private void UpdateBannedIPAddressesOnStart() { if (updateBannedIPAddressesOnStartCalled) { return; } updateBannedIPAddressesOnStartCalled = true; if (Config.ClearBannedIPAddressesOnRestart) { Logger.Warn("Clearing all banned ip addresses on start because ClearBannedIPAddressesOnRestart is set"); Firewall.Truncate(); ipDB.Truncate(true); } else { DateTime now = UtcNow; DateTime banEnd = now + Config.BanTimes.First(); Logger.Warn("Syncing firewall and {0} database...", IPBanDB.FileName); // bring all firewall ip into the database, if they already exist they will be ignored ipDB.SetBannedIPAddresses(Firewall.EnumerateBannedIPAddresses().Select(i => new Tuple <string, DateTime, DateTime>(i, now, banEnd)), UtcNow); // remove any rows where the ip address was going to be removed ipDB.DeletePendingRemoveIPAddresses(); // ensure firewall is up to date with all the correct ip addresses, if any ip are in the db but not in the firewall, they will // get synced up here Firewall.BlockIPAddresses(null, ipDB.EnumerateBannedIPAddresses()).Sync(); // set firewall update flag, if any deltas are lingering in the db (state = add pending or remove pending) they will get // processed on the next cycle firewallNeedsBlockedIPAddressesUpdate = true; // report on initial count int count = ipDB.GetIPAddressCount(); Logger.Warn("{0} total ip addresses in the {1} database", count, IPBanDB.FileName); } }
private void LoadFirewall(IPBanConfig oldConfig) { IIPBanFirewall existing = Firewall; Firewall = FirewallCreator.CreateFirewall(Config, Firewall); if (existing != Firewall) { AddUpdater(Firewall); Logger.Warn("Loaded firewall type {0}", Firewall.GetType()); if (existing != null) { RemoveUpdater(existing); // transfer banned ip to new firewall Firewall.BlockIPAddresses(null, ipDB.EnumerateBannedIPAddresses()).Sync(); } } if (oldConfig is null) { // clear out all previous custom rules foreach (string rule in Firewall.GetRuleNames(Firewall.RulePrefix + "EXTRA_").ToArray()) { Firewall.DeleteRule(rule); } } else { // check for updated / new / removed block rules List <string> deleteList = new List <string>(oldConfig.ExtraRules.Select(r => r.Name)); // cleanup rules that are no longer in the config foreach (string newRule in Config.ExtraRules.Select(r => r.Name)) { deleteList.Remove(newRule); } foreach (string rule in deleteList) { foreach (string ruleName in Firewall.GetRuleNames(rule).ToArray()) { Firewall.DeleteRule(ruleName); } } } // ensure firewall is cleared out if needed - will only execute once UpdateBannedIPAddressesOnStart(); // ensure windows event viewer is setup if needed - will only execute once SetupWindowsEventViewer(); // add/update global rules Firewall.AllowIPAddresses("GlobalWhitelist", Config.Whitelist); Firewall.BlockIPAddresses("GlobalBlacklist", Config.BlackList); // add/update user specified rules foreach (IPBanFirewallRule rule in Config.ExtraRules) { if (rule.Block) { Firewall.BlockIPAddresses(rule.Name, rule.IPAddressRanges, rule.AllowPortRanges); } else { Firewall.AllowIPAddresses(rule.Name, rule.IPAddressRanges, rule.AllowPortRanges); } } }