oxbrbtx/PrimAITE
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

#2402 add firewall acl actions

Browse Source
This commit is contained in:
Cristian-VM2
2024-03-29 16:30:39 +00:00
parent 2eb900746b
commit 7299a12c64
5 changed files with 793 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

448
tests/assets/configs/firewall_actions_network.yaml Normal file
View File

@@ -0,0 +1,448 @@
# Network with DMZ
#
# An example network configuration with an internal network, a DMZ network and a couple of external networks.
#
# ............................................................................
# . .
# . Internal Network .
# . .
# . -------------- -------------- -------------- .
# . | client_1 |------| switch_1 |--------| router_1 | .
# . -------------- -------------- -------------- .
# . (Computer) | .
# ........................................................|...................
# |
# |
# ........................................................|...................
# . | .
# . DMZ Network | .
# . | .
# . ---------------- -------------- -------------- .
# . | dmz_server |------| switch_2 |------| firewall | .
# . ---------------- -------------- -------------- .
# . (Server) | .
# ........................................................|...................
# |
# External Network |
# |
# |
# ----------------------- -------------- ---------------------
# | external_computer |------| switch_3 |------| external_server |
# ----------------------- -------------- ---------------------
#
training_config:
rl_framework: SB3
rl_algorithm: PPO
seed: 333
n_learn_episodes: 1
n_eval_episodes: 5
max_steps_per_episode: 128
deterministic_eval: false
n_agents: 1
agent_references:
- defender
io_settings:
save_step_metadata: false
save_pcap_logs: true
save_sys_logs: true
game:
max_episode_length: 256
ports:
- ARP
- DNS
- HTTP
- POSTGRES_SERVER
protocols:
- ICMP
- TCP
- UDP
agents:
- ref: defender
team: BLUE
type: ProxyAgent
observation_space:
type: UC2BlueObservation
options:
num_services_per_node: 1
num_folders_per_node: 1
num_files_per_folder: 1
num_nics_per_node: 2
nodes:
- node_hostname: client_1
links:
- link_ref: client_1___switch_1
acl:
options:
max_acl_rules: 10
router_hostname: router_1
ip_address_order:
- node_hostname: client_1
nic_num: 1
ics: null
action_space:
action_list:
- type: DONOTHING
- type: FIREWALL_ACL_ADDRULE
- type: FIREWALL_ACL_REMOVERULE
action_map:
0:
action: DONOTHING
options: {}
1:
action: FIREWALL_ACL_ADDRULE
options:
target_firewall_nodename: firewall
firewall_port_name: internal
firewall_port_direction: inbound
position: 1
permission: 1
source_ip_id: 2 # client 1
dest_ip_id: 1 # ALL
source_port_id: 1
dest_port_id: 1
protocol_id: 1
2:
action: FIREWALL_ACL_REMOVERULE
options:
target_firewall_nodename: firewall
firewall_port_name: internal
firewall_port_direction: inbound
position: 1
3:
action: FIREWALL_ACL_ADDRULE
options:
target_firewall_nodename: firewall
firewall_port_name: internal
firewall_port_direction: outbound
position: 1
permission: 2
source_ip_id: 2 # client 1
dest_ip_id: 1 # ALL
source_port_id: 2
dest_port_id: 3
protocol_id: 2
4:
action: FIREWALL_ACL_REMOVERULE
options:
target_firewall_nodename: firewall
firewall_port_name: internal
firewall_port_direction: outbound
position: 1
5:
action: FIREWALL_ACL_ADDRULE
options:
target_firewall_nodename: firewall
firewall_port_name: dmz
firewall_port_direction: inbound
position: 1
permission: 2
source_ip_id: 3 # dmz_server
dest_ip_id: 2 # client_1
source_port_id: 4
dest_port_id: 4
protocol_id: 4
6:
action: FIREWALL_ACL_REMOVERULE
options:
target_firewall_nodename: firewall
firewall_port_name: dmz
firewall_port_direction: inbound
position: 1
7:
action: FIREWALL_ACL_ADDRULE
options:
target_firewall_nodename: firewall
firewall_port_name: dmz
firewall_port_direction: outbound
position: 2
permission: 2
source_ip_id: 3 # dmz_server
dest_ip_id: 2 # client_1
source_port_id: 4
dest_port_id: 4
protocol_id: 3
8:
action: FIREWALL_ACL_REMOVERULE
options:
target_firewall_nodename: firewall
firewall_port_name: dmz
firewall_port_direction: outbound
position: 2
9:
action: FIREWALL_ACL_ADDRULE
options:
target_firewall_nodename: firewall
firewall_port_name: external
firewall_port_direction: inbound
position: 10
permission: 2
source_ip_id: 4 # external_computer
dest_ip_id: 3 # dmz
source_port_id: 5
dest_port_id: 5
protocol_id: 2
10:
action: FIREWALL_ACL_REMOVERULE
options:
target_firewall_nodename: firewall
firewall_port_name: external
firewall_port_direction: inbound
position: 10
11:
action: FIREWALL_ACL_ADDRULE
options:
target_firewall_nodename: firewall
firewall_port_name: external
firewall_port_direction: outbound
position: 1
permission: 2
source_ip_id: 4 # external_computer
dest_ip_id: 2 # client_1
source_port_id: 1
dest_port_id: 1
protocol_id: 1
12:
action: FIREWALL_ACL_REMOVERULE
options:
target_firewall_nodename: firewall
firewall_port_name: external
firewall_port_direction: outbound
position: 1
options:
nodes:
- node_name: client_1
- node_name: dmz_server
- node_name: external_computer
ip_address_order:
- node_name: client_1
nic_num: 1
- node_name: dmz_server
nic_num: 1
- node_name: external_computer
nic_num: 1
max_folders_per_node: 2
max_files_per_folder: 2
max_services_per_node: 2
max_nics_per_node: 8
max_acl_rules: 10
reward_function:
reward_components:
- type: DUMMY
agent_settings:
start_settings:
start_step: 5
frequency: 4
variance: 3
simulation:
network:
nodes:
- ref: client_1
type: computer
hostname: client_1
ip_address: 192.168.0.10
subnet_mask: 255.255.255.0
default_gateway: 192.168.0.1
dns_server: 192.168.20.11
start_up_duration: 0
shut_down_duration: 0
- ref: switch_1
type: switch
hostname: switch_1
num_ports: 8
start_up_duration: 0
shut_down_duration: 0
- ref: router_1
type: router
hostname: router_1
num_ports: 5
start_up_duration: 0
shut_down_duration: 0
ports:
1:
ip_address: 192.168.0.1
subnet_mask: 255.255.255.0
2:
ip_address: 192.168.1.1
subnet_mask: 255.255.255.0
acl:
22:
action: PERMIT
src_port: ARP
dst_port: ARP
23:
action: PERMIT
protocol: ICMP
routes:
- address: 192.168.10.10 # route to dmz_server
subnet_mask: 255.255.255.0
next_hop_ip_address: 192.168.1.2
metric: 0
- address: 192.168.20.10 # route to external_computer
subnet_mask: 255.255.255.0
next_hop_ip_address: 192.168.1.2
metric: 0
- address: 192.168.20.11 # route to external_server
subnet_mask: 255.255.255.0
next_hop_ip_address: 192.168.1.2
metric: 0
- ref: dmz_server
type: server
hostname: dmz_server
ip_address: 192.168.10.10
subnet_mask: 255.255.255.0
default_gateway: 192.168.10.1
dns_server: 192.168.20.11
start_up_duration: 0
shut_down_duration: 0
- ref: switch_2
type: switch
hostname: switch_2
num_ports: 8
start_up_duration: 0
shut_down_duration: 0
- ref: firewall
type: firewall
hostname: firewall
start_up_duration: 0
shut_down_duration: 0
ports:
external_port: # port 1
ip_address: 192.168.20.1
subnet_mask: 255.255.255.0
internal_port: # port 2
ip_address: 192.168.1.2
subnet_mask: 255.255.255.0
dmz_port: # port 3
ip_address: 192.168.10.1
subnet_mask: 255.255.255.0
acl:
internal_inbound_acl:
22:
action: PERMIT
src_port: ARP
dst_port: ARP
23:
action: PERMIT
protocol: ICMP
internal_outbound_acl:
22:
action: PERMIT
src_port: ARP
dst_port: ARP
23:
action: PERMIT
protocol: ICMP
dmz_inbound_acl:
22:
action: PERMIT
src_port: ARP
dst_port: ARP
23:
action: PERMIT
protocol: ICMP
dmz_outbound_acl:
22:
action: PERMIT
src_port: ARP
dst_port: ARP
23:
action: PERMIT
protocol: ICMP
external_inbound_acl:
22:
action: PERMIT
src_port: ARP
dst_port: ARP
external_outbound_acl:
22:
action: PERMIT
src_port: ARP
dst_port: ARP
routes:
- address: 192.168.0.10 # route to client_1
subnet_mask: 255.255.255.0
next_hop_ip_address: 192.168.1.1
metric: 0
- ref: switch_3
type: switch
hostname: switch_3
num_ports: 8
start_up_duration: 0
shut_down_duration: 0
- ref: external_computer
type: computer
hostname: external_computer
ip_address: 192.168.20.10
subnet_mask: 255.255.255.0
default_gateway: 192.168.20.1
dns_server: 192.168.20.11
start_up_duration: 0
shut_down_duration: 0
- ref: external_server
type: server
hostname: external_server
ip_address: 192.168.20.11
subnet_mask: 255.255.255.0
default_gateway: 192.168.20.1
start_up_duration: 0
shut_down_duration: 0
services:
- ref: domain_controller_dns_server
type: DNSServer
links:
- ref: client_1___switch_1
endpoint_a_ref: client_1
endpoint_a_port: 1
endpoint_b_ref: switch_1
endpoint_b_port: 1
- ref: router_1___switch_1
endpoint_a_ref: router_1
endpoint_a_port: 1
endpoint_b_ref: switch_1
endpoint_b_port: 8
- ref: router_1___firewall
endpoint_a_ref: firewall
endpoint_a_port: 2 # internal firewall port
endpoint_b_ref: router_1
endpoint_b_port: 2
- ref: firewall___switch_2
endpoint_a_ref: firewall
endpoint_a_port: 3 # dmz firewall port
endpoint_b_ref: switch_2
endpoint_b_port: 8
- ref: dmz_server___switch_2
endpoint_a_ref: dmz_server
endpoint_a_port: 1
endpoint_b_ref: switch_2
endpoint_b_port: 1
- ref: firewall___switch_3
endpoint_a_ref: firewall
endpoint_a_port: 1 # external firewall port
endpoint_b_ref: switch_3
endpoint_b_port: 8
- ref: external_computer___switch_3
endpoint_a_ref: external_computer
endpoint_a_port: 1
endpoint_b_ref: switch_3
endpoint_b_port: 1
- ref: external_server___switch_3
endpoint_a_ref: external_server
endpoint_a_port: 1
endpoint_b_ref: switch_3
endpoint_b_port: 2