available on the Rope project home page, and there are a number of sample scripts including code to control Gnutella, Bittorrent and large HTTP transfers (based on the Content-length header).
You are invited to download, play and discuss your findings via the project forums.
For more information, see http://www.lowth.com/rope.
|
This topic does not have any threads posted yet!
You cannot post until you login.
