-
-
Save cleibl/10ee1f4810b14a497460f47b72daa226 to your computer and use it in GitHub Desktop.
Logic for accessing firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# If Firewall Rule Allows all then call the disable firewall function | |
if allow_all == True: | |
# Require short sleep for demo as it takes a few seconds between log creation and firewall resource completion. Will get 400 Error if we don't | |
time.sleep(20) | |
disable_firewall(project_id, service, firewall_name) | |
print("Firewall %s Disabled" % firewall_name) | |
else: | |
# Function to get all of the allowed Ports for the Firewall Rule. Returns list of ports and ranges | |
allowed_ports = get_allowed_ports_list(project_id, service, firewall_name) | |
# Function checks if SSH is allowed. Returns True or False | |
ssh_allowed = check_for_port_22(allowed_ports) | |
# If TCP Port 22 is allowed and 0.0.0.0/0 is in the Source Ranges List and the Firewall is not disabled, then disable the firewall | |
if ssh_allowed == True and '0.0.0.0/0' in source_ranges and disabled == False: | |
# Require short sleep for demo as it takes a few seconds between log creation and firewall resource completion. Will get 400 Error if we don't | |
time.sleep(20) | |
disable_firewall(project_id, service, firewall_name) | |
print("Firewall %s Disabled" % firewall_name) | |
# If TCP Port 22 is allowed and 0.0.0.0/0 is in the Source Ranges list and the firewall is disabled. Do nothing as Firewall is already disabled | |
elif ssh_allowed == True and '0.0.0.0/0' in source_ranges and disabled == True: | |
print("Firewall %s allows SSH from the Internet but is disabled") | |
# If any of these are false do nothing as SSH is not allowed from the internet | |
else: | |
print('Firewall %s does not allow SSH inbound from the internet' % firewall_name) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment