from Zorp.Zorp import *
from Zorp import Zorp
from Zorp.Zone import InetZone
from Zorp.Service import Service
from Zorp.SockAddr import SockAddrInet
from Zorp.Chainer import TransparentChainer, DirectedChainer \
InbandChainer, FailoverChainer
from Zorp.Plug import PlugProxy
from Zorp import Http
from Zorp.Http import HttpProxy
from Zorp.Ftp import FtpProxyAllow
from Zorp.Listener import Listener
Zorp.firewall_name = 'fw@fiktiv'
InetZone('intranet', '192.168.1.0/24',
outbound_services = ["BIHttp", "BIFtp", "BIPop",
"BDHttp", "BDFtp", "BDSsh"],
inbound_services=[]
InetZone('DMZ', '192.168.0.0/24',
outbound_services = ["DIHttp", "DIFtp"],
inbound_services = ["BDHttp", "BDFtp", "BDSsh",
"IDHttp", "IDFtp"]),
InetZone('internet', '0.0.0.0/0',
outbound_services = ["IDHttp", "IDFtp"],
inbound_services = ["BIHttp", "BIFtp", "BIPop",
"DIHttp", "DIFtp"])
class BIHttp(Http.HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 0
self.request["POST"] = (Http.HTTP_DROP)
self.request_headers["User-Agent"] = \
[Http.HTTP_CHANGE_VALUE, "Lynx/2.8.3rel.1"]
class BIFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_server_data.ip_s = "10.9.8.7"
self.fw_client_data.ip_s = "192.168.1.1"
class BIPop(PlugProxy):
def config(self):
pass
class BDHttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 1
class BDFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_server_data.ip_s = "192.168.0.1"
self.fw_client_data.ip_s = "192.168.1.1"
class BDSsh(PlugProxy):
def config(self):
pass
class IDHttp(HttpProxy):
def config(self):
HttpProxy.config(self)
self.transparent_mode = 0
class IDFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_server_data.ip_s = "192.168.0.1"
self.fw_client_data.ip_s = "10.9.8.7"
def user(self, dir, uname):
if uname == "ftp"
return Z_ACCEPT
elsif uname == "anonymous"
return Z_ACCEPT
return Z_REJECT
class DIHttp(PlugProxy):
def config(self):
pass
class DIFtp(FtpProxyAllow):
def config(self):
FtpProxy.config(self)
self.fw_client_data.ip_s = "192.168.0.1"
self.fw_server_data.ip_s = "10.9.8.7"
def init(name):
BIHttp_service = \
Service("BIHttp",
InbandChainer(),
BIHttp)
BIFtp_service = \
Service("BIFtp",
TransparentChainer(),
BIFtp)
BIPop_service = \
Service("BIPop",
TransparentChainer(),
BIPop)
BDHttp_service = \
Service("BDHttp",
TransparentChainer(),
BDHttp)
BDFtp_service = \
Service("BDFtp",
TransparentChainer(),
BDFtp)
BDSsh_service = \
Service("BDSsh",
TransparentChainer(),
BDSsh)
IDHttp_service = \
Service("IDHttp",
DirectedChainer(SockAddrInet("192.168.0.2", 80),
IDHttp)
IDFtp_service = \
Service("IDFtp",
DirectedChainer(SockAddrInet("192.168.0.3", 21)),
IDFtp)
DIHttp_service = \
Service("DIHttp",
TransparentChainer(),
DIHttp)
DIFtp_service = \
Service("DIFtp",
TransparentChainer(),
DIFtp)
Listener(SockAddrInet("192.168.1.1", 3128), BIHttp_service)
Listener(SockAddrInet("192.168.1.1", 2021), BIFtp_service)
Listener(SockAddrInet("192.168.1.1", 2110), BIPop_service)
Listener(SockAddrInet("192.168.1.1", 3080), BDHttp_service)
Listener(SockAddrInet("192.168.1.1", 3021), BDFtp_service)
Listener(SockAddrInet("192.168.1.1", 3022), BDSsh_service)
Listener(SockAddrInet("10.9.8.7", 80), IDHttp_service)
Listener(SockAddrInet("10.9.8.7", 21), IDFtp_service)
Listener(SockAddrInet("192.168.0.1", 80), DIHttp_service)
Listener(SockAddrInet("192.168.0.1", 21), DIFtp_service)
|