private List <uint> LoadIPAddresses(string ruleName, string action, string hashType, int maxCount) { List <uint> ipAddresses = new List <uint>(); try { if (hashType != "ip") { throw new ArgumentException("Can only load hash of type 'ip'"); } CreateOrUpdateRule(ruleName, action, hashType, maxCount, null, default); // copy ip addresses from the rule to the set string fileName = GetSetFileName(ruleName); if (File.Exists(fileName)) { uint value; foreach (string line in File.ReadLines(fileName).Skip(1)) { string[] pieces = line.Split(' '); if (pieces.Length > 2 && pieces[0] == "add" && (value = IPBanFirewallUtility.ParseIPV4(pieces[2])) != 0) { ipAddresses.Add(value); } } } } catch (Exception ex) { IPBanLog.Error(ex); } return(ipAddresses); }
private int RunProcess(string program, bool requireExitCode, out IReadOnlyList <string> lines, string commandLine, params object[] args) { commandLine = program + " " + string.Format(commandLine, args); commandLine = "-c \"" + commandLine.Replace("\"", "\\\"") + "\""; IPBanLog.Debug("Running firewall process: /bin/bash {0}", commandLine); Process p = new Process { StartInfo = new ProcessStartInfo { FileName = "/bin/bash", Arguments = commandLine, UseShellExecute = false, CreateNoWindow = true, RedirectStandardOutput = true } }; p.Start(); List <string> lineList = new List <string>(); string line; while ((line = p.StandardOutput.ReadLine()) != null) { lineList.Add(line); } lines = lineList; p.WaitForExit(); if (requireExitCode && p.ExitCode != 0) { IPBanLog.Error("Process {0} had exit code {1}", commandLine, p.ExitCode); } return(p.ExitCode); }
private void EventRecordWritten(object sender, EventRecordWrittenEventArgs e) { try { if (e != null && e.EventRecord != null) { EventRecord rec = e.EventRecord; string xml = null; try { xml = rec.ToXml(); } catch { } if (xml != null) { ProcessEventViewerXml(xml); } } } catch (Exception ex) { IPBanLog.Error(ex); } }
public bool DeleteRules(int startIndex = 0) { try { lock (policy) { for (int i = startIndex; ; i += maxIpAddressesPerRule) { string ruleName = RulePrefix + i.ToString(CultureInfo.InvariantCulture); try { INetFwRule rule = policy.Rules.Item(ruleName); if (rule == null) { break; } policy.Rules.Remove(ruleName); } catch { break; } } } return(true); } catch (Exception ex) { IPBanLog.Error(ex); return(false); } }
private void PingFiles() { try { pingTimer.Enabled = false; } catch { } try { // re-open files and read one byte to flush disk cache foreach (WatchedFile file in UpdateWatchedFiles()) { // if file length has changed, ping the file bool delete = false; long len = new FileInfo(file.FileName).Length; // if file has shrunk (deleted and recreated for example) reset positions to 0 if (len < file.LastLength || len < file.LastPosition) { file.LastPosition = 0; } // use file info for length compare to avoid doing a full file open if (len != file.LastLength) { using (FileStream fs = new FileStream(file.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { file.LastLength = len; delete = PingFile(file, fs); } } if (delete) { try { File.Delete(file.FileName); } catch { // OK someone else might have it open, in which case we have no chance to delete } } } } catch (Exception ex) { IPBanLog.Error(ex); } try { pingTimer.Enabled = true; } catch { } }
public bool IsIPAddressAllowed(string ipAddress) { try { lock (policy) { for (int i = 0; ; i += MaxIpAddressesPerRule) { string ruleName = allowRulePrefix + i.ToString(CultureInfo.InvariantCulture); try { INetFwRule rule = policy.Rules.Item(ruleName); if (rule == null) { break; } else if (rule.RemoteAddresses.Contains(ipAddress)) { return(true); } } catch { // OK, rule does not exist } } } } catch (Exception ex) { IPBanLog.Error(ex); } return(false); }
private void SetupEventLogWatcher() { try { List <string> ignored = new List <string>(); string queryString = GetEventLogQueryString(ignored); if (queryString != previousQueryString) { IPBanLog.Warn("Event viewer query string: {0}", queryString); foreach (string path in ignored) { IPBanLog.Warn("Ignoring event viewer path {0}", path); } watcher?.Dispose(); query = new EventLogQuery(null, PathType.LogName, queryString); watcher = new EventLogWatcher(query); watcher.EventRecordWritten += EventRecordWritten; watcher.Enabled = true; previousQueryString = queryString; } } catch (Exception ex) { IPBanLog.Error("Failed to create event viewer watcher", ex); } }
public Task <bool> BlockIPAddresses(string ruleNamePrefix, IEnumerable <IPAddressRange> ranges, IEnumerable <PortRange> allowedPorts, CancellationToken cancelToken = default) { if (string.IsNullOrWhiteSpace(ruleNamePrefix)) { return(Task.FromResult(false)); } try { string prefix = (RulePrefix + ruleNamePrefix).TrimEnd('_') + "_"; // recreate rules int counter = 0; int index = 0; StringBuilder ipList = new StringBuilder(); foreach (IPAddressRange range in ranges) { if (cancelToken.IsCancellationRequested) { throw new OperationCanceledException(cancelToken); } ipList.Append(range.ToCidrString()); ipList.Append(','); if (++counter == MaxIpAddressesPerRule) { ipList.Length--; // remove ending comma GetOrCreateRule(prefix + index.ToString(CultureInfo.InvariantCulture), ipList.ToString(), NET_FW_ACTION_.NET_FW_ACTION_BLOCK, allowedPorts); counter = 0; index += MaxIpAddressesPerRule; ipList.Clear(); } } if (cancelToken.IsCancellationRequested) { throw new OperationCanceledException(cancelToken); } // create rule for any leftover ip addresses if (ipList.Length > 1) { ipList.Length--; // remove ending comma GetOrCreateRule(prefix + index.ToString(CultureInfo.InvariantCulture), ipList.ToString(), NET_FW_ACTION_.NET_FW_ACTION_BLOCK, allowedPorts); index += MaxIpAddressesPerRule; } // delete any leftover rules DeleteRules(prefix, index); return(Task.FromResult(true)); } catch (Exception ex) { IPBanLog.Error(ex); return(Task.FromResult(false)); } }
public Task <bool> BlockIPAddresses(IEnumerable <string> ipAddresses, CancellationToken cancelToken = default) { try { bannedIPAddresses = UpdateRule(blockRuleName, "DROP", ipAddresses, bannedIPAddresses, "ip", blockRuleMaxCount, false, null, cancelToken, out bool result); return(Task.FromResult(result)); } catch (Exception ex) { IPBanLog.Error(ex); return(Task.FromResult(false)); } }
public Task <bool> AllowIPAddresses(IEnumerable <string> ipAddresses, CancellationToken cancelToken = default) { try { allowedIPAddresses = UpdateRule(allowRuleName, "ACCEPT", ipAddresses, allowedIPAddresses, "ip", allowRuleMaxCount, false, null, cancelToken, out bool result); return(Task.FromResult <bool>(result)); } catch (Exception ex) { IPBanLog.Error(ex); return(Task.FromResult <bool>(false)); } }
/// <summary> /// Update - if the text file path exists, all ip addresses from each line will be unbanned /// </summary> public void Update() { try { if (File.Exists(textFilePath)) { UnbanIPAddresses(File.ReadLines(textFilePath)); File.Delete(textFilePath); } } catch (Exception ex) { IPBanLog.Error(ex); } }
public void UnblockIPAddresses(IEnumerable <string> ipAddresses) { try { lock (policy) { for (int i = 0; ; i += MaxIpAddressesPerRule) { string ruleName = RulePrefix + i.ToString(CultureInfo.InvariantCulture); try { INetFwRule rule = policy.Rules.Item(ruleName); if (rule == null) { // no more rules to check break; } string remoteIPs = rule.RemoteAddresses; foreach (string ipAddress in ipAddresses) { remoteIPs = Regex.Replace(remoteIPs, ipAddress.Replace(".", "\\.") + "\\/[^,]+,?", ",", RegexOptions.IgnoreCase); remoteIPs = remoteIPs.Replace(",,", ","); remoteIPs = remoteIPs.Trim().Trim(','); } // ensure we don't have a block rule with no ip addresses, this will block the entire world (WTF Microsoft)... if (string.IsNullOrWhiteSpace(remoteIPs)) { policy.Rules.Remove(rule.Name); } else { rule.RemoteAddresses = remoteIPs; } } catch { // no more rules to check break; } } } } catch (Exception ex) { IPBanLog.Error(ex); } }
public bool BlockIPAddresses(IReadOnlyList <string> ipAddresses) { try { int i; for (i = 0; i < ipAddresses.Count; i += maxIpAddressesPerRule) { CreateBlockRule(ipAddresses, i, maxIpAddressesPerRule); } DeleteRules(i); return(true); } catch (Exception ex) { IPBanLog.Error(ex); return(false); } }
public Task <bool> AllowIPAddresses(IEnumerable <string> ipAddresses, CancellationToken cancelToken = default) { try { List <string> ipAddressesList = new List <string>(); int i = 0; foreach (string ipAddress in ipAddresses) { if (cancelToken.IsCancellationRequested) { throw new OperationCanceledException(); } ipAddressesList.Add(ipAddress); if (ipAddressesList.Count == MaxIpAddressesPerRule) { string remoteIP = CreateRuleStringForIPAddresses(ipAddressesList, i, MaxIpAddressesPerRule); GetOrCreateRule(allowRulePrefix + i.ToString(CultureInfo.InvariantCulture), remoteIP, NET_FW_ACTION_.NET_FW_ACTION_ALLOW); i += MaxIpAddressesPerRule; ipAddressesList.Clear(); } } if (cancelToken.IsCancellationRequested) { throw new OperationCanceledException(); } if (ipAddressesList.Count != 0) { string remoteIP = CreateRuleStringForIPAddresses(ipAddressesList, i, MaxIpAddressesPerRule); GetOrCreateRule(allowRulePrefix + i.ToString(CultureInfo.InvariantCulture), remoteIP, NET_FW_ACTION_.NET_FW_ACTION_ALLOW); i += MaxIpAddressesPerRule; } if (cancelToken.IsCancellationRequested) { throw new OperationCanceledException(); } DeleteRules(allowRulePrefix, i); return(Task.FromResult <bool>(true)); } catch (Exception ex) { IPBanLog.Error(ex); return(Task.FromResult <bool>(false)); } }
public Task <bool> BlockIPAddresses(string ruleNamePrefix, IEnumerable <IPAddressRange> ranges, IEnumerable <PortRange> allowedPorts, CancellationToken cancelToken = default) { if (string.IsNullOrWhiteSpace(ruleNamePrefix)) { return(Task.FromResult(false)); } try { string ruleName = RulePrefix + "_" + ruleNamePrefix + "_0"; UpdateRule(ruleName, "DROP", ranges.Select(r => r.ToCidrString()), null, "net", blockRuleRangesMaxCount, true, allowedPorts, cancelToken, out bool result); return(Task.FromResult(result)); } catch (Exception ex) { IPBanLog.Error(ex); return(Task.FromResult(false)); } }
private static void LoadVersionFromWmiApi() { try { // WMI API sometimes fails to initialize on .NET core on some systems, not sure why... // fall-back to WMI, maybe future .NET core versions will fix the bug using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT Caption, Version FROM Win32_OperatingSystem")) { foreach (var result in searcher.Get()) { FriendlyName = result["Caption"] as string; Version = result["Version"] as string; break; } } } catch (Exception ex) { IPBanLog.Error(ex, "Unable to load os version from wmi api"); } }
public Task <bool> BlockIPAddresses(IEnumerable <string> ipAddresses, CancellationToken cancelToken = default) { try { int i = 0; List <string> ipAddressesList = new List <string>(); foreach (string ipAddress in ipAddresses) { if (cancelToken.IsCancellationRequested) { throw new OperationCanceledException(cancelToken); } ipAddressesList.Add(ipAddress); if (ipAddressesList.Count == MaxIpAddressesPerRule) { CreateBlockRule(ipAddressesList, 0, MaxIpAddressesPerRule, RulePrefix + i.ToStringInvariant()); i += MaxIpAddressesPerRule; ipAddressesList.Clear(); } } if (cancelToken.IsCancellationRequested) { throw new OperationCanceledException(cancelToken); } if (ipAddressesList.Count != 0) { CreateBlockRule(ipAddressesList, 0, MaxIpAddressesPerRule, RulePrefix + i.ToStringInvariant()); i += MaxIpAddressesPerRule; } DeleteRules(RulePrefix, i); return(Task.FromResult(true)); } catch (Exception ex) { IPBanLog.Error(ex); return(Task.FromResult(false)); } }
public bool IsIPAddressAllowed(string ipAddress) { try { lock (policy) { string ruleName = RulePrefix + "AllowIPAddresses"; try { INetFwRule rule = policy.Rules.Item(ruleName); return(rule != null && rule.RemoteAddresses.Contains(ipAddress)); } catch { // OK, rule does not exist } } } catch (Exception ex) { IPBanLog.Error(ex); } return(false); }
static IPBanOS() { try { Version = Environment.OSVersion.VersionString; Description = RuntimeInformation.OSDescription; if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { string tempFile = Path.GetTempFileName(); Process.Start("/bin/bash", "-c \"cat /etc/*release* > " + tempFile + "\"").WaitForExit(); string versionText = File.ReadAllText(tempFile); File.Delete(tempFile); Name = IPBanOS.Linux; FriendlyName = ExtractRegex(versionText, "^(Id|Distrib_Id)=(?<value>.*?)$", string.Empty); if (FriendlyName.Length != 0) { string codeName = ExtractRegex(versionText, "^(Name|Distrib_CodeName)=(?<value>.+)$", string.Empty); if (codeName.Length != 0) { FriendlyName += " - " + codeName; } Version = ExtractRegex(versionText, "^Version_Id=(?<value>.+)$", Version); } } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Name = IPBanOS.Windows; string tempFile = Path.GetTempFileName(); // .net core WMI has a strange bug where WMI will not initialize on some systems // since this is the only place where WMI is used, we can just work-around it // with the wmic executable, which exists (as of 2018) on all supported Windows. StartProcessAndWait("cmd", "/C wmic path Win32_OperatingSystem get Caption,Version /format:table > \"" + tempFile + "\""); if (File.Exists(tempFile)) { string[] lines = File.ReadAllLines(tempFile); File.Delete(tempFile); if (lines.Length > 1) { int versionIndex = lines[0].IndexOf("Version"); if (versionIndex >= 0) { FriendlyName = lines[1].Substring(0, versionIndex - 1).Trim(); Version = lines[1].Substring(versionIndex).Trim(); } } } else { // fall-back to WMI, maybe future .NET core versions will fix the bug using (ManagementObjectSearcher searcher = new ManagementObjectSearcher("SELECT Caption, Version FROM Win32_OperatingSystem")) { foreach (var result in searcher.Get()) { FriendlyName = result["Caption"] as string; Version = result["Version"] as string; break; } } } } else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { // TODO: Implement better for MAC Name = IPBanOS.Mac; FriendlyName = "OSX"; } else { Name = IPBanOS.Unknown; FriendlyName = "Unknown"; } } catch (Exception ex) { IPBanLog.Error(ex); } }
private IPBanConfig(string xml, IDnsLookup dns) { this.dns = dns; // deserialize with XmlDocument, the .net core Configuration class is quite buggy XmlDocument doc = new XmlDocument(); doc.LoadXml(xml); foreach (XmlNode node in doc.SelectNodes("//appSettings/add")) { appSettings[node.Attributes["key"].Value] = node.Attributes["value"].Value; } GetConfig <int>("FailedLoginAttemptsBeforeBan", ref failedLoginAttemptsBeforeBan); GetConfig <TimeSpan>("BanTime", ref banTime); GetConfig <bool>("ClearBannedIPAddressesOnRestart", ref clearBannedIPAddressesOnRestart); GetConfig <TimeSpan>("ExpireTime", ref expireTime); GetConfig <TimeSpan>("CycleTime", ref cycleTime); GetConfig <TimeSpan>("MinimumTimeBetweenFailedLoginAttempts", ref minimumTimeBetweenFailedLoginAttempts); GetConfig <string>("FirewallRulePrefix", ref firewallRulePrefix); GetConfig <bool>("CreateWhitelistFirewallRule", ref createWhitelistFirewallRule); string whiteListString = GetConfig <string>("Whitelist", string.Empty); string whiteListRegexString = GetConfig <string>("WhitelistRegex", string.Empty); string blacklistString = GetConfig <string>("Blacklist", string.Empty); string blacklistRegexString = GetConfig <string>("BlacklistRegex", string.Empty); PopulateList(whiteList, ref whiteListRegex, whiteListString, whiteListRegexString); PopulateList(blackList, ref blackListRegex, blacklistString, blacklistRegexString); if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { expressions = new XmlSerializer(typeof(ExpressionsToBlock)).Deserialize(new XmlNodeReader(doc.SelectSingleNode("//ExpressionsToBlock"))) as ExpressionsToBlock; if (expressions != null) { foreach (ExpressionsToBlockGroup group in expressions.Groups) { foreach (ExpressionToBlock expression in group.Expressions) { expression.Regex = (expression.Regex ?? string.Empty).Trim(); } } } } else { expressions = new ExpressionsToBlock { Groups = new ExpressionsToBlockGroup[0] }; } try { LogFilesToParse logFilesToParse = new XmlSerializer(typeof(LogFilesToParse)).Deserialize(new XmlNodeReader(doc.SelectSingleNode("//LogFilesToParse"))) as LogFilesToParse; logFiles = (logFilesToParse == null ? new LogFileToParse[0] : logFilesToParse.LogFiles); } catch (Exception ex) { IPBanLog.Error(ex); logFiles = new LogFileToParse[0]; } GetConfig <string>("ProcessToRunOnBan", ref processToRunOnBan); // retrieve firewall configuration string[] firewallTypes = GetConfig <string>("FirewallType", string.Empty).Split(',', StringSplitOptions.RemoveEmptyEntries); foreach (string firewallOSAndType in firewallTypes) { string[] pieces = firewallOSAndType.Split(':'); if (pieces.Length == 2) { osAndFirewallType[pieces[0]] = pieces[1]; } } string userNameWhiteListString = GetConfig <string>("UserNameWhiteList", string.Empty); foreach (string userName in userNameWhiteListString.Split(',')) { string userNameTrimmed = userName.Normalize().Trim(); if (userNameTrimmed.Length > 0) { userNameWhitelist.Add(userNameTrimmed); } } GetConfig <int>("UserNameWhiteListMinimumEditDistance", ref userNameWhitelistMaximumEditDistance); GetConfig <int>("FailedLoginAttemptsBeforeBanUserNameWhitelist", ref failedLoginAttemptsBeforeBanUserNameWhitelist); GetConfig <string>("GetUrlUpdate", ref getUrlUpdate); GetConfig <string>("GetUrlStart", ref getUrlStart); GetConfig <string>("GetUrlStop", ref getUrlStop); GetConfig <string>("GetUrlConfig", ref getUrlConfig); GetConfig <string>("ExternalIPAddressUrl", ref externalIPAddressUrl); }
static IPBanOS() { try { // start off with built in version info, this is not as detailed or nice as we like, // so we try some other ways to get more detailed information Version = Environment.OSVersion.VersionString; Description = RuntimeInformation.OSDescription; // attempt to get detailed version info if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { string tempFile = Path.GetTempFileName(); Process.Start("/bin/bash", "-c \"cat /etc/*release* > " + tempFile + "\"").WaitForExit(); System.Threading.Tasks.Task.Delay(100); // wait a small bit for file to really be closed string versionText = File.ReadAllText(tempFile).Trim(); File.Delete(tempFile); if (string.IsNullOrWhiteSpace(versionText)) { IPBanLog.Error(new IOException("Unable to load os version from /etc/*release* ...")); } else { Name = IPBanOS.Linux; FriendlyName = ExtractRegex(versionText, "^(Id|Distrib_Id)=(?<value>.*?)$", string.Empty); if (FriendlyName.Length != 0) { string codeName = ExtractRegex(versionText, "^(Name|Distrib_CodeName)=(?<value>.+)$", string.Empty); if (codeName.Length != 0) { FriendlyName += " - " + codeName; } Version = ExtractRegex(versionText, "^Version_Id=(?<value>.+)$", Version); } } } else if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) { Name = IPBanOS.Windows; string tempFile = Path.GetTempFileName(); // .net core WMI has a strange bug where WMI will not initialize on some systems // since this is the only place where WMI is used, we can just work-around it // with the wmic executable, which exists (as of 2018) on all supported Windows. StartProcessAndWait("cmd", "/C wmic path Win32_OperatingSystem get Caption,Version /format:table > \"" + tempFile + "\""); if (File.Exists(tempFile)) { // try up to 10 times to read the file for (int i = 0; i < 10; i++) { try { string[] lines = File.ReadAllLines(tempFile); File.Delete(tempFile); if (lines.Length > 1) { int versionIndex = lines[0].IndexOf("Version"); if (versionIndex >= 0) { FriendlyName = lines[1].Substring(0, versionIndex - 1).Trim(); Version = lines[1].Substring(versionIndex).Trim(); break; } } throw new IOException("Invalid file generated from wmic"); } catch (Exception ex) { if (i < 9) { System.Threading.Tasks.Task.Delay(200).Wait(); } else { IPBanLog.Error(ex, "Unable to load os version using wmic, trying wmi api..."); // last resort, try wmi api LoadVersionFromWmiApi(); } } } } else { // last resort, try wmi api LoadVersionFromWmiApi(); } } else if (RuntimeInformation.IsOSPlatform(OSPlatform.OSX)) { // TODO: Implement better for MAC Name = IPBanOS.Mac; FriendlyName = "OSX"; } else { Name = IPBanOS.Unknown; FriendlyName = "Unknown"; } } catch (Exception ex) { IPBanLog.Error(ex); } }
private bool GetOrCreateRule(string ruleName, string remoteIPAddresses, NET_FW_ACTION_ action, IEnumerable <PortRange> allowedPorts = null) { remoteIPAddresses = (remoteIPAddresses ?? string.Empty).Trim(); bool emptyIPAddressString = string.IsNullOrWhiteSpace(remoteIPAddresses) || remoteIPAddresses == "*"; bool ruleNeedsToBeAdded = false; lock (policy) { recreateRule: INetFwRule rule = null; try { rule = policy.Rules.Item(ruleName); } catch { // ignore exception, assume does not exist } if (rule == null) { rule = Activator.CreateInstance(ruleType) as INetFwRule; rule.Name = ruleName; rule.Enabled = true; rule.Action = action; rule.Description = "Automatically created by IPBan"; rule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN; rule.EdgeTraversal = false; rule.Grouping = "IPBan"; rule.LocalAddresses = "*"; rule.Profiles = int.MaxValue; // all ruleNeedsToBeAdded = true; } // do not ever set an empty string, Windows treats this as * which means everything if (!emptyIPAddressString) { try { PortRange[] allowedPortsArray = (allowedPorts?.ToArray()); if (allowedPortsArray != null && allowedPortsArray.Length != 0) { rule.Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP; string localPorts; if (action == NET_FW_ACTION_.NET_FW_ACTION_BLOCK) { localPorts = IPBanFirewallUtility.GetPortRangeStringBlockExcept(allowedPortsArray); } else { localPorts = IPBanFirewallUtility.GetPortRangeStringAllow(allowedPortsArray); } rule.LocalPorts = localPorts; } else { try { rule.Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_ANY; } catch { // failed to set protocol to any, we are switching from tcp back to any without ports, the only option is to // recreate the rule if (!ruleNeedsToBeAdded) { policy.Rules.Remove(ruleName); goto recreateRule; } } } rule.RemoteAddresses = remoteIPAddresses; } catch (Exception ex) { // if something failed, do not create the rule emptyIPAddressString = true; IPBanLog.Error(ex); } } if (emptyIPAddressString || string.IsNullOrWhiteSpace(rule.RemoteAddresses) || rule.RemoteAddresses == "*") { // if no ip addresses, remove the rule as it will allow or block everything with an empty RemoteAddresses string try { rule = null; policy.Rules.Remove(ruleName); } catch { } } else if (ruleNeedsToBeAdded) { policy.Rules.Add(rule); } return(rule != null); } }