public bool RemoveRule(FirewallRuleEx rule)
{
List <byte[]> args = new List <byte[]>();
args.Add(PutStr(rule.guid));
args.Add(PutProgID(rule.ProgID)); // we tell the progid so that we dont need to check all programs
List <byte[]> ret = RemoteExec("RemoveRule", args);
return(ret != null?GetBool(ret[0]) : false);
}
public void NotifyChange(Program prog, FirewallRuleEx rule, Priv10Engine.RuleEventType type, Priv10Engine.RuleFixAction action)
{
List <byte[]> args = new List <byte[]>();
args.Add(PutProg(prog));
args.Add(PutRule(rule));
args.Add(PutStr(type));
args.Add(PutStr(action));
SendPushNotification("ChangeNotification", args);
}
public int SetRuleApproval(Priv10Engine.ApprovalMode Mode, FirewallRuleEx rule)
{
List <byte[]> args = new List <byte[]>();
args.Add(PutStr(Mode));
args.Add(PutStr(rule != null ? rule.guid : null)); // null means all rules
args.Add(PutProgID(rule != null ? rule.ProgID : null)); // we tell the progid so that we dont need to check all programs
List <byte[]> ret = RemoteExec("SetRuleApproval", args);
return(ret != null?GetInt(ret[0]) : 0);
}
public void NotifyChange(Program prog, FirewallRuleEx rule, Priv10Engine.RuleEventType type, Priv10Engine.RuleFixAction action)
{
Priv10Engine.ChangeArgs args = new Priv10Engine.ChangeArgs()
{
prog = prog,
rule = rule,
type = type,
action = action
};
SendPushNotification("ChangeNotification", args);
}
public bool Load(XmlNode entryNode)
{
foreach (XmlNode node in entryNode.ChildNodes)
{
if (node.Name == "ID")
{
ProgramID id = new ProgramID();
if (id.Load(node))
{
ID = id;
}
}
else if (node.Name == "Description")
{
Description = node.InnerText;
}
else if (node.Name == "FwRules")
{
foreach (XmlNode childNode in node.ChildNodes)
{
FirewallRuleEx rule = new FirewallRuleEx();
rule.ProgID = ID;
if (rule.Load(childNode) && !Rules.ContainsKey(rule.guid))
{
Rules.Add(rule.guid, rule);
}
else
{
App.LogError("Failed to load Firewall RuleEx {0} in {1}", rule.Name != null ? rule.Name : "[un named]", this.Description);
}
}
}
else if (node.Name == "DnsLog")
{
foreach (XmlNode childNode in node.ChildNodes)
{
DnsEntry Entry = new DnsEntry(ID);
if (Entry.Load(childNode) && !DnsLog.ContainsKey(Entry.HostName))
{
DnsLog.Add(Entry.HostName, Entry);
}
else
{
App.LogError("Failed to load DnsLog Entry in {0}", this.Description);
}
}
}
else
{
AppLog.Debug("Unknown Program Value, '{0}':{1}", node.Name, node.InnerText);
}
}
return(ID != null);
}
public FirewallRuleEx(FirewallRuleEx other, FirewallRule rule)
{
this.State = other.State;
//this.Changed = other.Changed;
this.LastChangedTime = other.LastChangedTime;
this.ChangedCount = other.ChangedCount;
this.Expiration = other.Expiration;
this.Backup = other.Backup;
this.Assign(rule);
}
public bool ApplyRule(Program prog, FirewallRule rule, UInt64 expiration = 0)
{
if (!UpdateRule(rule)) // if the rule is new i.e. guid == null this call will set a new unique guid and add the rule to the global list
{
return(false);
}
FirewallRuleEx ruleEx;
if (!prog.Rules.TryGetValue(rule.guid, out ruleEx))
{
ruleEx = new FirewallRuleEx();
ruleEx.ProgID = FirewallRuleEx.GetIdFromRule(rule);
prog.Rules.Add(rule.guid, ruleEx);
}
ruleEx.Expiration = expiration;
ruleEx.SetApplied();
ruleEx.Assign(rule);
return(true);
}
protected byte[] PutRule(FirewallRuleEx rule)
{
return(PutObjXml(rule, (FirewallRuleEx obj, XmlWriter writer) => { obj.Store(writer); }));
}
public void ApplyRules(ProgramSet progSet, UInt64 expiration = 0)
{
EvaluateRules(progSet, true);
if (progSet.config.NetAccess == ProgramConfig.AccessLevels.Unconfigured)
{
return;
}
if (progSet.config.NetAccess == progSet.config.CurAccess)
{
return;
}
foreach (Program prog in progSet.Programs.Values)
{
ClearRules(prog, progSet.config.NetAccess != ProgramConfig.AccessLevels.CustomConfig);
if (progSet.config.NetAccess == ProgramConfig.AccessLevels.CustomConfig)
{
continue; // dont create any rules
}
for (int i = 1; i <= 2; i++)
{
FirewallRule.Directions direction = (FirewallRule.Directions)i;
if ((progSet.config.NetAccess == ProgramConfig.AccessLevels.InBoundAccess && direction != FirewallRule.Directions.Inbound) ||
(progSet.config.NetAccess == ProgramConfig.AccessLevels.OutBoundAccess && direction != FirewallRule.Directions.Outbound))
{
continue;
}
switch (progSet.config.NetAccess)
{
case ProgramConfig.AccessLevels.FullAccess:
case ProgramConfig.AccessLevels.InBoundAccess:
case ProgramConfig.AccessLevels.OutBoundAccess:
{
// add and enable allow all rule
FirewallRule rule = new FirewallRule();
FirewallRuleEx.SetProgID(rule, prog.ID);
rule.Name = MakeRuleName(AllowAllName, expiration != 0, prog.Description);
rule.Grouping = RuleGroup;
rule.Action = FirewallRule.Actions.Allow;
rule.Direction = direction;
rule.Enabled = true;
ApplyRule(prog, rule, expiration);
break;
}
case ProgramConfig.AccessLevels.LocalOnly:
{
// create block rule only of we operate in blacklist mode
//if (GetFilteringMode() == FilteringModes.BlackList)
//{
//add and enable block rules for the internet
FirewallRule rule1 = new FirewallRule();
FirewallRuleEx.SetProgID(rule1, prog.ID);
rule1.Name = MakeRuleName(BlockInet, expiration != 0, prog.Description);
rule1.Grouping = RuleGroup;
rule1.Action = FirewallRule.Actions.Block;
rule1.Direction = direction;
rule1.Enabled = true;
if (UwpFunc.IsWindows7OrLower)
{
rule1.RemoteAddresses = GetSpecialNet(FirewallRule.AddrKeywordIntErnet);
}
else
{
rule1.RemoteAddresses = FirewallRule.AddrKeywordIntErnet;
}
ApplyRule(prog, rule1, expiration);
//}
//add and enable allow rules for the lan
FirewallRule rule2 = new FirewallRule();
FirewallRuleEx.SetProgID(rule2, prog.ID);
rule2.Name = MakeRuleName(AllowLan, expiration != 0, prog.Description);
rule2.Grouping = RuleGroup;
rule2.Action = FirewallRule.Actions.Allow;
rule2.Direction = direction;
rule2.Enabled = true;
//rule.RemoteAddresses = FirewallRule.GetSpecialNet(FirewallRule.AddrKeywordLocalSubnet);
rule2.RemoteAddresses = FirewallRule.AddrKeywordLocalSubnet;
ApplyRule(prog, rule2, expiration);
break;
}
case ProgramConfig.AccessLevels.BlockAccess:
{
// add and enable broad block rules
FirewallRule rule = new FirewallRule();
FirewallRuleEx.SetProgID(rule, prog.ID);
rule.Name = MakeRuleName(BlockAllName, expiration != 0, prog.Description);
rule.Grouping = RuleGroup;
rule.Action = FirewallRule.Actions.Block;
rule.Direction = direction;
rule.Enabled = true;
ApplyRule(prog, rule, expiration);
break;
}
}
}
}
progSet.config.CurAccess = progSet.config.NetAccess;
App.engine.OnRulesUpdated(progSet);
}
public bool Load(XmlNode entryNode)
{
foreach (XmlNode node in entryNode.ChildNodes)
{
if (node.Name == "ID")
{
ProgramID id = new ProgramID();
if (id.Load(node))
{
// COMPAT: remove service tag
ID = FirewallRuleEx.AdjustProgID(id);
}
}
else if (node.Name == "Description")
{
Description = node.InnerText;
}
else if (node.Name == "ReceivedBytes")
{
UInt64.TryParse(node.InnerText, out OldDownload);
}
else if (node.Name == "SentBytes")
{
UInt64.TryParse(node.InnerText, out OldUpload);
}
else if (node.Name == "FwRules")
{
foreach (XmlNode childNode in node.ChildNodes)
{
FirewallRuleEx rule = new FirewallRuleEx();
rule.ProgID = ID; // todo: remove later, load loads this amyways
if (rule.Load(childNode) && !Rules.ContainsKey(rule.guid))
{
// COMPAT: update entry, old version did not save these data separatly
//if (ID.Type != ProgramID.Types.Global && (rule.BinaryPath == null && rule.ServiceTag == null && rule.AppSID == null))
// rule.SetProgID(ID);
Rules.Add(rule.guid, rule);
}
else
{
Priv10Logger.LogError("Failed to load Firewall RuleEx {0} in {1}", rule.Name != null ? rule.Name : "[un named]", this.Description);
}
}
}
else if (node.Name == "DnsLog")
{
foreach (XmlNode childNode in node.ChildNodes)
{
DnsEntry Entry = new DnsEntry(ID);
if (Entry.Load(childNode) && !DnsLog.ContainsKey(Entry.HostName))
{
DnsLog.Add(Entry.HostName, Entry);
}
else
{
Priv10Logger.LogError("Failed to load DnsLog Entry in {0}", this.Description);
}
}
}
else
{
AppLog.Debug("Unknown Program Value, '{0}':{1}", node.Name, node.InnerText);
}
}
if (Description == null || Description.Substring(0, 2) == "@{")
{
Description = GetDescription();
}
return(ID != null);
}