public override void Activation()
{
base.Activation();
// Block All
if (Engine.Instance.Storage.Get("netlock.incoming") == "block")
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "NetLock - In - Block All");
xmlRule.SetAttribute("layer", "all-in");
xmlRule.SetAttribute("action", "block");
AddRule("netlock_in_block_all", xmlRule);
}
if (Engine.Instance.Storage.Get("netlock.outgoing") == "block")
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "NetLock - Out - Block All");
xmlRule.SetAttribute("layer", "all-out");
xmlRule.SetAttribute("action", "block");
AddRule("netlock_out_block_all", xmlRule);
}
// Allow Eddie / OpenVPN / Stunnel / Plink
AddRule("netlock_allow_eddie", Wfp.CreateItemAllowProgram("NetLock - Allow Eddie", Platform.Instance.GetExecutablePath()));
if (Engine.Instance.Storage.GetLower("proxy.mode") == "tor")
{
string path = TorControl.GetTorExecutablePath();
if (path != "")
{
AddRule("netlock_allow_tor", Wfp.CreateItemAllowProgram("NetLock - Allow Tor", path));
}
}
// Allow loopback
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "NetLock - Allow loopback");
xmlRule.SetAttribute("layer", "all");
xmlRule.SetAttribute("action", "permit");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_local_interface");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("interface", "loopback");
AddRule("netlock_allow_loopback", xmlRule);
}
if (Engine.Instance.Storage.GetBool("netlock.allow_ping") == true)
{
// Allow ICMP
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "NetLock - Allow ICMP");
xmlRule.SetAttribute("layer", "all");
xmlRule.SetAttribute("action", "permit");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_protocol");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("protocol", "icmp");
AddRule("netlock_allow_icmp", xmlRule);
}
}
if (Engine.Instance.Storage.GetBool("netlock.allow_private") == true)
{
AddRule("netlock_allow_ipv4_local1", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Local Subnet 1 - IPv4", new IpAddress("192.168.0.0/255.255.0.0")));
AddRule("netlock_allow_ipv4_local2", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Local Subnet 2 - IPv4", new IpAddress("172.16.0.0/255.240.0.0")));
AddRule("netlock_allow_ipv4_local3", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Local Subnet 3 - IPv4", new IpAddress("10.0.0.0/255.0.0.0")));
AddRule("netlock_allow_ipv4_multicast", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Multicast - IPv4", new IpAddress("224.0.0.0/255.255.255.0")));
AddRule("netlock_allow_ipv4_ssdp", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Simple Service Discovery Protocol address", new IpAddress("239.255.255.250/255.255.255.255")));
AddRule("netlock_allow_ipv4_slp", Wfp.CreateItemAllowAddress("NetLock - Private - Allow Service Location Protocol", new IpAddress("239.255.255.253/255.255.255.255")));
}
// Without this, Windows stay in 'Identifying network...' and OpenVPN in 'Waiting TUN to come up'. // Note 2018: don't occur in Win10?
if (Engine.Instance.Storage.GetBool("netlock.allow_dhcp") == true)
{
XmlDocument xmlDocRule = new XmlDocument();
XmlElement xmlRule = xmlDocRule.CreateElement("rule");
xmlRule.SetAttribute("name", "NetLock - Allow DHCP");
xmlRule.SetAttribute("layer", "all");
xmlRule.SetAttribute("action", "permit");
XmlElement XmlIf1 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf1);
XmlIf1.SetAttribute("field", "ip_protocol");
XmlIf1.SetAttribute("match", "equal");
XmlIf1.SetAttribute("protocol", "udp");
XmlElement XmlIf2 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf2);
XmlIf2.SetAttribute("field", "ip_local_port");
XmlIf2.SetAttribute("match", "equal");
XmlIf2.SetAttribute("port", "68");
XmlElement XmlIf3 = xmlDocRule.CreateElement("if");
xmlRule.AppendChild(XmlIf3);
XmlIf3.SetAttribute("field", "ip_remote_port");
XmlIf3.SetAttribute("match", "equal");
XmlIf3.SetAttribute("port", "67");
AddRule("netlock_allow_dhcp", xmlRule);
}
OnUpdateIps();
}
public override void AllowProgram(string path, string name, string guid)
{
base.AllowProgram(path, name, guid);
AddRule("netlock_allow_program_" + guid, Wfp.CreateItemAllowProgram("NetLock - Program - Allow " + name, path));
}