Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

ROPE iptables scripting module

From: Christopher Hicks <chicks () chicks net>
Date: Tue, 14 Dec 2004 09:08:38 -0500 (EST)
This was the first I heard of this and it might interest some of you. If anybody tries it and has any opinions about it I'd love to hear it on or off list. 

Date: Mon, 13 Dec 2004 02:03:40 CST
From: Chris Lowth <chris () lowth com>
Subject: ANNOUNCE: Rope 20041212 - IpTables match module scripting language 

A new version of "Rope" has been released. Changes since the last
announcement include...

. basic integration with ConnTrack.
. access to ICMP header fields
. symbolic constances
. rationalisation of IP address handling
. "expect_while" optimisation
. loop counter limits


ROPE is a match module for Linux iptables / Netfilter. It allows packet
matching  criteria to be written using a simple scripting language which
is executed in and by the Linux kernel.

It is available under the GPL from http://www.lowth.com/rope. The
current version should be considered experimental; dont deploy on
mission-critical systems, but please feel free to download, explore and
feedback.

An example :- a rule that limits the size of pages downloaded over HTTP
based on the Content-Length header could prevent long downloads before
they even start. Here's a simple ROPE script to provide this logic...

  $tcp_source 80 eq assert            # check it's HTTP
  expecti_to( "Content-Length: " )    # find the header
  expect_while({isdigit}) put($n)     # lift the length value
  if( atoi($n) 1000000 gt { yes } )   # match: if too long
  no                                  # dont match: if not

If this script is stored as "contlen.rope", then it is installed into an
Iptables chain using a command like.

  iptables -A FORWARD -m rope --script contlen -j DROP

For more information (including a more thorough version of the example
script), please refer to:

   http://www.lowth.com/rope

--
</chris>

"Fans of Mozilla's free, open-source Firefox browser make the
ardent Apple faithful look like a bunch of slackers."
- Rebecca Lieb at clickz.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: