public FirewallRule.Actions LookupRuleAction(FirewallEvent FwEvent, NetworkMonitor.AdapterInfo NicInfo)
{
int BlockRules = 0;
int AllowRules = 0;
foreach (FirewallRuleEx rule in Rules.Values)
{
if (!rule.Enabled)
{
continue;
}
if (rule.Direction != FwEvent.Direction)
{
continue;
}
if (rule.Protocol != (int)NetFunc.KnownProtocols.Any && FwEvent.Protocol != rule.Protocol)
{
continue;
}
if (((int)NicInfo.Profile & rule.Profile) == 0)
{
continue;
}
if (rule.Interface != (int)FirewallRule.Interfaces.All && (int)NicInfo.Type != rule.Interface)
{
continue;
}
if (!FirewallManager.MatchEndpoint(rule.RemoteAddresses, rule.RemotePorts, FwEvent.RemoteAddress, FwEvent.RemotePort, NicInfo))
{
continue;
}
if (!FirewallManager.MatchEndpoint(rule.LocalAddresses, rule.LocalPorts, FwEvent.RemoteAddress, FwEvent.RemotePort, NicInfo))
{
continue;
}
rule.HitCount++;
if (rule.Action == FirewallRule.Actions.Allow)
{
AllowRules++;
}
else if (rule.Action == FirewallRule.Actions.Block)
{
BlockRules++;
}
}
// Note: block rules take precedence
if (BlockRules > 0)
{
return(FirewallRule.Actions.Block);
}
if (AllowRules > 0)
{
return(FirewallRule.Actions.Allow);
}
return(FirewallRule.Actions.Undefined);
}
public static bool MatchAddress(IPAddress Address, string strRanges, NetworkMonitor.AdapterInfo NicInfo = null)
{
int type = Address.GetAddressBytes().Length == 4 ? 4 : 6;
BigInteger numIP = NetFunc.IpToInt(Address);
foreach (string range in strRanges.Split(','))
{
string[] strTemp = range.Split('-');
if (strTemp.Length == 1)
{
if (strTemp[0].Contains("/")) // ip/net
{
string[] strTemp2 = strTemp[0].Split('/');
int temp;
BigInteger num1 = NetFunc.IpStrToInt(strTemp2[0], out temp);
int pow = MiscFunc.parseInt(strTemp2[1]);
BigInteger num2 = num1 + BigInteger.Pow(new BigInteger(2), pow);
if (type == temp && num1 <= numIP && numIP <= num2)
{
return(true);
}
}
else
{
string Addresses = GetSpecialNet(strTemp[0].Trim(), NicInfo);
if (Addresses != null)
{
if (Addresses.Length > 0)
{
return(MatchAddress(Address, Addresses));
}
}
else
{
int temp;
BigInteger num1 = NetFunc.IpStrToInt(strTemp[0], out temp);
if (type == temp && num1 == numIP)
{
return(true);
}
}
}
}
else if (strTemp.Length == 2)
{
int temp;
BigInteger num1 = NetFunc.IpStrToInt(strTemp[0], out temp);
BigInteger num2 = NetFunc.IpStrToInt(strTemp[1], out temp);
if (type == temp && num1 <= numIP && numIP <= num2)
{
return(true);
}
}
}
return(false);
}
public FirewallRule.Actions LookupRuleAction(FirewallEvent FwEvent, NetworkMonitor.AdapterInfo NicInfo)
{
// Note: FwProfile should have only one bit set, but just in case we can haldnel more than one, but not accurately
int BlockRules = 0;
int AllowRules = 0;
for (int i = 0; i < FwProfiles.Length; i++)
{
if (((int)NicInfo.Profile & (int)FwProfiles[i]) == 0)
{
continue;
}
switch (FwEvent.Direction)
{
case FirewallRule.Directions.Inbound:
if (GetBlockAllInboundTraffic(FwProfiles[i]))
{
BlockRules++;
}
else
{
switch (GetDefaultInboundAction(FwProfiles[i]))
{
case FirewallRule.Actions.Allow: AllowRules++; break;
case FirewallRule.Actions.Block: BlockRules++; break;
}
}
break;
case FirewallRule.Directions.Outbound:
switch (GetDefaultOutboundAction(FwProfiles[i]))
{
case FirewallRule.Actions.Allow: AllowRules++; break;
case FirewallRule.Actions.Block: BlockRules++; break;
}
break;
}
}
// Note: block rules take precedence
if (BlockRules > 0)
{
return(FirewallRule.Actions.Block);
}
if (AllowRules > 0)
{
return(FirewallRule.Actions.Allow);
}
return(FirewallRule.Actions.Undefined);
}
public static string GetSpecialNet(string SubNet, NetworkMonitor.AdapterInfo NicInfo = null)
{
List <string> IpRanges = new List <string>();
if (SubNet.Equals(FirewallRule.AddrKeywordLocalSubnet, StringComparison.OrdinalIgnoreCase) || SubNet.Equals(FirewallRule.AddrKeywordIntrAnet, StringComparison.OrdinalIgnoreCase))
{
// todo: ceate the list base on NicInfo.Addresses
// IPv4
IpRanges.Add("10.0.0.0-10.255.255.255");
IpRanges.Add("127.0.0.0-127.255.255.255"); // localhost
IpRanges.Add("172.16.0.0-172.31.255.255");
IpRanges.Add("192.168.0.0-192.168.255.255");
IpRanges.Add("224.0.0.0-239.255.255.255"); // multicast
// IPv6
IpRanges.Add("::1"); // localhost
IpRanges.Add("fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"); // Unique local address
IpRanges.Add("fe80::-fe80::ffff:ffff:ffff:ffff"); //IpRanges.Add("fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff"); // Link-local address
IpRanges.Add("ff00::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff"); // multicast
}
else if (SubNet.Equals(FirewallRule.AddrKeywordIntErnet, StringComparison.OrdinalIgnoreCase))
{
// todo: ceate the list base on NicInfo.Addresses
// IPv4
IpRanges.Add("0.0.0.0-9.255.255.255");
// 10.0.0.0 - 10.255.255.255
IpRanges.Add("11.0.0.0-126.255.255.255");
// 127.0.0.0 - 127.255.255.255 // localhost
IpRanges.Add("128.0.0.0-172.15.255.255");
// 172.16.0.0 - 172.31.255.255
IpRanges.Add("172.32.0.0-192.167.255.255");
// 192.168.0.0 - 192.168.255.255
IpRanges.Add("192.169.0.0-223.255.255.255");
// 224.0.0.0-239.255.255.255 // multicast
IpRanges.Add("240.0.0.0-255.255.255.255");
// ipv6
//"::1" // localhost
IpRanges.Add("::2-fc00::");
//"fc00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" // Unique local address
IpRanges.Add("fc00::ffff:ffff:ffff:ffff-fe80::");
//"fe80::-fe80::ffff:ffff:ffff:ffff" // fe80::-febf:ffff:ffff:ffff:ffff:ffff:ffff:ffff // Link-local address
IpRanges.Add("fe80::ffff:ffff:ffff:ffff-ff00::");
//"ff00::-ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff" // multicast
}
else if (SubNet.Equals(FirewallRule.AddrKeywordDNS, StringComparison.OrdinalIgnoreCase))
{
IpRanges = CopyStrIPs(NicInfo?.DnsAddresses);
}
else if (SubNet.Equals(FirewallRule.AddrKeywordDHCP, StringComparison.OrdinalIgnoreCase))
{
IpRanges = CopyStrIPs(NicInfo?.DhcpServerAddresses);
}
else if (SubNet.Equals(FirewallRule.AddrKeywordWINS, StringComparison.OrdinalIgnoreCase))
{
IpRanges = CopyStrIPs(NicInfo?.WinsServersAddresses);
}
else if (SubNet.Equals(FirewallRule.AddrKeywordDefaultGateway, StringComparison.OrdinalIgnoreCase))
{
IpRanges = CopyStrIPs(NicInfo?.GatewayAddresses);
}
else if (SubNet.Equals(FirewallRule.AddrKeywordRmtIntrAnet, StringComparison.OrdinalIgnoreCase) ||
SubNet.Equals(FirewallRule.AddrKeywordPly2Renders, StringComparison.OrdinalIgnoreCase) ||
SubNet.Equals(FirewallRule.AddrKeywordCaptivePortal, StringComparison.OrdinalIgnoreCase))
{
; // todo:
}
else
{
return(null);
}
return(string.Join(",", IpRanges.ToArray()));
}
public static bool MatchEndpoint(string Addresses, string Ports, IPAddress Address, UInt16 Port, NetworkMonitor.AdapterInfo NicInfo = null)
{
if (!FirewallRule.IsEmptyOrStar(Ports) && !MatchPort(Port, Ports))
{
return(false);
}
if (Address != null && !FirewallRule.IsEmptyOrStar(Addresses) && !MatchAddress(Address, Addresses, NicInfo))
{
return(false);
}
return(true);
}