public static FirewallRule MakeBlockInetRule(ProgramList.ID id, Firewall.Directions direction, long expiration = 0)
{
FirewallRule rule = new FirewallRule(id);
rule.Name = MakeRuleName(BlockInet, expiration != 0);
rule.Grouping = RuleGroup;
rule.Action = Firewall.Actions.Block;
rule.Direction = direction;
rule.Enabled = true;
rule.RemoteAddresses = NetFunc.GetNonLocalNet();
rule.Expiration = expiration;
return(rule);
}
public void EvaluateRules(Program prog, bool apply)
{
String InetRanges = NetFunc.GetNonLocalNet();
prog.config.CurAccess = Program.Config.AccessLevels.Unconfigured;
bool StrictTest = false;
if (prog.Rules.Count > 0)
{
SortedDictionary <ProgramList.ID, RuleStat> RuleStats = new SortedDictionary <ProgramList.ID, RuleStat>();
int enabledCound = 0;
foreach (FirewallRule rule in prog.Rules.Values.ToList())
{
RuleStat Stat;
if (!RuleStats.TryGetValue(rule.mID, out Stat))
{
Stat = new RuleStat();
RuleStats.Add(rule.mID, Stat);
}
if (!rule.Enabled)
{
continue;
}
enabledCound++;
if (!IsEmptyOrStar(rule.LocalAddresses))
{
continue;
}
if (!IsEmptyOrStar(rule.LocalPorts) || !IsEmptyOrStar(rule.RemotePorts))
{
continue;
}
if (!IsEmptyOrStar(rule.IcmpTypesAndCodes))
{
continue;
}
bool AllProts = (rule.Protocol == (int)NetFunc.KnownProtocols.Any);
bool InetProts = AllProts || (rule.Protocol == (int)FirewallRule.KnownProtocols.TCP) || (rule.Protocol == (int)FirewallRule.KnownProtocols.UDP);
if (!InetProts)
{
continue;
}
if (rule.Profile != (int)Profiles.All && (rule.Profile != ((int)Profiles.Public | (int)Profiles.Private | (int)Profiles.Domain)))
{
continue;
}
if (rule.Interface != (int)Interfaces.All)
{
continue;
}
if (IsEmptyOrStar(rule.RemoteAddresses))
{
if (rule.Action == Actions.Allow && InetProts)
{
Stat.AllowAll |= ((int)rule.Direction);
}
else if (rule.Action == Actions.Block && AllProts)
{
Stat.BlockAll |= ((int)rule.Direction);
}
}
else if (rule.RemoteAddresses == InetRanges)
{
if (rule.Action == Actions.Block && AllProts)
{
Stat.BlockInet |= ((int)rule.Direction);
}
}
else if (rule.RemoteAddresses == "LocalSubnet")
{
if (rule.Action == Actions.Allow && InetProts)
{
Stat.AllowLan |= ((int)rule.Direction);
}
}
RuleStats[rule.mID] = Stat;
}
RuleStat MergedStat = RuleStats.Values.ElementAt(0);
for (int i = 1; i < RuleStats.Count; i++)
{
RuleStat Stat = RuleStats.Values.ElementAt(i);
MergedStat.AllowAll &= Stat.AllowAll;
MergedStat.BlockAll &= Stat.BlockAll;
MergedStat.AllowLan &= Stat.AllowLan;
MergedStat.BlockInet &= Stat.BlockInet;
}
if ((MergedStat.BlockAll & (int)Directions.Outboun) != 0 && (!StrictTest || (MergedStat.BlockAll & (int)Directions.Inbound) != 0))
{
prog.config.CurAccess = Program.Config.AccessLevels.BlockAccess;
}
else if ((MergedStat.AllowAll & (int)Directions.Outboun) != 0 && (!StrictTest || (MergedStat.AllowAll & (int)Directions.Inbound) != 0))
{
prog.config.CurAccess = Program.Config.AccessLevels.FullAccess;
}
else if ((MergedStat.AllowLan & (int)Directions.Outboun) != 0 && (!StrictTest || ((MergedStat.AllowLan & (int)Directions.Inbound) != 0 && (MergedStat.AllowLan & (int)Directions.Inbound) != 0)))
{
prog.config.CurAccess = Program.Config.AccessLevels.LocalOnly;
}
else if (enabledCound > 0)
{
prog.config.CurAccess = Program.Config.AccessLevels.CustomConfig;
}
}
if (!apply || prog.config.NetAccess == Program.Config.AccessLevels.Unconfigured || prog.config.NetAccess == Program.Config.AccessLevels.CustomConfig)
{
return;
}
if (prog.config.NetAccess == prog.config.CurAccess)
{
return;
}
if (prog.config.NetAccess != Program.Config.AccessLevels.CustomConfig)
{
DisableUserRules(prog);
}
ClearPrivRules(prog);
foreach (ProgramList.ID id in prog.IDs)
{
for (int i = 1; i <= 2; i++)
{
Directions direction = (Directions)i;
switch (prog.config.NetAccess)
{
case Program.Config.AccessLevels.FullAccess:
// add and enable allow all rule
UpdateRule(FirewallRule.MakeAllowRule(id, direction), true);
break;
case Program.Config.AccessLevels.LocalOnly:
// create block rule only of we operate in blacklist mode
//if (GetFilteringMode() == FilteringModes.BlackList)
//{
//add and enable block rules for the internet
UpdateRule(FirewallRule.MakeBlockInetRule(id, direction), true);
//}
//add and enable allow rules for the lan
UpdateRule(FirewallRule.MakeAllowLanRule(id, direction), true);
break;
case Program.Config.AccessLevels.BlockAccess:
// add and enable broad block rules
UpdateRule(FirewallRule.MakeBlockRule(id, direction), true);
break;
}
}
}
prog.config.CurAccess = prog.config.NetAccess;
App.engine.NotifyChange(prog);
}