Use case Most common usage of a proxy firewall (or reverse proxy) for server protection is to control and inspect HTTP traffic. This is a simple example that shows how the traffic can be manipulated using Zorp and at the same time gives a solution to a relevant technical problem. In case you cannot keep the client’s IP address for network topology reasons, debugging the web application will become almost impossible, as the web server will log all requests as tough it was coming from the firewall. It might not be possible to keep the IP address for various reasons, such ... [Read More]

Use case It is a general use case that we want to grant access for a user to an FTP server on the Internet to allow downloading anything, but at the same time we want to prevent them from uploading anything. Solution The application level solution of the problem is to accept the read-only commands of the FTP protocol, but drop the commands used to write to the server (for example: PUT). As it is a general issue, Zorp provides a predefined proxy to perform that, so the system administrator does not have to do anything to implement a read-only ... [Read More]

Use case A common requirement is the following case: Client connects to a proxy server, that appears to the client as an ordinary server, but it forwards the request to the origin server, which handles it. Thus, we communicate with the origin server through a proxy server. For example we reach a mail server in DMZ, we connect to a firewall, but in reality, we communicate with the SMTP server in the DMZ.Solution The communication can be inspected on the protocol level, since the SMTP proxy is available in Zorp. Based on the ... [Read More]

Zorp Kernel Module KZorp is the kernel module of the Zorp application level firewall. The module makes possible to make kernel space decisions about the traffic according to the configured Zorp policy. It also provides some extensions to IPTables so that you can build your own packet filter ruleset that uses Zorp concepts and policy objects. Rule evaluation Zorp communicates the policy to KZorp when starting up, so inital policy decisions can be applied to certain traffic in kernel space. As the result of the decision, packets are either dropped or put back to the chain of IPTables where the KZORP ... [Read More]

Use case We intend to use the firewall as a proxy server, like a Squid web cache. Solution The solution is very simple, since there is a proxy class that we can use to control the traffic on the proxy level. In this case, the clients connect to Zorp that acts as a proxy server, and allows traffic flow according to the rules, but communicates with the clients "in the proxy language".from Zorp.Http import *def default_instance(): Service(name="service_http_nontransparent_inband", proxy_class=HttpProxyNonTransparent, ... [Read More]

Use case The most common use case of a proxy firewall - including Zorp - nowadays is to rule the Internet, meaning to take control over the HTTP traffic. This is a simple, but good example to show the advantage of a proxy firewall technology. When the system administrator has to grant access to the World Wide Web, usually only one rule is created, which opens port 80 to the Internet. It solves the original problem, but generates another one. With the help of this rule anybody can access any kind of service of any server on the port ... [Read More]

1  Zone 1.1  What Zone is good for? Usually access to the services is controlled by the attributes of lower layers of the ISO/OSI model, like IP addresses or ports. Zorp, compared with other firewall suites, has an extra feature. There is a possibility to define sets of IP subnetworks, called Zones. 1.1.1  Administrative Hierarchy Zones group IP subnetworks that administratively belong together. What is it good for? In this way an administrative hierarchy can be created that is independent from the network topology, reflecting only the network policy. Imagine the situation when all those who are permitted to access an FTP servers for ... [Read More]

This post is the transcript of Zorp the Firewall of Bastard Operator from Hell presentation was made on Linux Open Administration Days 2012 at Antwerp, Belgium. If somebody missed it, but interested in an open source proxy firewall capable of deep protocol analysis,  now it is available also with the presentation itself. Many thanks to the organizers for Zorp could be there.Introduction As you can see on the initial slide this is the Zorp, the firewall of the bastard operator from hell presentation. This show is about the Zorp firewall application which is ... [Read More]

A marketing specialist would claim that it is “good for everything”. Not being one of them, we would rather say that Zorp is not the philosopher’s stone, however, it can solve almost any issue that can be expected from a deep protocol analyzer proxy firewall. The most important cases are the following: Access control Access control is a basic functionality of proxy firewalls, but Zorp has an extra feature compared with other firewall suites. Access to the services can be controlled by the attributes of lower layers of the ISO/OSI model, like IP addresses or ports, but in case ... [Read More]

Briefly Zorp is an open source proxy firewall with deep protocol analysis. It sounds very sophisticated at first, however, the explanation below will make it easy to understand. Protocol analysis Resulting from their functionality firewalls can analyze the network traffic to a certain extent, since without it, it would not be possible for the administrators to control the traffic. This is not different with Zorp. The difference between the firewall applications result from the depth of the analysis. For instance when administrators use Netfilter traffic can only be controlled up until layer 4 (traffic) of the ISO/OSI model. In contrast ... [Read More]