IpTables Rope

Last updated

Rope is a programming language that allows developers to write extensions to the Iptables/Netfilter components of Linux using a simple scripting language based on Reverse Polish notation.

iptables is a user-space utility program that allows a system administrator to configure the tables provided by the Linux kernel firewall and the chains and rules it stores. Different kernel modules and programs are currently used for different protocols; iptables applies to IPv4, ip6tables to IPv6, arptables to ARP, and ebtables to Ethernet frames.

Netfilter is a framework provided by the Linux kernel that allows various networking-related operations to be implemented in the form of customized handlers. Netfilter offers various functions and operations for packet filtering, network address translation, and port translation, which provide the functionality required for directing packets through a network and prohibiting packets from reaching sensitive locations within a network.

Linux Family of free and open-source software operating systems based on the Linux kernel

Linux is a family of free and open-source software operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution.

It is a scriptable Iptables match module, used to identify whether IP packets passed to it match a particular set of criteria or not. Rope started life as a project to make the "string" match module of Iptables stronger and evolved fairly quickly into an open-ended scriptable packet matching mechanism.

Related Research Articles

Perl interpreted programming language

Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages, Perl 5 and Perl 6.

Jython is an implementation of the Python programming language designed to run on the Java platform. The implementation was formerly known as JPython until 1999.

CUPS is a modular printing system for Unix-like computer operating systems which allows a computer to act as a print server. A computer running CUPS is a host that can accept print jobs from client computers, process them, and send them to the appropriate printer.

The Simplified Wrapper and Interface Generator (SWIG) is an open-source software tool used to connect computer programs or libraries written in C or C++ with scripting languages such as Lua, Perl, PHP, Python, R, Ruby, Tcl, and other languages like C#, Java, JavaScript, Go, Modula-3, OCaml, Octave, Scilab and Scheme. Output can also be in the form of XML or Lisp S-expressions.

In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s). A variant called single packet authorization exists, where only a single "knock" is needed, consisting of an encrypted packet.

Modular programming is a software design technique that emphasizes separating the functionality of a program into independent, interchangeable modules, such that each contains everything necessary to execute only one aspect of the desired functionality.

FireHOL is a shell script designed as a wrapper for iptables written to ease the customization of the Linux kernel's firewall netfilter.

The evil bit is a fictional IPv4 packet header field proposed in RFC 3514, a humorous April Fools' Day RFC from 2003 authored by Steve Bellovin. The RFC recommended that the last remaining unused bit, the "Reserved Bit," in the IPv4 packet header be used to indicate whether a packet had been sent with malicious intent, thus making computer security engineering an easy problem – simply ignore any messages with the evil bit set and trust the rest.

Linux IP Firewalling Chains, normally called ipchains, is free software to control the packet filter or firewall capabilities in the 2.2 series of Linux kernels. It superseded ipfwadm, but was replaced by iptables in the 2.4 series. Unlike iptables, ipchains is stateless.

libipq is a development library for iptables userspace packet queuing. Libipq provides an API for communicating with ip_queue.

ipfirewall

ipfirewall or ipfw is a FreeBSD IP, stateful firewall, packet filter and traffic accounting facility. Its ruleset logic is similar to many other packet filters except IPFilter. ipfw is authored and maintained by FreeBSD volunteer staff members. Its syntax enables use of sophisticated filtering capabilities and thus enables users to satisfy advanced requirements. It can either be used as a loadable kernel module or incorporated into the kernel; use as a loadable kernel module where possible is highly recommended. ipfw was the built-in firewall of Mac OS X until Mac OS X 10.7 Lion in 2011 when it was replaced with the OpenBSD project's PF. Like FreeBSD, ipfw is open source. It is used in many FreeBSD-based firewall products, including m0n0wall and FreeNAS. A port of ipfw and the dummynet traffic shaper is available for Linux, OpenWrt and Microsoft Windows. wipfw is a Windows port of an old (2001) version of ipfw.

NuFW

NuFW is a software package that extends Netfilter, the Linux kernel-internal packet filtering firewall module. NuFW adds authentication to filtering rules. NuFW is also provided as a hardware firewall, in the EdenWall firewalling appliance. NuFW has been restarted by the FFI and renamed into UFWI.

Fail2ban intrusion prevention software framework that protects computer servers from brute-force attacks

Fail2Ban is an intrusion prevention software framework that protects computer servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper.

The arptables computer software utility is a network administrator's tool for maintaining the Address Resolution Protocol (ARP) packet filter rules in the Linux kernel firewall modules.

Pyjs rich Internet application framework

Pyjs, is a rich Internet application framework for developing client-side web and desktop applications in Python. The resulting applications can be run in a web browser or as standalone desktop applications.

nftables subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames

nftables is a subsystem of the Linux kernel providing filtering and classification of network packets/datagrams/frames. It has been available since Linux kernel 3.13 released on 19 January 2014.

NPF is a BSD licensed stateful packet filter, a central piece of software for firewalling. It is comparable to iptables, ipfw, ipfilter and PF. NPF is developed on NetBSD.

firewalld is a firewall management tool for Linux operating systems. It provides firewall features by acting as a front-end for the Linux kernel's netfilter framework via the iptables command, acting as an alternative to the iptables service. The name firewalld adheres to the Unix convention of naming system daemons by appending the letter “d”.