ROPE is an IpTables packet matching module that allows complex logic to be defined using a simple scripting language. ROPE scripts run in the linux kernel, triggered by an IpTables rule and can inspect any portion of the IP packet - both headers and data payload.

So far, ROPE has been developed and tested against the 2.4.20 linux kernel and IpTables 1.2.8. I will port it to 2.6.x once I have released the initial version and it has received some exposure - this will probably happen late 2004 or early 2005. For now be aware that ROPE will almost certainly not work with a 2.6 kernel.

The link for this article located at Chris Lowth is no longer available.