[fw-wiz] ROPE iptables scripting module
From: Christopher Hicks (chicks_at_chicks.net)
Date: 12/14/04
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Defense in Depth to the Desktop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Firewall Wizards Mailing List <firewall-wizards@honor.icsalabs.com> Date: Tue, 14 Dec 2004 09:08:38 -0500 (EST)
This was the first I heard of this and it might interest some of you. If
anybody tries it and has any opinions about it I'd love to hear it on or
off list.
Date: Mon, 13 Dec 2004 02:03:40 CST
From: Chris Lowth <chris@lowth.com>
Subject: ANNOUNCE: Rope 20041212 - IpTables match module scripting
language
A new version of "Rope" has been released. Changes since the last
announcement include...
. basic integration with ConnTrack.
. access to ICMP header fields
. symbolic constances
. rationalisation of IP address handling
. "expect_while" optimisation
. loop counter limits
ROPE is a match module for Linux iptables / Netfilter. It allows packet
matching criteria to be written using a simple scripting language which
is executed in and by the Linux kernel.
It is available under the GPL from http://www.lowth.com/rope. The
current version should be considered experimental; dont deploy on
mission-critical systems, but please feel free to download, explore and
feedback.
An example :- a rule that limits the size of pages downloaded over HTTP
based on the Content-Length header could prevent long downloads before
they even start. Here's a simple ROPE script to provide this logic...
$tcp_source 80 eq assert # check it's HTTP
expecti_to( "Content-Length: " ) # find the header
expect_while({isdigit}) put($n) # lift the length value
if( atoi($n) 1000000 gt { yes } ) # match: if too long
no # dont match: if not
If this script is stored as "contlen.rope", then it is installed into an
Iptables chain using a command like.
iptables -A FORWARD -m rope --script contlen -j DROP
For more information (including a more thorough version of the example
script), please refer to:
-- </chris> "Fans of Mozilla's free, open-source Firefox browser make the ardent Apple faithful look like a bunch of slackers." - Rebecca Lieb at clickz.com _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Paul D. Robertson: "Re: [fw-wiz] Defense in Depth to the Desktop"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
