=====policy.py===========
from Zorp.Core import *
from Zorp.Http import
*
from Zorp.Plug import *
InetZone('internet', ['0.0.0.0/0'],
inbound_services=[
"OutgoingRequest",
"HTTP"],
outbound_services=[
"HTTP",
"sshTOweb"])
InetZone('Intranet', ['192.168.0.0/24'],
inbound_services=[])
InetZone('Webserver',
['192.168.0.10/32'],
inbound_services=[
"HTTP",
"sshTOweb"],
outbound_services=[
"OutgoingRequest",
"HTTP"],
admin_parent='Intranet')
def HTTP() :
Service(name="HTTP",
proxy_class=HttpProxy,
router=DirectedRouter(dest_addr=SockAddrInet('192.168.0.
10', 80),
forge_addr=TRUE))
Listener(bindto=SockAddrInet('100.100.100.100', 80), service="HTTP",
backlog=255)
def outgoingRequest() :
Service(name="OutgoingRequest", proxy_class=HttpProxy,
router=TransparentRouter(forge_addr=TRUE))
Listener(bindto=SockAddrInet('192.168.0.5', 80), service="OutgoingRequest",
backlog=255)
def sshTOweb() :
Service(name="sshTOweb",
proxy_class=PlugProxy,
router=DirectedRouter(dest_addr=SockAddrInet('192.16
8.0.10', 22),
forge_addr=TRUE))
Listener(bindto=SockAddrInet('100.100.100.100', 2222), service="sshTOweb",
backlog=255)
=======================
instances.conf
=======================
HTTP --autobind-ip 1.2.3.4 --policy /etc/zorp/policy.py
outgoingRequest
--autobind-ip 1.2.3.4 --policy /etc/zorp/policy.py
sshTOweb --autobind-ip
1.2.3.4 --policy /etc/zorp/policy.py
=============
iptables.in
=============
-A INPUT -m state --state
NEW -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -p tcp --dport
2222 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A
INPUT -p tcp --syn --dport 22 -j ACCEPT
-A INPUT -p tcp --syn --dport
1310:1320 -j ACCEPT