public void CheckForExpiredRules(FirewallRule[] rules) { Log.Debug("Check for expired rules"); INetFwPolicy2 fwPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); var temporaryRules = fwPolicy .Rules .OfType <INetFwRule>() .Where(r => r.Name.StartsWith(Constants.TcpRulePrefix)) .ToList(); foreach (var rule in temporaryRules) { if (DateTimeEncodingHelper.TryParse(rule.Name, out var dateTime)) { //Indeed this is a rule made by this tool, check for exipiration if (DateTime.UtcNow.Subtract(dateTime).TotalSeconds > 0) { Log.Information("About to remove rule {name} because it is expired", rule.Name); fwPolicy.Rules.Remove(rule.Name); } } } //now check for other rules that allows traffic on that port var allTcpRules = fwPolicy .Rules .OfType <INetFwRule>() .Where(r => r.InterfaceTypes == "All" || r.InterfaceTypes == "Tcp") .ToList(); var controlledTcpPorts = rules.Select(r => r.TcpPort).ToList(); foreach (var tcpRule in allTcpRules) { if (PortRangeHelper.RangeContainsPort(tcpRule.LocalPorts, controlledTcpPorts)) { //lets only one custom port to exists if (!tcpRule.Name.StartsWith(Constants.SealRulePrefix)) { Log.Information("About to remove rule {name} because it is based on a controlled port", tcpRule.Name); fwPolicy.Rules.Remove(tcpRule.Name); } } } }
/// <summary> /// This is slightly different from <see cref="ApplyUdpRules(FirewallRule[])"/> but it /// could be made equal. /// should be expired. /// </summary> /// <param name="rules"></param> public void ApplyBasicTcpRules(FirewallRule[] rules) { var ports = rules.Select(r => r.TcpPort).ToArray(); var portRanges = PortRangeHelper.GetRangeExclusive(ports); //now get already existing rules. var allStaticTcpRule = SearchFirewallRules() .Where(r => r.Name.StartsWith(Constants.TcpStaticPrefix)); INetFwPolicy2 fwPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); //we need to create other rules, and be 100% sure that only new rules for udp are created var newRules = portRanges .Select(range => new { Name = $"{Constants.TcpStaticPrefix}_{range.LowerPortInclusive}_{range.UpperPortInclusive}", Range = range }) .ToList(); var rulesToRemove = allStaticTcpRule.Where(r => !newRules.Any(nr => nr.Name == r.Name)).ToList(); foreach (var ruleToRemove in rulesToRemove) { fwPolicy.Rules.Remove(ruleToRemove.Name); } var rulesToAdd = newRules.Where(r => !allStaticTcpRule.Any(ur => ur.Name == r.Name)).ToList(); foreach (var ruleToAdd in rulesToAdd) { INetFwRule firewallRule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule")); firewallRule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK; firewallRule.Description = "Created by StupidFirewallManager"; firewallRule.Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP; firewallRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN; // inbound firewallRule.Enabled = true; firewallRule.InterfaceTypes = "All"; firewallRule.RemoteAddresses = "*"; // add more blocks comma separated firewallRule.LocalAddresses = "*"; firewallRule.Name = ruleToAdd.Name; firewallRule.LocalPorts = $"{ruleToAdd.Range.LowerPortInclusive}-{ruleToAdd.Range.UpperPortInclusive}"; fwPolicy.Rules.Add(firewallRule); } }