ROPE is an open-ended iptables match module that allows rules to be written using a simple but powerful scripting language. It is designed for controlling complex high-level protocols that cannot be blocked using traditional criteria based on port numbers (etc.). Criteria can include tests on any field of the IP, UDP, or TCP headers as well as the packet data payload.
| Tags | Networking Firewalls Operating Systems Operating System Kernels Linux |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | C Perl |
Recent releases


Changes: This release adds a pre-built binary version for use with IPCop 1.4.6.


Changes: The rddump utility handles tcpdump 3.8 format output. bittorrent.rope now identifies (blocks) .torrent file downloads.


Changes: A minor fix to the bittorrent.rope script (for identifying the bittorrent protocol). Compiled script files are now ownership and mode checked before being loaded into the kernel.


Changes: IP and MAC address handling has been extended to allow a.b.c.d.e.f and aa:bb:cc:dd syntaxes to be used to specify strings up to 255 characters in length.


Changes: Handling of "!" for the "--rope-script" option of iptables to invert the return of a rope script. --rope-push-int, --rope-push-str, and --rope-push-ip options allow values to be pre-pushed onto the stack as command line arguments. UserLand debug mode includes a stack-depth print out. Rationalisation of *.h header files.