Appendix A.

      from Zorp import Zorp, SockAddr, Listener, Zone, Service, Chainer
      from Zorp import Stream, Plug, POP3, AnyPy, Ftp, Session, Sink
      from Zorp import Receiver, Http, Auth
      from Zorp.Zorp import *

      Zorp.firewall_name = 'bzorp@fiktiv'

      Zorp.zones = [
	  InetZone("intranet","192.168.1.0","255.255.255.0", None,
		outbound_services["BIHttp","BIFtp","BIPop","BDHttp","BDFtp","BDSsh"],
		inbound_services[]),
          InetZone("DMZ", "192.168.0.0", "255.255.255.0", None,
		outbound_services["DIHttp","DIFtp"],
		inbound_services["BDHttp","BDFtp","BDSsh","IDHttp","IDFtp"]),
	  InetZone("internet", "0.0.0.0", "0.0.0.0", None,
		outbound_services["IDHttp","IDFtp"],
		inbound_services["BIHttp","BIFtp","BIPop","DIHttp","DIFtp"])]

      class BIHttp(Http.HttpProxy):
	  def config(self):
	       HttpProxy.config(self)
	       self.transparent_mode = 0
	       self.request["POST"] = (Http.HTTP_DROP)
	       self.request_headers["User-Agent"] = \
			[Http.HTTP_CHANGE_VALUE, "Lynx/2.8.3rel.1"]


      class BIFtp(FtpProxyAllow):
          def config(self):
              FtpProxy.config(self)
              self.fw_server_data.ip_s="10.9.8.7"
              self.fw_client_data.ip_s="192.168.1.1"

      class BIPop(PlugProxy):
	  def config(self):
	      pass

      class BDHttp(HttpProxy):
	  def config(self):
	      self.transparent_mode = 1

      class BDFtp(FtpProxyAllow):
	  def config(self):
              FtpProxy.config(self)
              self.fw_server_data.ip_s="192.168.0.1"
              self.fw_client_data.ip_s="192.168.1.1"

      class BDSsh(PlugProxy):
	  def config(self):
	      pass

      class IDHttp(HttpProxy):
	  def config(self):
	      self.transparent_mode = 0
	
      class IDFtp(FtpProxyAllow):
	  def config(self):
              FtpProxy.config(self)
              self.fw_server_data.ip_s="192.168.0.1"
              self.fw_client_data.ip_s="10.9.8.7"


          def user(self, dir, uname):
	      if uname == "ftp"
		  return Z_ACCEPT
	      elsif uname == "anonymous"
		  return Z_ACCEPT
	      return Z_REJECT

      class DIHttp(PlugProxy):
          def config(self):
	      pass

      class DIFtp(FtpProxyAllow):
          def config(self):
              FtpProxy.config(self)
              self.fw_client_data.ip_s="192.168.0.1"
              self.fw_server_data.ip_s="10.9.8.7"

      def init(name):
	  BIHttp_service = \
		Service("BIHttp",
			InbandChainer(),
			BIHttp)

          BIFtp_service = \
		Service("BIFtp",
			TransparentChainer(),
			BIFtp)

	  BIPop_service = \
		Service("BIPop",
			TransparentChainer(),
			BIPop)

	  BDHttp_service = \
		Service("BDHttp",
			TransparentChainer(),
			BDHttp)

	  BDFtp_service = \
		Service("BDFtp",
			TransparentChainer(),
			BDFtp)

	  BDSsh_service = \
		Service("BDSsh",
			TransparentChainer(),
			BDSsh)

	  IDHttp_service = \
		Service("IDHttp",
			DirectedChainer(SockAddrInet("192.168.0.2", 80),
			IDHttp)

	  IDFtp_service = \
		Service("IDFtp",
			DirectedChainer(SockAddrInet("192.168.0.3", 21)),
			IDFtp)

	  DIHttp_service = \
		Service("DIHttp",
			TransparentChainer(),
			DIHttp)

	  DIFtp_service = \
		Service("DIFtp",
			TransparentChainer(),
			DIFtp)

	  Listener(SockAddrInet("192.168.1.1", 3128), BIHttp_service)
	  Listener(SockAddrInet("192.168.1.1", 2021), BIFtp_service)
	  Listener(SockAddrInet("192.168.1.1", 2110), BIPop_service)
	  Listener(SockAddrInet("192.168.1.1", 3080), BDHttp_service)
	  Listener(SockAddrInet("192.168.1.1", 3021), BDFtp_service)
	  Listener(SockAddrInet("192.168.1.1", 3022), BDSsh_service)
	  Listener(SockAddrInet("10.9.8.7", 80), IDHttp_service)
	  Listener(SockAddrInet("10.9.8.7", 21), IDFtp_service)
	  Listener(SockAddrInet("192.168.0.1", 80), DIHttp_service)
	  Listener(SockAddrInet("192.168.0.1", 21), DIFtp_service)