public override void OnUpdateIps()
{
base.OnUpdateIps();
IpAddresses ipsWhiteListOutgoing = GetIpsWhiteListOutgoing(true);
// Remove IP not present in the new list
foreach (IpAddress ip in m_ipsWhiteListOutgoing.IPs)
{
if (ipsWhiteListOutgoing.Contains(ip) == false)
{
// Remove
if (ip.IsV4)
{
if (m_supportIPv4)
{
DoIptablesShell("iptables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
else if (ip.IsV6)
{
if (m_supportIPv6)
{
DoIptablesShell("ip6tables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
}
}
// Add IP
foreach (IpAddress ip in ipsWhiteListOutgoing.IPs)
{
if (m_ipsWhiteListOutgoing.Contains(ip) == false)
{
// Add
if (ip.IsV4)
{
if (m_supportIPv4)
{
DoIptablesShell("iptables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
else if (ip.IsV6)
{
if (m_supportIPv6)
{
DoIptablesShell("ip6tables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
}
}
m_ipsWhiteListOutgoing = ipsWhiteListOutgoing;
}
public override void OnUpdateIps()
{
base.OnUpdateIps();
IpAddresses ipsFirewalled = GetAllIps(true);
// Remove IP not present in the new list
foreach (IpAddress ip in m_currentList.IPs)
{
if (ipsFirewalled.Contains(ip) == false)
{
// Remove
if (ip.IsV4)
{
if (m_supportIPv4)
{
DoIptablesShell("iptables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
else if (ip.IsV6)
{
if (m_supportIPv6)
{
DoIptablesShell("ip6tables", "-D OUTPUT -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
}
}
// Add IP
foreach (IpAddress ip in ipsFirewalled.IPs)
{
if (m_currentList.Contains(ip) == false)
{
// Add
if (ip.IsV4)
{
if (m_supportIPv4)
{
DoIptablesShell("iptables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
else if (ip.IsV6)
{
if (m_supportIPv6)
{
DoIptablesShell("ip6tables", "-I OUTPUT 1 -d " + ip.ToCIDR() + " -j ACCEPT");
}
}
}
}
m_currentList = ipsFirewalled;
}
public override bool IsContainHostIpAddress(string host)
{
return(IpAddresses.Contains(host));
}
public override void OnUpdateIps()
{
base.OnUpdateIps();
IpAddresses ipsWhiteListIncoming = GetIpsWhiteListIncoming();
IpAddresses ipsWhiteListOutgoing = GetIpsWhiteListOutgoing(true);
// Incoming - Remove IP not present in the new list
foreach (IpAddress ip in m_ipsWhiteListIncoming.IPs)
{
if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
{
continue;
}
if (ipsWhiteListIncoming.Contains(ip) == false)
{
Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "in", "action", "del", "cidr", ip.ToCIDR());
}
}
// Incoming - Add IP
foreach (IpAddress ip in ipsWhiteListIncoming.IPs)
{
if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
{
continue;
}
if (m_ipsWhiteListIncoming.Contains(ip) == false)
{
Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "in", "action", "add", "cidr", ip.ToCIDR());
}
}
// Outgoing - Remove IP not present in the new list
foreach (IpAddress ip in m_ipsWhiteListOutgoing.IPs)
{
if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
{
continue;
}
if (ipsWhiteListOutgoing.Contains(ip) == false)
{
Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "out", "action", "del", "cidr", ip.ToCIDR());
}
}
// Outgoing - Add IP
foreach (IpAddress ip in ipsWhiteListOutgoing.IPs)
{
if (((ip.IsV4) && (m_supportIPv4 == false)) || ((ip.IsV6) && (m_supportIPv6 == false)))
{
continue;
}
if (m_ipsWhiteListOutgoing.Contains(ip) == false)
{
Engine.Instance.Elevated.DoCommandSync("netlock-iptables-accept-ip", "layer", (ip.IsV4 ? "ipv4" : "ipv6"), "direction", "out", "action", "add", "cidr", ip.ToCIDR());
}
}
m_ipsWhiteListIncoming = ipsWhiteListIncoming;
m_ipsWhiteListOutgoing = ipsWhiteListOutgoing;
}