port refactor - eod commit, airspace still broken
This commit is contained in:
Marek Wolan
@@ -103,13 +103,13 @@ we'll use the following Network that has a client, server, two switches, and a r
|
||||
|
||||
router_1.acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
src_port=Port.ARP,
|
||||
dst_port=Port.ARP,
|
||||
src_port=Port["ARP"],
|
||||
dst_port=Port["ARP"],
|
||||
position=22
|
||||
)
|
||||
|
||||
router_1.acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.ICMP,
|
||||
protocol=IPProtocol["ICMP"],
|
||||
position=23
|
||||
)
|
||||
|
||||
@@ -156,8 +156,8 @@ To prevent all external traffic from accessing the internal network, with except
|
||||
# Exception rule to allow HTTP traffic from external to internal network
|
||||
firewall.internal_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.HTTP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["HTTP"],
|
||||
dst_ip_address="192.168.1.0",
|
||||
dst_wildcard_mask="0.0.0.255",
|
||||
position=2
|
||||
@@ -172,16 +172,16 @@ To enable external traffic to access specific services hosted within the DMZ:
|
||||
# Allow HTTP and HTTPS traffic to the DMZ
|
||||
firewall.dmz_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.HTTP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["HTTP"],
|
||||
dst_ip_address="172.16.0.0",
|
||||
dst_wildcard_mask="0.0.0.255",
|
||||
position=3
|
||||
)
|
||||
firewall.dmz_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.HTTPS,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["HTTPS"],
|
||||
dst_ip_address="172.16.0.0",
|
||||
dst_wildcard_mask="0.0.0.255",
|
||||
position=4
|
||||
@@ -196,9 +196,9 @@ To permit SSH access from a designated external IP to a specific server within t
|
||||
# Allow SSH from a specific external IP to an internal server
|
||||
firewall.internal_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
src_ip_address="10.0.0.2",
|
||||
dst_port=Port.SSH,
|
||||
dst_port=Port["SSH"],
|
||||
dst_ip_address="192.168.1.10",
|
||||
position=5
|
||||
)
|
||||
@@ -212,9 +212,9 @@ To limit database server access to selected external IP addresses:
|
||||
# Allow PostgreSQL traffic from an authorized external IP to the internal DB server
|
||||
firewall.internal_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
src_ip_address="10.0.0.3",
|
||||
dst_port=Port.POSTGRES_SERVER,
|
||||
dst_port=Port["POSTGRES_SERVER"],
|
||||
dst_ip_address="192.168.1.20",
|
||||
position=6
|
||||
)
|
||||
@@ -222,8 +222,8 @@ To limit database server access to selected external IP addresses:
|
||||
# Deny all other PostgreSQL traffic from external sources
|
||||
firewall.internal_inbound_acl.add_rule(
|
||||
action=ACLAction.DENY,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.POSTGRES_SERVER,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["POSTGRES_SERVER"],
|
||||
dst_ip_address="192.168.1.0",
|
||||
dst_wildcard_mask="0.0.0.255",
|
||||
position=7
|
||||
@@ -247,15 +247,15 @@ To authorize HTTP/HTTPS access to a DMZ-hosted web server, excluding known malic
|
||||
# Allow HTTP/HTTPS traffic to the DMZ web server
|
||||
firewall.dmz_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.HTTP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["HTTP"],
|
||||
dst_ip_address="172.16.0.2",
|
||||
position=9
|
||||
)
|
||||
firewall.dmz_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.HTTPS,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["HTTPS"],
|
||||
dst_ip_address="172.16.0.2",
|
||||
position=10
|
||||
)
|
||||
@@ -269,9 +269,9 @@ To facilitate restricted access from the internal network to DMZ-hosted services
|
||||
# Permit specific internal application server HTTPS access to a DMZ-hosted API
|
||||
firewall.internal_outbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
src_ip_address="192.168.1.30", # Internal application server IP
|
||||
dst_port=Port.HTTPS,
|
||||
dst_port=Port["HTTPS"],
|
||||
dst_ip_address="172.16.0.3", # DMZ API server IP
|
||||
position=11
|
||||
)
|
||||
@@ -289,9 +289,9 @@ To facilitate restricted access from the internal network to DMZ-hosted services
|
||||
# Corresponding rule in DMZ inbound ACL to allow the traffic from the specific internal server
|
||||
firewall.dmz_inbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
src_ip_address="192.168.1.30", # Ensuring this specific source is allowed
|
||||
dst_port=Port.HTTPS,
|
||||
dst_port=Port["HTTPS"],
|
||||
dst_ip_address="172.16.0.3", # DMZ API server IP
|
||||
position=13
|
||||
)
|
||||
@@ -301,7 +301,7 @@ To facilitate restricted access from the internal network to DMZ-hosted services
|
||||
action=ACLAction.DENY,
|
||||
src_ip_address="192.168.1.0",
|
||||
src_wildcard_mask="0.0.0.255",
|
||||
dst_port=Port.HTTPS,
|
||||
dst_port=Port["HTTPS"],
|
||||
dst_ip_address="172.16.0.3", # DMZ API server IP
|
||||
position=14
|
||||
)
|
||||
@@ -315,8 +315,8 @@ To block all SSH access attempts from the external network:
|
||||
# Deny all SSH traffic from any external source
|
||||
firewall.external_inbound_acl.add_rule(
|
||||
action=ACLAction.DENY,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.SSH,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["SSH"],
|
||||
position=1
|
||||
)
|
||||
|
||||
@@ -329,8 +329,8 @@ To allow the internal network to initiate HTTP connections to the external netwo
|
||||
# Permit outgoing HTTP traffic from the internal network to any external destination
|
||||
firewall.external_outbound_acl.add_rule(
|
||||
action=ACLAction.PERMIT,
|
||||
protocol=IPProtocol.TCP,
|
||||
dst_port=Port.HTTP,
|
||||
protocol=IPProtocol["TCP"],
|
||||
dst_port=Port["HTTP"],
|
||||
position=2
|
||||
)
|
||||
|
||||
|
||||
@@ -49,7 +49,7 @@ additional steps to configure wireless settings:
|
||||
wireless_router.configure_wireless_access_point(
|
||||
port=1, ip_address="192.168.2.1",
|
||||
subnet_mask="255.255.255.0",
|
||||
frequency=AirSpaceFrequency.WIFI_2_4,
|
||||
frequency=AirSpaceFrequency["WIFI_2_4"],
|
||||
)
|
||||
|
||||
|
||||
@@ -102,8 +102,8 @@ ICMP traffic, ensuring basic network connectivity and ping functionality.
|
||||
network.connect(pc_a.network_interface[1], router_1.router_interface)
|
||||
|
||||
# Configure Router 1 ACLs
|
||||
router_1.acl.add_rule(action=ACLAction.PERMIT, src_port=Port.ARP, dst_port=Port.ARP, position=22)
|
||||
router_1.acl.add_rule(action=ACLAction.PERMIT, protocol=IPProtocol.ICMP, position=23)
|
||||
router_1.acl.add_rule(action=ACLAction.PERMIT, src_port=Port["ARP"], dst_port=Port["ARP"], position=22)
|
||||
router_1.acl.add_rule(action=ACLAction.PERMIT, protocol=IPProtocol["ICMP"], position=23)
|
||||
|
||||
# Configure PC B
|
||||
pc_b = Computer(
|
||||
@@ -130,13 +130,13 @@ ICMP traffic, ensuring basic network connectivity and ping functionality.
|
||||
port=1,
|
||||
ip_address="192.168.1.1",
|
||||
subnet_mask="255.255.255.0",
|
||||
frequency=AirSpaceFrequency.WIFI_2_4,
|
||||
frequency=AirSpaceFrequency["WIFI_2_4"],
|
||||
)
|
||||
router_2.configure_wireless_access_point(
|
||||
port=1,
|
||||
ip_address="192.168.1.2",
|
||||
subnet_mask="255.255.255.0",
|
||||
frequency=AirSpaceFrequency.WIFI_2_4,
|
||||
frequency=AirSpaceFrequency["WIFI_2_4"],
|
||||
)
|
||||
|
||||
# Configure routes for inter-router communication
|
||||
|
||||
@@ -104,7 +104,7 @@ address of 'aa:bb:cc:dd:ee:ff' to port 8080 on the host 10.0.0.10 which has a NI
|
||||
ip_packet = IPPacket(
|
||||
src_ip_address="192.168.0.100",
|
||||
dst_ip_address="10.0.0.10",
|
||||
protocol=IPProtocol.TCP
|
||||
protocol=IPProtocol["TCP"]
|
||||
)
|
||||
# Data Link Layer
|
||||
ethernet_header = EthernetHeader(
|
||||
|
||||
@@ -165,8 +165,8 @@ Perform a horizontal port scan on port 5432 across multiple IP addresses:
|
||||
|
||||
{
|
||||
IPv4Address('192.168.1.12'): {
|
||||
<IPProtocol.TCP: 'tcp'>: [
|
||||
<Port.POSTGRES_SERVER: 5432>
|
||||
<IPProtocol["TCP"]: 'tcp'>: [
|
||||
<Port["POSTGRES_SERVER"]: 5432>
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -192,7 +192,7 @@ Perform a vertical port scan on multiple ports on a single IP address:
|
||||
|
||||
vertical_scan_results = pc_1_nmap.port_scan(
|
||||
target_ip_address=[IPv4Address("192.168.1.12")],
|
||||
target_port=[Port(21), Port(22), Port(80), Port(443)]
|
||||
target_port=[21, 22, 80, 443]
|
||||
)
|
||||
|
||||
.. code-block:: python
|
||||
@@ -200,9 +200,9 @@ Perform a vertical port scan on multiple ports on a single IP address:
|
||||
|
||||
{
|
||||
IPv4Address('192.168.1.12'): {
|
||||
<IPProtocol.TCP: 'tcp'>: [
|
||||
<Port.FTP: 21>,
|
||||
<Port.HTTP: 80>
|
||||
<IPProtocol["TCP"]: 'tcp'>: [
|
||||
<Port["FTP"]: 21>,
|
||||
<Port["HTTP"]: 80>
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -233,7 +233,7 @@ Perform a box scan on multiple ports across multiple IP addresses:
|
||||
|
||||
box_scan_results = pc_1_nmap.port_scan(
|
||||
target_ip_address=[IPv4Address("192.168.1.12"), IPv4Address("192.168.1.13")],
|
||||
target_port=[Port(21), Port(22), Port(80), Port(443)]
|
||||
target_port=[21, 22, 80, 443]
|
||||
)
|
||||
|
||||
.. code-block:: python
|
||||
@@ -241,15 +241,15 @@ Perform a box scan on multiple ports across multiple IP addresses:
|
||||
|
||||
{
|
||||
IPv4Address('192.168.1.13'): {
|
||||
<IPProtocol.TCP: 'tcp'>: [
|
||||
<Port.FTP: 21>,
|
||||
<Port.HTTP: 80>
|
||||
<IPProtocol["TCP"]: 'tcp'>: [
|
||||
<Port["FTP"]: 21>,
|
||||
<Port["HTTP"]: 80>
|
||||
]
|
||||
},
|
||||
IPv4Address('192.168.1.12'): {
|
||||
<IPProtocol.TCP: 'tcp'>: [
|
||||
<Port.FTP: 21>,
|
||||
<Port.HTTP: 80>
|
||||
<IPProtocol["TCP"]: 'tcp'>: [
|
||||
<Port["FTP"]: 21>,
|
||||
<Port["HTTP"]: 80>
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -289,36 +289,36 @@ Perform a full box scan on all ports, over both TCP and UDP, on a whole subnet:
|
||||
|
||||
{
|
||||
IPv4Address('192.168.1.11'): {
|
||||
<IPProtocol.UDP: 'udp'>: [
|
||||
<Port.ARP: 219>
|
||||
<IPProtocol["UDP"]: 'udp'>: [
|
||||
<Port["ARP"]: 219>
|
||||
]
|
||||
},
|
||||
IPv4Address('192.168.1.1'): {
|
||||
<IPProtocol.UDP: 'udp'>: [
|
||||
<Port.ARP: 219>
|
||||
<IPProtocol["UDP"]: 'udp'>: [
|
||||
<Port["ARP"]: 219>
|
||||
]
|
||||
},
|
||||
IPv4Address('192.168.1.12'): {
|
||||
<IPProtocol.TCP: 'tcp'>: [
|
||||
<Port.HTTP: 80>,
|
||||
<Port.DNS: 53>,
|
||||
<Port.POSTGRES_SERVER: 5432>,
|
||||
<Port.FTP: 21>
|
||||
<IPProtocol["TCP"]: 'tcp'>: [
|
||||
<Port["HTTP"]: 80>,
|
||||
<Port["DNS"]: 53>,
|
||||
<Port["POSTGRES_SERVER"]: 5432>,
|
||||
<Port["FTP"]: 21>
|
||||
],
|
||||
<IPProtocol.UDP: 'udp'>: [
|
||||
<Port.NTP: 123>,
|
||||
<Port.ARP: 219>
|
||||
<IPProtocol["UDP"]: 'udp'>: [
|
||||
<Port["NTP"]: 123>,
|
||||
<Port["ARP"]: 219>
|
||||
]
|
||||
},
|
||||
IPv4Address('192.168.1.13'): {
|
||||
<IPProtocol.TCP: 'tcp'>: [
|
||||
<Port.HTTP: 80>,
|
||||
<Port.DNS: 53>,
|
||||
<Port.FTP: 21>
|
||||
<IPProtocol["TCP"]: 'tcp'>: [
|
||||
<Port["HTTP"]: 80>,
|
||||
<Port["DNS"]: 53>,
|
||||
<Port["FTP"]: 21>
|
||||
],
|
||||
<IPProtocol.UDP: 'udp'>: [
|
||||
<Port.NTP: 123>,
|
||||
<Port.ARP: 219>
|
||||
<IPProtocol["UDP"]: 'udp'>: [
|
||||
<Port["NTP"]: 123>,
|
||||
<Port["ARP"]: 219>
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
@@ -15,7 +15,7 @@ Key features
|
||||
- Connects to the :ref:`FTPServer` via the ``SoftwareManager``.
|
||||
- Simulates FTP requests and FTPPacket transfer across a network
|
||||
- Allows the emulation of FTP commands between an FTP client and server:
|
||||
- PORT: specifies the port that server should connect to on the client (currently only uses ``Port.FTP``)
|
||||
- PORT: specifies the port that server should connect to on the client (currently only uses ``Port["FTP"]``)
|
||||
- STOR: stores a file from client to server
|
||||
- RETR: retrieves a file from the FTP server
|
||||
- QUIT: disconnect from server
|
||||
|
||||
Reference in New Issue
Block a user