static void MakeOutRule(string text) { if (text.StartsWith("http://")) { text = text.Replace("http://", ""); } if (text.StartsWith("https://")) { text = text.Replace("https://", ""); } IPAddress addr = null; if (!IPAddress.TryParse(text, out addr)) { return; } FwOutRule rule = new FwOutRule(addr); if (CheckRule(rule)) { if (!MakeSubNetRules(rule)) { log.WI("Adding new rule for IP [" + rule.RemoteAddresses + "]"); AddFwRule(rule); outRules.Add(rule); } } else { log.WI("Rule for IP [" + rule.RemoteAddresses + "] or subnet already exists. Skipped"); } }
static void LoadOutRules() { INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance( Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); List <INetFwRule> rules = new List <INetFwRule>(); foreach (var ruleObj in firewallPolicy.Rules) { if (ruleObj is INetFwRule) { rules.Add(ruleObj as INetFwRule); } } foreach (var fwRule in rules) { if (fwRule.Direction == NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT && fwRule.Name.StartsWith(AppName)) { var rule = new FwOutRule(fwRule); if (CheckRule(rule)) { outRules.Add(rule); } else { firewallPolicy.Rules.Remove(fwRule.Name); log.WI("Removed duplicate rule for IP [" + rule.RemoteAddresses + "]"); } } } }
public FwOutRule(FwOutRule rule) : this(rule.Text) { ApplicationName = rule.ApplicationName; Name = rule.Name; Description = rule.Description; _remoteAddresses = rule.RemoteAddresses; _mask = rule._mask; }
public FwOutRule(FwOutRule rule) : this() { Action = rule.Action; ApplicationName = rule.ApplicationName; Description = rule.Description; Enabled = rule.Enabled; Name = rule.Name; RemoteAddresses = rule.RemoteAddresses; Enabled = true; }
static bool CheckRule(FwOutRule rule) { if (outRules.Exists(r => r.RemoteAddresses.StartsWith(rule.RemoteAddresses))) { return(false); } if (outRules.Exists(r => !r.IsIPRule && r.SubNet == rule.SubNet)) { return(false); } return(true); }
static void AddFwRule(FwOutRule rule) { INetFwRule firewallRule = (INetFwRule)Activator.CreateInstance( Type.GetTypeFromProgID("HNetCfg.FWRule")); firewallRule.Action = rule.Action; firewallRule.Description = rule.Description; firewallRule.Direction = rule.Direction; firewallRule.Enabled = rule.Enabled; firewallRule.InterfaceTypes = "All"; firewallRule.Name = rule.Name; firewallRule.RemoteAddresses = rule.RemoteAddresses; if (!string.IsNullOrEmpty(rule.ApplicationName)) { firewallRule.ApplicationName = rule.ApplicationName; } INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance( Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); firewallPolicy.Rules.Add(firewallRule); }
static bool MakeSubNetRules(FwOutRule rule) { if (rule.IsIPRule && !outRules.Exists(r => !r.IsIPRule && r.SubNet == rule.SubNet)) { var cnt = outRules.Count(r => r.Name != rule.Name && r.SubNet == rule.SubNet); if (cnt > 0) { var sRule = new FwOutRule(rule); sRule.RemoteAddresses = rule.SubNet + "0/255.255.255.0"; sRule.Name = string.Format("{0} Used to block an SubNet [{1}]", AppName, sRule.RemoteAddresses); log.WI("Adding new rule for SubNet [" + sRule.RemoteAddresses + "]"); AddFwRule(sRule); outRules.Add(sRule); return(true); } } return(false); }
static bool IsWhiteRule(FwOutRule rule) { if (rule.RemoteAddresses.StartsWith("0.0.")) { return true; } if ((string.IsNullOrEmpty(rule.ApplicationName) || rule.ApplicationName == "*") && outWhiteIPRules.Exists(r => r.IsInclude(rule))) { return true; } return false; }
static void AddWhiteListRule(FwOutRule rule) { if (!outWhiteIPs.Contains(rule.IPStr)) { log.WI("Rule for [" + rule.RemoteAddresses + "] added to White List"); outWhiteIPs.Add(rule.IPStr); } outWhiteIPRules.Add(rule); var restartDNS = false; IPHostEntry entry = GetDomain(rule); if (entry != null && !outWhiteDomains.Contains(entry.HostName)) { if (CheckDomain(entry.HostName)) { log.WI("Rule for Domain [" + entry.HostName + "] added to White List"); outWhiteDomains.Add(entry.HostName); restartDNS = true; } } SaveWhiteLists(); if (restartDNS) { // insure that BIND does not block this domain anymore LoadBindAssHoles(); } }
public static void SplitRule(FwOutRule sr, FwOutRule ir) { if (!sr.IsIPRule) { var newRules = new List<FwOutRule>(); if (!SplitSubnetRule(sr, ir, ref newRules)) { throw new Exception("Cannot split SubNet rule!"); } outRules.Remove(sr); foreach (var nr in newRules) { if (CheckRule(nr)) { AddFwRule(nr); outRules.Add(nr); log.WI("Added new rule for [" + nr.RemoteAddresses + "]"); } } } RemoveFwRule(sr); }
public static void LoadOutRulesFile(string fileName, bool withDomains = false) { var remoteAddrs = LoadFiles(fileName); foreach (var ra in remoteAddrs) { FwOutRule rule = new FwOutRule(new FwRuleText(ra), ra); if (CheckRule(rule)) { AddFwRule(rule); outRules.Add(rule); } if (IsWhiteRule(rule) && IsRuleExists(rule)) { RemoveFwRule(rule); } } if (withDomains) { throw new NotImplementedException(); } }
static void MakeOutRule(string text, bool clear, bool addToWhiteList) { if (text.StartsWith("http://")) text = text.Replace("http://", ""); if (text.StartsWith("https://")) text = text.Replace("https://", ""); if (text.StartsWith("www.")) text = text.Replace("www.", ""); bool isIPRange = false; IPAddress[] addrs = null; IList<uint[]> rangeAddrs = null; if (IsIPRange(text)) { isIPRange = true; rangeAddrs = GetIPRangeAddress(text); addrs = rangeAddrs.Select(ra => new IPAddress(ra[0])).ToArray(); } else { try { addrs = Dns.GetHostAddresses(text); } catch (Exception) { } } if (addrs != null) { for (int i = 0; i < addrs.Length; i++) { var addr = addrs[i]; if (addr.AddressFamily == AddressFamily.InterNetworkV6) { continue; } FwOutRule rule = null; if (isIPRange) { rule = new FwOutRule(new FwRuleText(text), (uint)addr.Address, rangeAddrs[i][1]); } else { rule = new FwOutRule(new FwRuleText(text), addr); } var exists = IsRuleExists(rule); var isWhite = IsWhiteRule(rule); if (exists && isWhite) { log.WI("White List rule bloked!!! [" + rule.RemoteAddresses + "]."); var sameRules = outRules.Where(r => r.IsInclude(rule)).ToList(); foreach (var sr in sameRules) { if (IsRuleExists(sr)) { SplitRule(sr, rule); } } } if (clear) { if (exists) { var sameRules = outRules.Where(r => r.IsInclude(rule)).ToList(); foreach (var sr in sameRules) { if (IsRuleExists(sr)) { SplitRule(sr, rule); } } } if (!isWhite && addToWhiteList) { AddWhiteListRule(rule); } } else { if (!exists && !isWhite) { if (checkWhoIs && !isIPRange) { if (!checkWhoIsDlg(rule.IPStr)) { continue; } } if (!MakeSubNetRules(rule)) { log.WI(string.Format("Adding new rule for [{0}].", rule.RemoteAddresses)); AddFwRule(rule); outRules.Add(rule); } if (!isIPRange) { var entry = GetDomain(rule); if (entry != null) { DisableDNS(entry.HostName); } } continue; } if (isWhite) { log.WI("Rule for [" + rule.RemoteAddresses + "] is already in White List. Skipped"); continue; } if (exists) { log.WI("Rule for [" + rule.RemoteAddresses + "] is already exists. Skipped"); continue; } } } if (!isIPRange) { DisableDNS(text); } } }
public bool IsInclude(FwOutRule rule) { if (rule.IP == IP) { return true; } var wildCard = ~_mask; if ((IP | wildCard) == (rule.IP | wildCard)) { return true; } //var ruleWildCard = ~rule._mask; //if ((IP | ruleWildCard) == (rule.IP | ruleWildCard)) //{ // return true; //} return false; }
static bool SplitSubnetRule(FwOutRule sr, FwOutRule ir, ref List<FwOutRule> rules) { if (sr == null && sr.IsIPRule) { throw new ArgumentException(nameof(sr)); } if (ir.ReversedEndIP < sr.ReversedStartIP || ir.ReversedStartIP > sr.ReversedEndIP) { return false; } rules.Clear(); var fsRIP = sr.ReversedStartIP; var feRIP = ir.ReversedStartIP - 1; var lsRIP = ir.ReversedEndIP + 1; var leRIP = sr.ReversedEndIP; if (fsRIP <= feRIP) { var fRange = new List<uint[]>(); FwOutRule.GetMaskedIPRange(FwOutRule.ReverseIP(fsRIP), FwOutRule.ReverseIP(feRIP), out fRange); if (fRange.Count > 0) { rules.AddRange(fRange.Select(im => new FwOutRule(FwRuleText.Empty, im[0], im[1]))); } } if (lsRIP <= leRIP) { var lRange = new List<uint[]>(); FwOutRule.GetMaskedIPRange(FwOutRule.ReverseIP(lsRIP), FwOutRule.ReverseIP(leRIP), out lRange); if (lRange.Count > 0) { rules.AddRange(lRange.Select(im => new FwOutRule(FwRuleText.Empty, im[0], im[1]))); } } return rules.Count > 0; }
static void RemoveFwRule(FwOutRule rule) { INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance( Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); firewallPolicy.Rules.Remove(rule.Name); firewallPolicy.Rules.Remove(rule.OldName1); firewallPolicy.Rules.Remove(rule.OldName2); firewallPolicy.Rules.Remove(rule.OldName3); log.WI("Removed rule for [" + rule.RemoteAddresses + "]", false); }
private static bool MergeSubNetRulesImpl(IList<FwOutRule> rules, IList<FwOutRule> outr, bool listOnly = false) { var res = true; var rangeList = new List<FwOutRule>(); for (int i = 0; i < rules.Count - 1; i++) { var curr = rules[i]; var next = rules[i + 1]; if (curr.ReversedEndIP + 1 == next.ReversedStartIP) { if (rangeList.Count == 0) { rangeList.Add(curr); } rangeList.Add(next); } else { if (rangeList.Count != 0) { var firstRule = rangeList.First(); var startIP = firstRule.StartIP; var endIP = rangeList.Last().EndIP; var maskedRange = new List<uint[]>(); if (!FwOutRule.GetMaskedIPRange(startIP, endIP, out maskedRange)) { throw new Exception("GetMaskedIPRange failed"); } if (maskedRange.Count == 0 || maskedRange.Count >= rangeList.Count) { // nothing to optimize rangeList.Clear(); continue; } try { foreach (var im in maskedRange) { var unionRule = new FwOutRule(new FwRuleText(firstRule.IPAddr), im[0], im[1]); if (!listOnly) { log.WI(string.Format("Adding new union rule for [{0}].", unionRule.RemoteAddresses)); AddFwRule(unionRule); } outr.Add(unionRule); } foreach (var or in rangeList) { if (!listOnly) RemoveFwRule(or); outr.Remove(or); } res = false; } catch (Exception ex) { log.WI("Failed to create union rule, error: " + ex.Message, false); } rangeList.Clear(); } } } return res; }
static bool MakeSubNetRules(FwOutRule rule) { if (rule.IsIPRule && !outRules.Exists(r => !r.IsIPRule && r.IsInclude(rule))) { var subnetMask = (uint)0xFFFFFF; if (outRules.Count(r => r.IsIPRule && r.IP != rule.IP && (r.IP & subnetMask) == (rule.IP & subnetMask)) > 0) { var sRule = new FwOutRule(rule); var ipBytes = rule.IPAddr.GetAddressBytes(); sRule.UpdateRemoteAddresses(sRule.IP & subnetMask, subnetMask); log.WI("Adding new rule for [" + sRule.RemoteAddresses + "]"); AddFwRule(sRule); outRules.Add(sRule); return true; } } return false; }
static bool IsRuleExists(FwOutRule rule) { if (outRules.Exists(r => r.IsInclude(rule))) { return true; } return false; }
static void LoadOutRules() { INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance( Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); List<INetFwRule> rules = new List<INetFwRule>(); foreach (var ruleObj in firewallPolicy.Rules) { if (ruleObj is INetFwRule) { rules.Add(ruleObj as INetFwRule); } } foreach (var fwRule in rules) { if (fwRule.Direction == NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT && fwRule.Name.StartsWith(AppName)) { var rule = new FwOutRule(fwRule); if (CheckRule(rule)) { outRules.Add(rule); } else { RemoveFwRule(rule); } } } }
public static IPHostEntry GetDomain(FwOutRule rule) { IPHostEntry entry = null; try { entry = Dns.GetHostEntry(rule.IPAddr); } catch (Exception ex) { log.WI(ex.Message + "[" + rule.IPStr + "]"); } if (entry == null && !rule.Text.IsIPText) { try { var text = rule.Text.Str; if (!text.Contains(Uri.SchemeDelimiter)) { text = string.Concat(Uri.UriSchemeHttp, Uri.SchemeDelimiter, text); } Uri uri = new Uri(text); var domain = uri.DnsSafeHost; if (!string.IsNullOrEmpty(domain)) { entry = new IPHostEntry() { HostName = domain, AddressList = new IPAddress[] { rule.IPAddr } }; } } catch (Exception ex) { log.WI(ex.Message); } } return entry; }
static bool CheckRule(FwOutRule rule) { return !IsRuleExists(rule) && !IsWhiteRule(rule); }