Python TCPService Examples

Example #1

    def testTCPService(self):

        result = TCPService.create('api-tcpservice',
                                   5000,
                                   5005,
                                   comment='blahcomment')
        self.assertTrue(result.href.startswith('http'))

        service = TCPService('api-tcpservice')
        self.assertEqual(service.min_dst_port, 5000)
        self.assertEqual(service.max_dst_port, 5005)
        service.delete()

Example #2

    def testTCPServiceGroup(self):

        tcp = TCPService.create('api-tcp', 5000)
        self.assertTrue(tcp.href.startswith('http'))

        tcp2 = TCPService.create('api-tcp2', 5001)
        self.assertTrue(tcp2.href.startswith('http'))

        result = TCPServiceGroup.create('api-tcpservicegroup',
                                        members=[tcp.href, tcp2.href])
        self.assertTrue(result.href.startswith('http'))

        group = TCPServiceGroup('api-tcpservicegroup')
        self.assertIn(tcp.href, group.element)
        self.assertIn(tcp2.href, group.element)

        group.delete()
        tcp.delete()
        tcp2.delete()

Example #3

    def testServiceGroup(self):
        """ Test service group creation """
        result = TCPService.create('api-tcp', 5000)
        self.assertTrue(result.href.startswith('http'))

        result = UDPService.create('api-udp', 5001)
        self.assertTrue(result.href.startswith('http'))

        tcp = TCPService('api-tcp')
        udp = UDPService('api-udp')
        result = ServiceGroup.create('api-servicegroup',
                                     members=[tcp.href, udp.href],
                                     comment='test')
        self.assertTrue(result.href.startswith('http'))

        group = ServiceGroup('api-servicegroup')
        # Href in service group
        self.assertIn(tcp.href, group.element)
        self.assertIn(udp.href, group.element)

        group.delete()
        tcp.delete()
        udp.delete()

Example #4

    session.login(url=SMC_URL,
                  api_key=API_KEY,
                  verify=False,
                  timeout=120,
                  api_version=API_VERSION)
    print("session OK")

try:
    # check for all engines
    engine_list = list(Engine.objects.all())

    # Create a match_expression
    me = MatchExpression.create(name='mymatch',
                                service=ApplicationSituation('FTP'),
                                service_ports=TCPService('Any TCP Service'))

    # Get Name for first match_expression
    name = MatchExpression.objects.iterator().first().name

    # Get by name
    print("Retrieve {} by name..".format(name))
    match_expression = MatchExpression.get(name)
    print("match_expression={}".format(match_expression))

    # Get by filter
    print("Retrieve {} by filter..".format(name))
    it = MatchExpression.objects.iterator()
    query1 = it.filter(name)
    if query1.exists():
        print("match_expression={}".format(list(query1.all())))

Example #5

File: ngfw.py Project: gabstopper/stonesoft-aws

    def add_policy(self):
        """
        If a client AMI was specified when building a new VPC, this will add
        rules to allow inbound access to the AMI. This could be extended to 
        more generically support VPN rules.
        """
        if not self.firewall_policy:
            self.firewall_policy = 'AWS_Default'
            # Policy not specified, use the default, or check if hidden setting was specified
            try:
                FirewallPolicy.create(name='AWS_Default',
                                      template='Firewall Inspection Template')
            except CreatePolicyFailed:
                pass  # Already exists

        policy = FirewallPolicy(self.firewall_policy)
        # Create the access rule for the network

        options = LogOptions()
        options.log_accounting_info_mode = True
        options.log_level = 'stored'
        options.application_logging = 'enforced'
        options.user_logging = 'enforced'

        action = Action()
        action.deep_inspection = True
        action.file_filtering = False

        outbound_rule = policy.search_rule('AWS outbound access rule')
        if not outbound_rule:
            # Generic outbound access rule
            policy.fw_ipv4_access_rules.create(
                name='AWS outbound access rule',
                sources=[Alias('$$ Interface ID 1.net')],
                destinations='any',
                services='any',
                action=action,
                log_options=options)

        if self.aws_ami_ip and self.nat_ports:
            dest_port = self.nat_ports.get('dest_port')
            redirect_port = self.nat_ports.get('redirect_port')

            services = list(
                TCPService.objects.filter(dest_port))  # @UndefinedVariable
            # Ignore services with protocol agents so we skip SSM
            service = next(
                ([service]
                 for service in services if not service.protocol_agent), [])

            if not service:
                service = [
                    TCPService.create(name='aws_tcp{}'.format(dest_port),
                                      min_dst_port=dest_port)
                ]

            # Create the access rule for the client
            policy.fw_ipv4_access_rules.create(
                name=self.name,
                sources='any',
                destinations=[Alias('$$ Interface ID 0.ip')],
                services=service,
                action='allow',
                log_options=options)
            policy.fw_ipv4_nat_rules.create(
                name=self.name,
                sources='any',
                destinations=[Alias('$$ Interface ID 0.ip')],
                services=service,
                static_dst_nat=self.aws_ami_ip,
                static_dst_nat_ports=(dest_port, redirect_port),
                used_on=self.engine.href)

Example #6

File: sub_policies.py Project: carlos-esteves/fp-NGFW-SMC-python

        session.login(url=URLSMC, api_key=APIKEYSMC, verify=False, timeout=120)
    except BaseException as exception_retournee:
        sys.exit(-1)

    print("session OK")

# Create a Sub Policy
p = FirewallSubPolicy()
p.create("mySubPolicy1")

# add rule to a Sub Policy
p = FirewallSubPolicy('mySubPolicy1')
p.fw_ipv4_access_rules.create(name='newule',
                              sources='any',
                              destinations='any',
                              services=[TCPService('SSH')],
                              action='discard')

print(list(FirewallSubPolicy.objects.all()))

# Create a IPv6 Sub Policy
p = FirewallIPv6SubPolicy()
p.create("myIPv6SubPolicy1")

# add rule to a IPv6 Sub Policy
p = FirewallIPv6SubPolicy('myIPv6SubPolicy1')
p.fw_ipv6_access_rules.create(name='newule',
                              sources='any',
                              destinations='any',
                              services=[TCPService('SSH')],
                              action='discard')

Example #7

    list_vpn = []
    for vpn in vpns:
        print(vpn)
        list_vpn.append(vpn.href)

    sourceVpn = SourceVpn()
    sourceVpn.match_type = "normal"
    sourceVpn.match_vpns = list_vpn

    # add rule to a Policy
    p = FirewallPolicy("myPolicy1")
    p.fw_ipv4_access_rules.create(
        name="newule",
        sources="any",
        destinations="any",
        services=[TCPService("SSH")],
        action="discard",
        match_vpn_options=sourceVpn,
    )

    # add rule without match_vpn_options to a Policy
    p.fw_ipv4_access_rules.create(
        name="newule",
        sources="any",
        destinations="any",
        services=[TCPService("SSH")],
        action="discard",
    )

    # Display SourceVpn for rules
    for rule in p.fw_ipv4_access_rules.all():

Example #8

 def test_tcp_service_with_protocol_agent(self):
     result = TCPService('HTTP')
     self.assertIsInstance(result.protocol_agent, Protocol)

Example #9

    def test_get_or_create_element(self):

        # Will be created anew
        host = Host.get_or_create(filter_key={'address': '123.123.123.123'},
                                  name='kookoo',
                                  address='123.123.123.123')

        self.assertEqual(host.name, 'kookoo')
        self.assertEqual(host.data.get('address'), '123.123.123.123')

        # Will be retrieved
        host = Host.get_or_create(filter_key={'address': '123.123.123.123'},
                                  name='fooboo',
                                  address='123.123.123.123')
        self.assertEqual(host.name, 'kookoo')
        host.delete()

        # Test the two types using meta characters
        network = Network.get_or_create(
            filter_key={'ipv4_network': '172.18.33.0/24'},
            name='mynetwork',
            ipv4_network='172.18.33.0/24')

        self.assertEqual(network.name, 'mynetwork')
        self.assertEqual(network.ipv4_network, '172.18.33.0/24')

        network = Network.get_or_create(
            filter_key={'ipv4_network': '172.18.33.0/24'},
            name='mynetwork',
            ipv4_network='172.18.33.0/24')
        self.assertEqual(network.name, 'mynetwork')
        network.delete()

        # Address Range
        iprange = AddressRange.get_or_create(
            filter_key={'ip_range': '1.1.1.1-1.1.1.10'},
            name='myrange',
            ip_range='1.1.1.1-1.1.1.10')

        self.assertEqual(iprange.name, 'myrange')
        self.assertEqual(iprange.data.get('ip_range'), '1.1.1.1-1.1.1.10')

        iprange = AddressRange.get_or_create(
            filter_key={'ip_range': '1.1.1.1-1.1.1.10'},
            name='myrange',
            ip_range='1.1.1.1-1.1.1.10')

        self.assertEqual(iprange.name, 'myrange')
        iprange.delete()

        vpn = VPNPolicy.get_or_create(name='somepolicy')
        self.assertEqual(vpn.name, 'somepolicy')

        tcp = TCPService.get_or_create(filter_key={'min_dst_port': 8989},
                                       name='myservice',
                                       min_dst_port=8989)
        self.assertIsInstance(tcp, TCPService)
        self.assertEqual(tcp.name, 'myservice')

        tcp = TCPService.get_or_create(filter_key={'min_dst_port': 8989},
                                       name='newservice',
                                       min_dst_port=8989)

        self.assertEqual(tcp.name, 'newservice')

        host = Host.get_or_create(name='grace', address='12.12.12.12')
        self.assertEqual(host.name, 'grace')

        # Already exists
        host = Host.get_or_create(name='grace', address='12.12.12.12')
        self.assertEqual(host.name, 'grace')

Example #10

File: new-customer.py Project: dscnbg/Network

Host.create(name=cnameNAT, address=NATIP, comment='Erstellt via Script')

#################
#Network IPv6 Element erstellen
#################

Network.create(name=cnameV6, ipv6_network=IPV6Network, comment='Erstellt via Script')

#################
#IPv6 Sub Policy erstellen
#################

p = FirewallIPv6SubPolicy.create(name=cnameV6)
p.fw_ipv6_access_rules.create_rule_section(name='Outbound')
p.fw_ipv6_access_rules.create(name='Default Outgoing', sources=[Network(cnameV6)], destinations='any', services=[TCPService('SSH'), TCPService('HTTP'), TCPService('HTTPS'), UDPService('NTP (UDP)'), ServiceGroup('DNS')], action='allow', after='Outbound')
p.fw_ipv6_access_rules.create_rule_section(name='Inbound', add_pos=30)

#################
#IPv4 Sub Policy erstellen
#################

q = FirewallSubPolicy.create(name=cnameV4)
q.fw_ipv4_access_rules.create_rule_section(name='Outbound')
q.fw_ipv4_access_rules.create(name='Default Outgoing', sources=[Host(cnameNAT)], destinations='any', services=[TCPService('SSH'), TCPService('HTTP'), TCPService('HTTPS'), UDPService('NTP (UDP)'), ServiceGroup('DNS')], action='allow', after='Outbound')
q.fw_ipv4_access_rules.create_rule_section(name='Inbound', add_pos=30)

#################
#Jump Points einfügen
#Zur vorsicht in die nicht genutzt Policy "Zweite Policy für Firewall XY"
#################