from Zorp import Zorp, SockAddr, Listener, Zone, Service, Chainer
from Zorp import Stream, Plug, POP3, AnyPy, Ftp, Session, Sink
from Zorp import Receiver, Http, Auth
from Zorp.Zorp import *
Zorp.firewall_name = 'bzorp@fiktiv'
Zorp.zones = [
InetZone("intranet","192.168.1.0","255.255.255.0", None,
outbound_services["BIHttp","BIFtp","BIPop","BDHttp","BDFtp","BDSsh"],
inbound_services[]),
InetZone("DMZ", "192.168.0.0", "255.255.255.0", None,
outbound_services["DIHttp","DIFtp"],
inbound_services["BDHttp","BDFtp","BDSsh","IDHttp","IDFtp"]),
InetZone("internet", "0.0.0.0", "0.0.0.0", None,
outbound_services["IDHttp","IDFtp"],
inbound_services["BIHttp","BIFtp","BIPop","DIHttp","DIFtp"])]
class BIHttp(Http.HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 0
self.request["POST"] = (Http.HTTP_DROP)
self.request_headers["User-Agent"] = \
[Http.HTTP_CHANGE_VALUE, "Lynx/2.8.3rel.1"]
class BIFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_server_data.ip_s="10.9.8.7"
self.fw_client_data.ip_s="192.168.1.1"
class BIPop(PlugProxy):
def config(self):
pass
class BDHttp(HttpProxy):
def config(self):
self.transparent_mode = 1
class BDFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_server_data.ip_s="192.168.0.1"
self.fw_client_data.ip_s="192.168.1.1"
class BDSsh(PlugProxy):
def config(self):
pass
class IDHttp(HttpProxy):
def config(self):
self.transparent_mode = 0
class IDFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_server_data.ip_s="192.168.0.1"
self.fw_client_data.ip_s="10.9.8.7"
def user(self, dir, uname):
if uname == "ftp"
return Z_ACCEPT
elsif uname == "anonymous"
return Z_ACCEPT
return Z_REJECT
class DIHttp(PlugProxy):
def config(self):
pass
class DIFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_client_data.ip_s="192.168.0.1"
self.fw_server_data.ip_s="10.9.8.7"
def init(name):
BIHttp_service = \
Service("BIHttp",
InbandChainer(),
BIHttp)
BIFtp_service = \
Service("BIFtp",
TransparentChainer(),
BIFtp)
BIPop_service = \
Service("BIPop",
TransparentChainer(),
BIPop)
BDHttp_service = \
Service("BDHttp",
TransparentChainer(),
BDHttp)
BDFtp_service = \
Service("BDFtp",
TransparentChainer(),
BDFtp)
BDSsh_service = \
Service("BDSsh",
TransparentChainer(),
BDSsh)
IDHttp_service = \
Service("IDHttp",
DirectedChainer(SockAddrInet("192.168.0.2", 80),
IDHttp)
IDFtp_service = \
Service("IDFtp",
DirectedChainer(SockAddrInet("192.168.0.3", 21)),
IDFtp)
DIHttp_service = \
Service("DIHttp",
TransparentChainer(),
DIHttp)
DIFtp_service = \
Service("DIFtp",
TransparentChainer(),
DIFtp)
Listener(SockAddrInet("192.168.1.1", 3128), BIHttp_service)
Listener(SockAddrInet("192.168.1.1", 2021), BIFtp_service)
Listener(SockAddrInet("192.168.1.1", 2110), BIPop_service)
Listener(SockAddrInet("192.168.1.1", 3080), BDHttp_service)
Listener(SockAddrInet("192.168.1.1", 3021), BDFtp_service)
Listener(SockAddrInet("192.168.1.1", 3022), BDSsh_service)
Listener(SockAddrInet("10.9.8.7", 80), IDHttp_service)
Listener(SockAddrInet("10.9.8.7", 21), IDFtp_service)
Listener(SockAddrInet("192.168.0.1", 80), DIHttp_service)
Listener(SockAddrInet("192.168.0.1", 21), DIFtp_service)
|