Python Firewall示例

示例#1

文件： slides.py 项目： yaleman/talk-fail2ban-splunk

def workflow_final():
    with Diagram("",
                 outformat='png',
                 filename='images/diagrams/workflow_final',
                 show=False,
                 graph_attr=DIAGRAM_ATTR,
                 node_attr={
                     'margin': "5",
                 }
                 #  direction="TB",
                 ):
        Users(f'"{random.randrange(0,1000)} Hackers"', **COMMON_NODE_ATTR) \
                >> get_diagram_edge() \
                >> [
                    EC2("server", **COMMON_NODE_ATTR),
                    EC2("server", **COMMON_NODE_ATTR),
                    EC2("server", **COMMON_NODE_ATTR),
                    ] \
                >> get_diagram_edge() \
                >> Splunk("", **COMMON_NODE_ATTR) \
                >> get_diagram_edge() \
                >> SimpleStorageServiceS3("Public S3 Bucket", **COMMON_NODE_ATTR) \
                >> get_diagram_edge() \
                << EC2("server", **COMMON_NODE_ATTR) \
                >> get_diagram_edge() \
                >> Firewall("IPTables", fillcolor='red', **COMMON_NODE_ATTR)

示例#2

文件： generate-diagram.py 项目： Necior/dotfiles

#!/usr/bin/env nix-shell
#!nix-shell -i python -p python39Packages.diagrams

from diagrams import Cluster, Diagram
from diagrams.generic.device import Tablet
from diagrams.generic.network import Firewall
from diagrams.k8s.infra import Node
from diagrams.k8s.controlplane import KProxy

with Diagram("My K8s infrastructure"):
    end_user = Tablet("end user")
    firewall = Firewall("cloud firewall")

    with Cluster("Kubernetes cluster"):
        with Cluster("main node"):
            proxy1 = KProxy()
            node1 = Node("aarch64")
            proxy1 >> node1

        node2 = Node("x86_64")
        proxy1 >> node2

    end_user >> firewall >> proxy1

示例#3

from diagrams.aws.network import InternetGateway, RouteTable, VPCRouter
from diagrams.aws.security import KMS, IAMRole
from diagrams.generic.network import Firewall
from diagrams.onprem.network import Internet

graph_attr = {
    "pad": "0",
    "bgcolor": "transparent"
}

with Diagram("template-08", show=False, direction="LR", filename="diagram-08", graph_attr=graph_attr):
    internet = Internet("Public Internet")
    with Cluster("Vpc 10.0.0.0/16"):
        internet_gateway = InternetGateway("Igw")
        internet - internet_gateway
        routeTable = RouteTable("RouteTable")
        routeTable >> Edge(label="0.0.0.0/0", style="dashed") >> internet_gateway
        with Cluster("Subnet 10.0.0.0/24"):
            router = VPCRouter("Router\n10.0.0.1")
            router - Edge(style="dashed") - routeTable
            router - internet_gateway
            ec2 = EC2("ec2\n10.0.0.x")
            ec2 - Edge(style="dashed") - router
            sg = Firewall("SG: 22/tcp")
            ec2 - sg - router
    KMS("KeyPair") - ec2
    ec2Role = IAMRole("Ec2InstanceRole") - ec2

    cw = Cloudwatch("CloudWatch")
    cw - internet

示例#4

文件： homelab.py 项目： brettinternet/homelab

    <FONT color="gray">●</FONT> automated <BR ALIGN="LEFT" />
    <FONT color="green">●</FONT> proxy <BR ALIGN="LEFT" />
    >"""

with Diagram("Homelab", show=False, outformat="png"):
    Node(
        label=legend_text,
        width="4",
        shape="plaintext",
    )

    workstation = Ansible("homelab.git")

    with Cluster("Service Node"):
        ingress = Traefik("ingress")
        middleware = [Firewall("OAuth middlware")]
        ingress >> Edge(style="dashed") >> middleware

        (
            ingress
            >> Edge(color="green")
            >> [
                Server("adguard"),
                Server("espial"),
                Server("miniflux"),
                PostgreSQL("miniflux_db"),
                Server("firefly"),
                PostgreSQL("firefly_db"),
                Server("healthchecks"),
                Server("n8n"),
                PostgreSQL("n8n_db"),

示例#5

    internet_gateway = InternetGateway("Igw")

    internet_gateway - internet

    with Cluster("Vpc 10.0.0.0/16"):
        publicRouteTable = RouteTable("PublicRouteTable")
        publicRouteTable >> Edge(label="0.0.0.0/0",
                                 style="dashed") >> internet_gateway
        privateRouteTable = RouteTable("PrivateRouteTable")
        with Cluster("AZ1 (eu-central-1a)"):
            with Cluster("PublicSubnet 10.0.0.0/24"):
                publicSubnetRouter = VPCRouter("Router\n10.0.0.1")
                publicSubnetRouter - internet_gateway
                publicSubnetRouter - Edge(style="dashed") - publicRouteTable
                ec2 = EC2("ec2\n10.0.0.x")
                webSg = Firewall("SG: 8080/tcp")
                ec2 - Edge(style="dashed") - publicSubnetRouter
                ec2 - webSg - publicSubnetRouter
            with Cluster("PrivateSubnetA 10.0.8.0/24"):
                privateSubnetARouter = VPCRouter("Router\n10.0.8.1")
                privateSubnetARouter - Edge(style="dashed") - privateRouteTable
                dbPrimary = RDS("Database (Primary)")
                dbPrimary - Edge(style="dashed") - privateSubnetARouter
        with Cluster("AZ2 (eu-central-1b)"):
            with Cluster("PrivateSubnetB 10.0.9.0/24"):
                privateSubnetBRouter = VPCRouter("Router\n10.0.9.1")
                privateSubnetBRouter - Edge(style="dashed") - privateRouteTable
                dbSecondary = RDS("Database (Secondary)")
                dbSecondary - Edge(style="dashed") - privateSubnetBRouter

示例#6

from diagrams.generic.network import Firewall
from diagrams.generic.os import Android, IOS, Windows, LinuxGeneral, Centos
from diagrams.oci.connectivity import DNS
from diagrams.onprem.database import MySQL
from diagrams.onprem.inmemory import Redis
from diagrams.onprem.network import Nginx, HAProxy
from diagrams.programming.framework import Django

NUM_APP_SERVERS = 1
NUM_MYSQL_REPLICAS = 2
NUM_UWSGI_FORKS = 2
NUM_REDIS_REPLICAS = 1

with Diagram('Django HA', show=False, direction='TB'):
    lb = Nginx('Load Balancer based on NGINX')
    lb_firewall = Firewall('Firewall of Load Balancer')
    dns = DNS('Any DNS server')

    redis_haproxy = HAProxy('HAProxy for Redis Cluster')
    db_haproxy = HAProxy('HAProxy for MySQL Cluster')

    with Cluster('Users') as users:
        with Cluster('Desktop users'):
            dns << LinuxGeneral() >> lb_firewall >> lb
            dns << Windows() >> lb_firewall >> lb

        with Cluster('Mobile users'):
            dns << IOS() >> lb_firewall >> lb
            dns << Android() >> lb_firewall >> lb

    with Cluster('Redis Cluster'):

示例#7

from diagrams import Diagram, Cluster
from diagrams.onprem.container import Docker
from diagrams.generic.network import Firewall
from diagrams.aws.management import Cloudwatch, ParameterStore
from diagrams.aws.storage import EFS
from diagrams.aws.compute import ECS

with Diagram("AWS ECS Task Definition", show=False, direction="TB"):

    with Cluster("task definition"):
        image = Docker("image")
        ports = Firewall("ports")
        logging = Cloudwatch("logging")
        environment = ECS("environment")
        secrets = ParameterStore("secrets")
        health_check = ECS("health check")
        mount_points = EFS("mount points")

示例#8

import os
import pathlib

from diagrams import Cluster, Diagram, Edge
from diagrams.aws.storage import S3
from diagrams.generic.network import Firewall, Switch
from diagrams.onprem.database import PostgreSQL
from diagrams.onprem.inmemory import Redis
from diagrams.programming.language import NodeJS

filename = "architecture-cloud-gov"

with Diagram("Site Scanner", show=False, filename=filename):

    with Cluster("API"):
        api_data_gov = Firewall("api.data.gov")  # not really a firewall
        router = Switch("Cloud.gov router")

        with Cluster("API Logic"):
            node_api_app = NodeJS("API Logic")

    with Cluster("Data and Storage"):
        postgres = PostgreSQL("AWS-RDS PG")

        with Cluster("Node Cold Storage"):
            cold_storage_node = NodeJS("Cold Storage Code")

        s3_cold_storage = S3("S3 (Cold Storage)")

    with Cluster("Scanning"):
        with Cluster("Configurable CRON jobs"):

示例#9

文件： diagram-12.py 项目： kbialek/aws-workshop

from diagrams.aws.database import RDS
from diagrams.aws.management import Cloudwatch
from diagrams.aws.network import InternetGateway, RouteTable, VPCRouter
from diagrams.aws.security import KMS, IAMRole
from diagrams.aws.storage import S3
from diagrams.generic.network import Firewall
from diagrams.onprem.network import Internet

graph_attr = {
    "pad": "0",
    "bgcolor": "transparent"
}

with Diagram("template-12", show=False, direction="TB", filename="diagram-12", graph_attr=graph_attr):
    with Cluster("Vpc 10.0.0.0/16"):
        webSg = Firewall("SG in 8080/tcp")

        with Cluster("AZ1 (eu-central-1a)"):
            with Cluster("PublicSubnet 10.0.0.0/24"):
                publicSubnetRouter = VPCRouter("Router\n10.0.0.1")
                ec2 = EC2("ec2\n10.0.0.x")
                ec2 - Edge(style="dashed") - publicSubnetRouter
                ec2 - webSg - publicSubnetRouter
            with Cluster("PrivateSubnetA 10.0.8.0/24"):
                privateSubnetARouter = VPCRouter("Router\n10.0.8.1")
                dbPrimary = RDS("Database (Primary)")
                dbPrimary - Edge(style="dashed") - privateSubnetARouter

        dbClientSg = Firewall("SG out 3306/tcp")
        dbServerSg = Firewall("SG in 3306/tcp")