public void EvaluateRules(ProgramSet progSet, bool StrictTest = false) { String InetRanges = FirewallRule.AddrKeywordIntErnet; if (UwpFunc.IsWindows7OrLower) { InetRanges = FirewallRule.GetSpecialNet(InetRanges); } progSet.config.CurAccess = ProgramSet.Config.AccessLevels.Unconfigured; SortedDictionary <ProgramID, RuleStat> RuleStats = new SortedDictionary <ProgramID, RuleStat>(); int enabledCound = 0; foreach (Program prog in progSet.Programs.Values) { RuleStat Stat = new RuleStat(); foreach (FirewallRule rule in prog.Rules.Values) { if (!rule.Enabled) { continue; } enabledCound++; if (!FirewallRule.IsEmptyOrStar(rule.LocalAddresses)) { continue; } if (!FirewallRule.IsEmptyOrStar(rule.LocalPorts) || !FirewallRule.IsEmptyOrStar(rule.RemotePorts)) { continue; } if (rule.IcmpTypesAndCodes != null && rule.IcmpTypesAndCodes.Length > 0) { continue; } bool AllProts = (rule.Protocol == (int)NetFunc.KnownProtocols.Any); bool InetProts = AllProts || (rule.Protocol == (int)FirewallRule.KnownProtocols.TCP) || (rule.Protocol == (int)FirewallRule.KnownProtocols.UDP); if (!InetProts) { continue; } if (rule.Profile != (int)FirewallRule.Profiles.All && (rule.Profile != ((int)FirewallRule.Profiles.Public | (int)FirewallRule.Profiles.Private | (int)FirewallRule.Profiles.Domain))) { continue; } if (rule.Interface != (int)FirewallRule.Interfaces.All) { continue; } if (FirewallRule.IsEmptyOrStar(rule.RemoteAddresses)) { if (rule.Action == FirewallRule.Actions.Allow && InetProts) { Stat.AllowAll |= ((int)rule.Direction); } else if (rule.Action == FirewallRule.Actions.Block && AllProts) { Stat.BlockAll |= ((int)rule.Direction); } } else if (rule.RemoteAddresses == InetRanges) { if (rule.Action == FirewallRule.Actions.Block && AllProts) { Stat.BlockInet |= ((int)rule.Direction); } } else if (rule.RemoteAddresses == FirewallRule.AddrKeywordLocalSubnet) { if (rule.Action == FirewallRule.Actions.Allow && InetProts) { Stat.AllowLan |= ((int)rule.Direction); } } } RuleStats.Add(prog.ID, Stat); } if (RuleStats.Count == 0 || enabledCound == 0) { return; } RuleStat MergedStat = RuleStats.Values.First(); for (int i = 1; i < RuleStats.Count; i++) { RuleStat Stat = RuleStats.Values.ElementAt(i); MergedStat.AllowAll &= Stat.AllowAll; MergedStat.BlockAll &= Stat.BlockAll; MergedStat.AllowLan &= Stat.AllowLan; MergedStat.BlockInet &= Stat.BlockInet; } if ((MergedStat.BlockAll & (int)FirewallRule.Directions.Outboun) != 0 && (!StrictTest || (MergedStat.BlockAll & (int)FirewallRule.Directions.Inbound) != 0)) { progSet.config.CurAccess = ProgramSet.Config.AccessLevels.BlockAccess; } else if ((MergedStat.AllowAll & (int)FirewallRule.Directions.Outboun) != 0 && (!StrictTest || (MergedStat.AllowAll & (int)FirewallRule.Directions.Inbound) != 0)) { progSet.config.CurAccess = ProgramSet.Config.AccessLevels.FullAccess; } else if ((MergedStat.AllowLan & (int)FirewallRule.Directions.Outboun) != 0 && (!StrictTest || ((MergedStat.AllowLan & (int)FirewallRule.Directions.Inbound) != 0 && (MergedStat.AllowLan & (int)FirewallRule.Directions.Inbound) != 0))) { progSet.config.CurAccess = ProgramSet.Config.AccessLevels.LocalOnly; } else if (enabledCound > 0) { progSet.config.CurAccess = ProgramSet.Config.AccessLevels.CustomConfig; } }
public void ApplyRules(ProgramSet progSet, UInt64 expiration = 0) { EvaluateRules(progSet, true); if (progSet.config.NetAccess == ProgramSet.Config.AccessLevels.Unconfigured || progSet.config.NetAccess == ProgramSet.Config.AccessLevels.CustomConfig) { return; } if (progSet.config.NetAccess == progSet.config.CurAccess) { return; } foreach (Program prog in progSet.Programs.Values) { ClearRules(prog, progSet.config.NetAccess != ProgramSet.Config.AccessLevels.CustomConfig); for (int i = 1; i <= 2; i++) { FirewallRule.Directions direction = (FirewallRule.Directions)i; switch (progSet.config.NetAccess) { case ProgramSet.Config.AccessLevels.FullAccess: { // add and enable allow all rule FirewallRule rule = new FirewallRule(prog.ID); rule.Name = MakeRuleName(AllowAllName, expiration != 0, prog.Description); rule.Grouping = RuleGroup; rule.Action = FirewallRule.Actions.Allow; rule.Direction = direction; rule.Enabled = true; ApplyRule(prog, rule, expiration); break; } case ProgramSet.Config.AccessLevels.LocalOnly: { // create block rule only of we operate in blacklist mode //if (GetFilteringMode() == FilteringModes.BlackList) //{ //add and enable block rules for the internet FirewallRule rule1 = new FirewallRule(prog.ID); rule1.Name = MakeRuleName(BlockInet, expiration != 0, prog.Description); rule1.Grouping = RuleGroup; rule1.Action = FirewallRule.Actions.Block; rule1.Direction = direction; rule1.Enabled = true; if (UwpFunc.IsWindows7OrLower) { rule1.RemoteAddresses = FirewallRule.GetSpecialNet(FirewallRule.AddrKeywordIntErnet); } else { rule1.RemoteAddresses = FirewallRule.AddrKeywordIntErnet; } ApplyRule(prog, rule1, expiration); //} //add and enable allow rules for the lan FirewallRule rule2 = new FirewallRule(prog.ID); rule2.Name = MakeRuleName(AllowLan, expiration != 0, prog.Description); rule2.Grouping = RuleGroup; rule2.Action = FirewallRule.Actions.Allow; rule2.Direction = direction; rule2.Enabled = true; //rule.RemoteAddresses = FirewallRule.GetSpecialNet(FirewallRule.AddrKeywordLocalSubnet); rule2.RemoteAddresses = FirewallRule.AddrKeywordLocalSubnet; ApplyRule(prog, rule2, expiration); break; } case ProgramSet.Config.AccessLevels.BlockAccess: { // add and enable broad block rules FirewallRule rule = new FirewallRule(prog.ID); rule.Name = MakeRuleName(BlockAllName, expiration != 0, prog.Description); rule.Grouping = RuleGroup; rule.Action = FirewallRule.Actions.Block; rule.Direction = direction; rule.Enabled = true; ApplyRule(prog, rule, expiration); break; } } } } progSet.config.CurAccess = progSet.config.NetAccess; App.engine.OnRulesChanged(progSet); }