private void UpdateBannedIPAddressesOnStart()
{
if (updateBannedIPAddressesOnStartCalled)
{
return;
}
updateBannedIPAddressesOnStartCalled = true;
if (Config.ClearBannedIPAddressesOnRestart)
{
Logger.Warn("Clearing all banned ip addresses on start because ClearBannedIPAddressesOnRestart is set");
Firewall.Truncate();
ipDB.Truncate(true);
}
else
{
DateTime now = UtcNow;
DateTime banEnd = now + Config.BanTimes.First();
Logger.Warn("Syncing firewall and {0} database...", IPBanDB.FileName);
// bring all firewall ip into the database, if they already exist they will be ignored
ipDB.SetBannedIPAddresses(Firewall.EnumerateBannedIPAddresses().Select(i => new Tuple <string, DateTime, DateTime>(i, now, banEnd)), UtcNow);
// remove any rows where the ip address was going to be removed
ipDB.DeletePendingRemoveIPAddresses();
// ensure firewall is up to date with all the correct ip addresses, if any ip are in the db but not in the firewall, they will
// get synced up here
Firewall.BlockIPAddresses(null, ipDB.EnumerateBannedIPAddresses()).Sync();
// set firewall update flag, if any deltas are lingering in the db (state = add pending or remove pending) they will get
// processed on the next cycle
firewallNeedsBlockedIPAddressesUpdate = true;
// report on initial count
int count = ipDB.GetIPAddressCount();
Logger.Warn("{0} total ip addresses in the {1} database", count, IPBanDB.FileName);
}
}
private void LoadFirewall(IPBanConfig oldConfig)
{
IIPBanFirewall existing = Firewall;
Firewall = FirewallCreator.CreateFirewall(Config, Firewall);
if (existing != Firewall)
{
AddUpdater(Firewall);
Logger.Warn("Loaded firewall type {0}", Firewall.GetType());
if (existing != null)
{
RemoveUpdater(existing);
// transfer banned ip to new firewall
Firewall.BlockIPAddresses(null, ipDB.EnumerateBannedIPAddresses()).Sync();
}
}
if (oldConfig is null)
{
// clear out all previous custom rules
foreach (string rule in Firewall.GetRuleNames(Firewall.RulePrefix + "EXTRA_").ToArray())
{
Firewall.DeleteRule(rule);
}
}
else
{
// check for updated / new / removed block rules
List <string> deleteList = new List <string>(oldConfig.ExtraRules.Select(r => r.Name));
// cleanup rules that are no longer in the config
foreach (string newRule in Config.ExtraRules.Select(r => r.Name))
{
deleteList.Remove(newRule);
}
foreach (string rule in deleteList)
{
foreach (string ruleName in Firewall.GetRuleNames(rule).ToArray())
{
Firewall.DeleteRule(ruleName);
}
}
}
// ensure firewall is cleared out if needed - will only execute once
UpdateBannedIPAddressesOnStart();
// ensure windows event viewer is setup if needed - will only execute once
SetupWindowsEventViewer();
// add/update global rules
Firewall.AllowIPAddresses("GlobalWhitelist", Config.Whitelist);
Firewall.BlockIPAddresses("GlobalBlacklist", Config.BlackList);
// add/update user specified rules
foreach (IPBanFirewallRule rule in Config.ExtraRules)
{
if (rule.Block)
{
Firewall.BlockIPAddresses(rule.Name, rule.IPAddressRanges, rule.AllowPortRanges);
}
else
{
Firewall.AllowIPAddresses(rule.Name, rule.IPAddressRanges, rule.AllowPortRanges);
}
}
}
