public void EvaluateRules(ProgramSet progSet, bool StrictTest = false)
{
String InetRanges = FirewallRule.AddrKeywordIntErnet;
if (UwpFunc.IsWindows7OrLower)
{
InetRanges = FirewallRule.GetSpecialNet(InetRanges);
}
progSet.config.CurAccess = ProgramSet.Config.AccessLevels.Unconfigured;
SortedDictionary <ProgramID, RuleStat> RuleStats = new SortedDictionary <ProgramID, RuleStat>();
int enabledCound = 0;
foreach (Program prog in progSet.Programs.Values)
{
RuleStat Stat = new RuleStat();
foreach (FirewallRule rule in prog.Rules.Values)
{
if (!rule.Enabled)
{
continue;
}
enabledCound++;
if (!FirewallRule.IsEmptyOrStar(rule.LocalAddresses))
{
continue;
}
if (!FirewallRule.IsEmptyOrStar(rule.LocalPorts) || !FirewallRule.IsEmptyOrStar(rule.RemotePorts))
{
continue;
}
if (rule.IcmpTypesAndCodes != null && rule.IcmpTypesAndCodes.Length > 0)
{
continue;
}
bool AllProts = (rule.Protocol == (int)NetFunc.KnownProtocols.Any);
bool InetProts = AllProts || (rule.Protocol == (int)FirewallRule.KnownProtocols.TCP) || (rule.Protocol == (int)FirewallRule.KnownProtocols.UDP);
if (!InetProts)
{
continue;
}
if (rule.Profile != (int)FirewallRule.Profiles.All && (rule.Profile != ((int)FirewallRule.Profiles.Public | (int)FirewallRule.Profiles.Private | (int)FirewallRule.Profiles.Domain)))
{
continue;
}
if (rule.Interface != (int)FirewallRule.Interfaces.All)
{
continue;
}
if (FirewallRule.IsEmptyOrStar(rule.RemoteAddresses))
{
if (rule.Action == FirewallRule.Actions.Allow && InetProts)
{
Stat.AllowAll |= ((int)rule.Direction);
}
else if (rule.Action == FirewallRule.Actions.Block && AllProts)
{
Stat.BlockAll |= ((int)rule.Direction);
}
}
else if (rule.RemoteAddresses == InetRanges)
{
if (rule.Action == FirewallRule.Actions.Block && AllProts)
{
Stat.BlockInet |= ((int)rule.Direction);
}
}
else if (rule.RemoteAddresses == FirewallRule.AddrKeywordLocalSubnet)
{
if (rule.Action == FirewallRule.Actions.Allow && InetProts)
{
Stat.AllowLan |= ((int)rule.Direction);
}
}
}
RuleStats.Add(prog.ID, Stat);
}
if (RuleStats.Count == 0 || enabledCound == 0)
{
return;
}
RuleStat MergedStat = RuleStats.Values.First();
for (int i = 1; i < RuleStats.Count; i++)
{
RuleStat Stat = RuleStats.Values.ElementAt(i);
MergedStat.AllowAll &= Stat.AllowAll;
MergedStat.BlockAll &= Stat.BlockAll;
MergedStat.AllowLan &= Stat.AllowLan;
MergedStat.BlockInet &= Stat.BlockInet;
}
if ((MergedStat.BlockAll & (int)FirewallRule.Directions.Outboun) != 0 && (!StrictTest || (MergedStat.BlockAll & (int)FirewallRule.Directions.Inbound) != 0))
{
progSet.config.CurAccess = ProgramSet.Config.AccessLevels.BlockAccess;
}
else if ((MergedStat.AllowAll & (int)FirewallRule.Directions.Outboun) != 0 && (!StrictTest || (MergedStat.AllowAll & (int)FirewallRule.Directions.Inbound) != 0))
{
progSet.config.CurAccess = ProgramSet.Config.AccessLevels.FullAccess;
}
else if ((MergedStat.AllowLan & (int)FirewallRule.Directions.Outboun) != 0 && (!StrictTest || ((MergedStat.AllowLan & (int)FirewallRule.Directions.Inbound) != 0 && (MergedStat.AllowLan & (int)FirewallRule.Directions.Inbound) != 0)))
{
progSet.config.CurAccess = ProgramSet.Config.AccessLevels.LocalOnly;
}
else if (enabledCound > 0)
{
progSet.config.CurAccess = ProgramSet.Config.AccessLevels.CustomConfig;
}
}
public void ApplyRules(ProgramSet progSet, UInt64 expiration = 0)
{
EvaluateRules(progSet, true);
if (progSet.config.NetAccess == ProgramSet.Config.AccessLevels.Unconfigured || progSet.config.NetAccess == ProgramSet.Config.AccessLevels.CustomConfig)
{
return;
}
if (progSet.config.NetAccess == progSet.config.CurAccess)
{
return;
}
foreach (Program prog in progSet.Programs.Values)
{
ClearRules(prog, progSet.config.NetAccess != ProgramSet.Config.AccessLevels.CustomConfig);
for (int i = 1; i <= 2; i++)
{
FirewallRule.Directions direction = (FirewallRule.Directions)i;
switch (progSet.config.NetAccess)
{
case ProgramSet.Config.AccessLevels.FullAccess:
{
// add and enable allow all rule
FirewallRule rule = new FirewallRule(prog.ID);
rule.Name = MakeRuleName(AllowAllName, expiration != 0, prog.Description);
rule.Grouping = RuleGroup;
rule.Action = FirewallRule.Actions.Allow;
rule.Direction = direction;
rule.Enabled = true;
ApplyRule(prog, rule, expiration);
break;
}
case ProgramSet.Config.AccessLevels.LocalOnly:
{
// create block rule only of we operate in blacklist mode
//if (GetFilteringMode() == FilteringModes.BlackList)
//{
//add and enable block rules for the internet
FirewallRule rule1 = new FirewallRule(prog.ID);
rule1.Name = MakeRuleName(BlockInet, expiration != 0, prog.Description);
rule1.Grouping = RuleGroup;
rule1.Action = FirewallRule.Actions.Block;
rule1.Direction = direction;
rule1.Enabled = true;
if (UwpFunc.IsWindows7OrLower)
{
rule1.RemoteAddresses = FirewallRule.GetSpecialNet(FirewallRule.AddrKeywordIntErnet);
}
else
{
rule1.RemoteAddresses = FirewallRule.AddrKeywordIntErnet;
}
ApplyRule(prog, rule1, expiration);
//}
//add and enable allow rules for the lan
FirewallRule rule2 = new FirewallRule(prog.ID);
rule2.Name = MakeRuleName(AllowLan, expiration != 0, prog.Description);
rule2.Grouping = RuleGroup;
rule2.Action = FirewallRule.Actions.Allow;
rule2.Direction = direction;
rule2.Enabled = true;
//rule.RemoteAddresses = FirewallRule.GetSpecialNet(FirewallRule.AddrKeywordLocalSubnet);
rule2.RemoteAddresses = FirewallRule.AddrKeywordLocalSubnet;
ApplyRule(prog, rule2, expiration);
break;
}
case ProgramSet.Config.AccessLevels.BlockAccess:
{
// add and enable broad block rules
FirewallRule rule = new FirewallRule(prog.ID);
rule.Name = MakeRuleName(BlockAllName, expiration != 0, prog.Description);
rule.Grouping = RuleGroup;
rule.Action = FirewallRule.Actions.Block;
rule.Direction = direction;
rule.Enabled = true;
ApplyRule(prog, rule, expiration);
break;
}
}
}
}
progSet.config.CurAccess = progSet.config.NetAccess;
App.engine.OnRulesChanged(progSet);
}
