Example #1
0
        public override void OnUpdateIps()
        {
            base.OnUpdateIps();

            IpAddresses ipsWhiteListOutgoing = GetIpsWhiteListOutgoing(true);

            // Remove IP not present in the new list
            foreach (IpAddress ip in m_ipsWhiteListOutgoing.IPs)
            {
                if (ipsWhiteListOutgoing.Contains(ip) == false)
                {
                    // Remove
                    if (ip.IsV4)
                    {
                        if (m_supportIPv4)
                        {
                            DoIptablesShell("iptables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                    else if (ip.IsV6)
                    {
                        if (m_supportIPv6)
                        {
                            DoIptablesShell("ip6tables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                }
            }

            // Add IP
            foreach (IpAddress ip in ipsWhiteListOutgoing.IPs)
            {
                if (m_ipsWhiteListOutgoing.Contains(ip) == false)
                {
                    // Add
                    if (ip.IsV4)
                    {
                        if (m_supportIPv4)
                        {
                            DoIptablesShell("iptables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                    else if (ip.IsV6)
                    {
                        if (m_supportIPv6)
                        {
                            DoIptablesShell("ip6tables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                }
            }

            m_ipsWhiteListOutgoing = ipsWhiteListOutgoing;
        }
Example #2
0
        public override void OnUpdateIps()
        {
            base.OnUpdateIps();

            IpAddresses ipsFirewalled = GetAllIps(true);

            // Remove IP not present in the new list
            foreach (IpAddress ip in m_currentList.IPs)
            {
                if (ipsFirewalled.Contains(ip) == false)
                {
                    // Remove
                    if (ip.IsV4)
                    {
                        if (m_supportIPv4)
                        {
                            DoIptablesShell("iptables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                    else if (ip.IsV6)
                    {
                        if (m_supportIPv6)
                        {
                            DoIptablesShell("ip6tables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                }
            }

            // Add IP
            foreach (IpAddress ip in ipsFirewalled.IPs)
            {
                if (m_currentList.Contains(ip) == false)
                {
                    // Add
                    if (ip.IsV4)
                    {
                        if (m_supportIPv4)
                        {
                            DoIptablesShell("iptables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                    else if (ip.IsV6)
                    {
                        if (m_supportIPv6)
                        {
                            DoIptablesShell("ip6tables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
                        }
                    }
                }
            }

            m_currentList = ipsFirewalled;
        }
Example #3
0
 public override bool IsContainHostIpAddress(string host)
 {
     return(IpAddresses.Contains(host));
 }
Example #4
0
        public override void OnUpdateIps()
        {
            base.OnUpdateIps();

            IpAddresses ipsWhiteListIncoming = GetIpsWhiteListIncoming();
            IpAddresses ipsWhiteListOutgoing = GetIpsWhiteListOutgoing(true);

            // Incoming - Remove IP not present in the new list
            foreach (IpAddress ip in m_ipsWhiteListIncoming.IPs)
            {
                if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
                {
                    continue;
                }

                if (ipsWhiteListIncoming.Contains(ip) == false)
                {
                    Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "in", "action", "del", "cidr", ip.ToCIDR());
                }
            }

            // Incoming - Add IP
            foreach (IpAddress ip in ipsWhiteListIncoming.IPs)
            {
                if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
                {
                    continue;
                }

                if (m_ipsWhiteListIncoming.Contains(ip) == false)
                {
                    Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "in", "action", "add", "cidr", ip.ToCIDR());
                }
            }

            // Outgoing - Remove IP not present in the new list
            foreach (IpAddress ip in m_ipsWhiteListOutgoing.IPs)
            {
                if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
                {
                    continue;
                }

                if (ipsWhiteListOutgoing.Contains(ip) == false)
                {
                    Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "out", "action", "del", "cidr", ip.ToCIDR());
                }
            }

            // Outgoing - Add IP
            foreach (IpAddress ip in ipsWhiteListOutgoing.IPs)
            {
                if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
                {
                    continue;
                }

                if (m_ipsWhiteListOutgoing.Contains(ip) == false)
                {
                    Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "out", "action", "add", "cidr", ip.ToCIDR());
                }
            }

            m_ipsWhiteListIncoming = ipsWhiteListIncoming;
            m_ipsWhiteListOutgoing = ipsWhiteListOutgoing;
        }