public void RemoveAllRules() { lock (m_rules) { foreach (WfpItem item in m_rules.Values) { Wfp.RemoveItem(item); } m_rules.Clear(); } }
/* * public override void OnRecoveryLoad(XmlElement root) * { * base.OnRecoveryLoad(root); * * if (root.HasAttribute("ids")) * { * string list = root.GetAttribute("ids"); * string[] ids = list.Split(';'); * foreach(string id in ids) * { * ulong nid; * if(ulong.TryParse(id, out nid)) * Wfp.RemoveItemId(nid); * } * } * } * * public override void OnRecoverySave(XmlElement root) * { * base.OnRecoverySave(root); * * lock (m_rules) * { * string list = ""; * foreach (WfpItem item in m_rules.Values) * { * foreach (ulong id in item.FirewallIds) * list += id.ToString() + ";"; * } * root.SetAttributeNode("ids", list); * } * } */ public void AddRule(string code, XmlElement xmlRule) { lock (m_rules) { if (m_rules.ContainsKey(code)) { throw new Exception("Unexpected: NetLock WFP rule '" + code + "' already exists"); } WfpItem item = Wfp.AddItem(code, xmlRule); m_rules[code] = item; } }
public override void AllowInterface(string id) { base.AllowInterface(id); AddRule("netlock_allow_interface_" + id + "_ipv4", Wfp.CreateItemAllowInterface("NetLock - Interface - Allow " + id + " - IPv4", id, "ipv4")); /* * // TOFIX: Must be enabled in future when IPv6 support is well tested. * // Remember: May fail at WFP side with a "Unknown interface" because network interface with IPv6 disabled have Ipv6IfIndex == 0. * if (Engine.Instance.Storage.GetLower("ipv6.mode") != "disable") * AddRule("netlock_allow_interface_" + id + "_ipv6", Wfp.CreateItemAllowInterface("NetLock - Interface - Allow " + id + " - IPv6", id, "ipv6")); */ }
public void RemoveRule(string code) { lock (m_rules) { if (m_rules.ContainsKey(code) == false) { return; } //throw new Exception("Unexpected: NetLock WFP rule '" + code + "' doesn't exists"); WfpItem item = m_rules[code]; m_rules.Remove(code); Wfp.RemoveItem(item); } }
public override void AllowInterface(string id) { base.AllowInterface(id); Json jInfo = Engine.Instance.FindNetworkInterfaceInfo(id); // Remember: Fail at WFP side with a "Unknown interface" if the network interface have IPv4 or IPv6 disabled (Ipv6IfIndex == 0). if ((jInfo != null) && (jInfo.HasKey("support_ipv4")) && (Conversions.ToBool(jInfo["support_ipv4"].Value))) { AddRule("netlock_allow_interface_" + id + "_ipv4", Wfp.CreateItemAllowInterface("NetLock - Interface - Allow " + id + " - IPv4", id, "ipv4")); } if ((jInfo != null) && (jInfo.HasKey("support_ipv6")) && (Conversions.ToBool(jInfo["support_ipv6"].Value))) { AddRule("netlock_allow_interface_" + id + "_ipv6", Wfp.CreateItemAllowInterface("NetLock - Interface - Allow " + id + " - IPv6", id, "ipv6")); } }
public override void Activation() { base.Activation(); // Block All if (Engine.Instance.Storage.Get("netlock.incoming") == "block") { XmlDocument xmlDocRule = new XmlDocument(); XmlElement xmlRule = xmlDocRule.CreateElement("rule"); xmlRule.SetAttribute("name", "NetLock - In - Block All"); xmlRule.SetAttribute("layer", "all-in"); xmlRule.SetAttribute("action", "block"); AddRule("netlock_in_block_all", xmlRule); } if (Engine.Instance.Storage.Get("netlock.outgoing") == "block") { XmlDocument xmlDocRule = new XmlDocument(); XmlElement xmlRule = xmlDocRule.CreateElement("rule"); xmlRule.SetAttribute("name", "NetLock - Out - Block All"); xmlRule.SetAttribute("layer", "all-out"); xmlRule.SetAttribute("action", "block"); AddRule("netlock_out_block_all", xmlRule); } // Allow Eddie / OpenVPN / Stunnel / Plink AddRule("netlock_allow_eddie", Wfp.CreateItemAllowProgram("NetLock - Allow Eddie", Platform.Instance.GetExecutablePath())); if (Engine.Instance.Storage.GetLower("proxy.mode") == "tor") { string path = TorControl.GetTorExecutablePath(); if (path != "") { AddRule("netlock_allow_tor", Wfp.CreateItemAllowProgram("NetLock - Allow Tor", path)); } } // Allow loopback { XmlDocument xmlDocRule = new XmlDocument(); XmlElement xmlRule = xmlDocRule.CreateElement("rule"); xmlRule.SetAttribute("name", "NetLock - Allow loopback"); xmlRule.SetAttribute("layer", "all"); xmlRule.SetAttribute("action", "permit"); XmlElement XmlIf1 = xmlDocRule.CreateElement("if"); xmlRule.AppendChild(XmlIf1); XmlIf1.SetAttribute("field", "ip_local_interface"); XmlIf1.SetAttribute("match", "equal"); XmlIf1.SetAttribute("interface", "loopback"); AddRule("netlock_allow_loopback", xmlRule); } if (Engine.Instance.Storage.GetBool("netlock.allow_ping") == true) { // Allow ICMP { XmlDocument xmlDocRule = new XmlDocument(); XmlElement xmlRule = xmlDocRule.CreateElement("rule"); xmlRule.SetAttribute("name", "NetLock - Allow ICMP"); xmlRule.SetAttribute("layer", "all"); xmlRule.SetAttribute("action", "permit"); XmlElement XmlIf1 = xmlDocRule.CreateElement("if"); xmlRule.AppendChild(XmlIf1); XmlIf1.SetAttribute("field", "ip_protocol"); XmlIf1.SetAttribute("match", "equal"); XmlIf1.SetAttribute("protocol", "icmp"); AddRule("netlock_allow_icmp", xmlRule); } } if (Engine.Instance.Storage.GetBool("netlock.allow_private") == true) { AddRule("netlock_allow_ipv4_local1", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Local Subnet 1 - IPv4", new IpAddress("192.168.0.0/255.255.0.0"))); AddRule("netlock_allow_ipv4_local2", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Local Subnet 2 - IPv4", new IpAddress("172.16.0.0/255.240.0.0"))); AddRule("netlock_allow_ipv4_local3", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Local Subnet 3 - IPv4", new IpAddress("10.0.0.0/255.0.0.0"))); AddRule("netlock_allow_ipv4_multicast", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Multicast - IPv4", new IpAddress("224.0.0.0/255.255.255.0"))); AddRule("netlock_allow_ipv4_ssdp", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Simple Service Discovery Protocol address", new IpAddress("239.255.255.250/255.255.255.255"))); AddRule("netlock_allow_ipv4_slp", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Service Location Protocol", new IpAddress("239.255.255.253/255.255.255.255"))); } // Without this, Windows stay in 'Identifying network...' and OpenVPN in 'Waiting TUN to come up'. // Note 2018: don't occur in Win10? if (Engine.Instance.Storage.GetBool("netlock.allow_dhcp") == true) { XmlDocument xmlDocRule = new XmlDocument(); XmlElement xmlRule = xmlDocRule.CreateElement("rule"); xmlRule.SetAttribute("name", "NetLock - Allow DHCP"); xmlRule.SetAttribute("layer", "all"); xmlRule.SetAttribute("action", "permit"); XmlElement XmlIf1 = xmlDocRule.CreateElement("if"); xmlRule.AppendChild(XmlIf1); XmlIf1.SetAttribute("field", "ip_protocol"); XmlIf1.SetAttribute("match", "equal"); XmlIf1.SetAttribute("protocol", "udp"); XmlElement XmlIf2 = xmlDocRule.CreateElement("if"); xmlRule.AppendChild(XmlIf2); XmlIf2.SetAttribute("field", "ip_local_port"); XmlIf2.SetAttribute("match", "equal"); XmlIf2.SetAttribute("port", "68"); XmlElement XmlIf3 = xmlDocRule.CreateElement("if"); xmlRule.AppendChild(XmlIf3); XmlIf3.SetAttribute("field", "ip_remote_port"); XmlIf3.SetAttribute("match", "equal"); XmlIf3.SetAttribute("port", "67"); AddRule("netlock_allow_dhcp", xmlRule); } OnUpdateIps(); }
public override void AllowProgram(string path, string name, string guid) { base.AllowProgram(path, name, guid); AddRule("netlock_allow_program_" + guid, Wfp.CreateItemAllowProgram("NetLock - Program - Allow " + name, path)); }