public override Task <bool> AllowIPAddresses(string ruleNamePrefix, IEnumerable <IPAddressRange> ipAddresses, IEnumerable <PortRange> allowedPorts = null, CancellationToken cancelToken = default)
{
var allowedIPList = ipAddresses.Select(i => IPAddressRange.Parse(i)).ToList();
var allowedPortList = allowedPorts?.ToList();
lock (this)
{
allowRuleRanges[ruleNamePrefix] = new MemoryFirewallRuleRanges(allowedIPList, allowedPortList, false);
}
return(Task.FromResult <bool>(true));
}
public static bool TryParse(string ipRangeString, out IPAddressRange ipRange)
{
try
{
ipRange = IPAddressRange.Parse(ipRangeString);
return(true);
}
catch (Exception)
{
ipRange = null;
return(false);
}
}
private static bool IpAddressIsInRange(string ipAddress, string ipRange)
{
try
{
IPAddressRange range = IPAddressRange.Parse(ipRange);
return(range.Contains(IPAddress.Parse(ipAddress)));
/*
* string[] parts = ipRange.Split('/');
* int IP_addr = BitConverter.ToInt32(IPAddress.Parse(parts[0]).GetAddressBytes(), 0);
* int CIDR_addr = BitConverter.ToInt32(IPAddress.Parse(ipAddress).GetAddressBytes(), 0);
* int CIDR_mask = IPAddress.HostToNetworkOrder(-1 << (32 - int.Parse(parts[1])));
* return ((IP_addr & CIDR_mask) == (CIDR_addr & CIDR_mask));
*/
}
catch
{
return(false);
}
}
private void ParseFirewallBlockRules()
{
string firewallBlockRuleString = null;
GetConfig <string>("FirewallRules", ref firewallBlockRuleString);
firewallBlockRuleString = (firewallBlockRuleString ?? string.Empty).Trim();
if (firewallBlockRuleString.Length == 0)
{
return;
}
IEnumerable <string> firewallBlockRuleList = firewallBlockRuleString.Trim().Split('\n').Select(s => s.Trim()).Where(s => s.Length != 0);
foreach (string firewallBlockRule in firewallBlockRuleList)
{
string[] pieces = firewallBlockRule.Split(';');
if (pieces.Length == 5)
{
IPBanFirewallRule firewallBlockRuleObj = new IPBanFirewallRule
{
Block = (pieces[1].Equals("block", StringComparison.OrdinalIgnoreCase)),
IPAddressRanges = pieces[2].Split(',').Select(p => IPAddressRange.Parse(p)).ToList(),
Name = "EXTRA_" + pieces[0].Trim(),
AllowPortRanges = pieces[3].Split(',').Select(p => PortRange.Parse(p)).Where(p => p.MinPort >= 0).ToList(),
PlatformRegex = new Regex(pieces[4].Replace('*', '.'), RegexOptions.IgnoreCase | RegexOptions.CultureInvariant)
};
if (firewallBlockRuleObj.PlatformRegex.IsMatch(OSUtility.Name))
{
extraRules.Add(firewallBlockRuleObj);
}
}
else
{
Logger.Warn("Firewall block rule entry should have 3 comma separated pieces: name;ips;ports. Invalid entry: {0}", firewallBlockRule);
}
}
}
public bool IsIPAddressBlocked(string ipAddress, out string ruleName, int port = -1)
{
ruleName = null;
try
{
lock (policy)
{
for (int i = 0; ; i += MaxIpAddressesPerRule)
{
string firewallRuleName = BlockRulePrefix + i.ToString(CultureInfo.InvariantCulture);
try
{
INetFwRule rule = policy.Rules.Item(firewallRuleName);
if (rule is null)
{
// no more rules to check
break;
}
else
{
HashSet <string> set = new HashSet <string>(rule.RemoteAddresses.Split(',').Select(i2 => IPAddressRange.Parse(i2).Begin.ToString()));
if (set.Contains(ipAddress))
{
ruleName = firewallRuleName;
return(true);
}
}
}
catch
{
// no more rules to check
break;
}
}
}
}
catch (Exception ex)
{
Logger.Error(ex);
}
return(false);
}
