2006年1月 5日

[cola:10235] IpTables ROPE 20051223 - packet match rule scripting language

A new version of "Rope" has been released. Changes since the last
announcement include...

. Support for linux 2.6 kernels (not SMP)
. Integration with ipset match module
. Simplified installation and building
. New OpenNAP protocol identification script
. Improved version reporting and handling
. Sample rc.d script for use with Ipcop
. Various other minor fixes and enhancements


ROPE is a scritable packet match module for Linux iptables / Netfilter. It
allows packet matching criteria to be written using a simple scripting
language which is executed in and by the Linux kernel.

It is available under the GPL from http://www.lowth.com/rope.

A simple example :- a rule that limits the size of pages downloaded over
HTTP based on the Content-Length header could prevent long downloads
before they even start. Here's a trivial ROPE script to provide this
logic...

$tcp_source 80 eq assert # check that it's HTTP
expecti_to( "Content-Length: " ) # find the header
expect_while({isdigit}) put($n) # lift the length value
if( atoi($n) 1000000 gt { yes } ) # match: if too long
no # dont match: if not

If this script is stored as "contlen.rope" and compiled as "contlen.rp",
then it can be installed into an Iptables chain using a command like.

iptables -A FORWARD -m rope --rope-script contlen -j DROP

For more information (including a more thorough version of the example
script), please refer to:

http://www.lowth.com/rope

##########################################################################
# Send submissions for comp.os.linux.announce to: cola@xxxxx #
# PLEASE remember a short description of the software and the LOCATION. #
# This group is archived at http://stump.algebra.com/~cola/ #
##########################################################################


投稿者 xml-rpc : 2006年1月 5日 20:13
役に立ちました?:
過去のフィードバック 平均:(0) 総合:(0) 投票回数:(0)
本記事へのTrackback: http://hoop.euqset.org/blog/mt-tb2006.cgi/30099
トラックバック
コメント
コメントする




画像の中に見える文字を入力してください。