Exemplo n.º 1
0
        public static FirewallRule MakeBlockInetRule(ProgramList.ID id, Firewall.Directions direction, long expiration = 0)
        {
            FirewallRule rule = new FirewallRule(id);

            rule.Name            = MakeRuleName(BlockInet, expiration != 0);
            rule.Grouping        = RuleGroup;
            rule.Action          = Firewall.Actions.Block;
            rule.Direction       = direction;
            rule.Enabled         = true;
            rule.RemoteAddresses = NetFunc.GetNonLocalNet();
            rule.Expiration      = expiration;
            return(rule);
        }
Exemplo n.º 2
0
        public void EvaluateRules(Program prog, bool apply)
        {
            String InetRanges = NetFunc.GetNonLocalNet();

            prog.config.CurAccess = Program.Config.AccessLevels.Unconfigured;

            bool StrictTest = false;

            if (prog.Rules.Count > 0)
            {
                SortedDictionary <ProgramList.ID, RuleStat> RuleStats = new SortedDictionary <ProgramList.ID, RuleStat>();
                int enabledCound = 0;

                foreach (FirewallRule rule in prog.Rules.Values.ToList())
                {
                    RuleStat Stat;
                    if (!RuleStats.TryGetValue(rule.mID, out Stat))
                    {
                        Stat = new RuleStat();
                        RuleStats.Add(rule.mID, Stat);
                    }

                    if (!rule.Enabled)
                    {
                        continue;
                    }

                    enabledCound++;

                    if (!IsEmptyOrStar(rule.LocalAddresses))
                    {
                        continue;
                    }
                    if (!IsEmptyOrStar(rule.LocalPorts) || !IsEmptyOrStar(rule.RemotePorts))
                    {
                        continue;
                    }
                    if (!IsEmptyOrStar(rule.IcmpTypesAndCodes))
                    {
                        continue;
                    }

                    bool AllProts  = (rule.Protocol == (int)NetFunc.KnownProtocols.Any);
                    bool InetProts = AllProts || (rule.Protocol == (int)FirewallRule.KnownProtocols.TCP) || (rule.Protocol == (int)FirewallRule.KnownProtocols.UDP);

                    if (!InetProts)
                    {
                        continue;
                    }

                    if (rule.Profile != (int)Profiles.All && (rule.Profile != ((int)Profiles.Public | (int)Profiles.Private | (int)Profiles.Domain)))
                    {
                        continue;
                    }
                    if (rule.Interface != (int)Interfaces.All)
                    {
                        continue;
                    }

                    if (IsEmptyOrStar(rule.RemoteAddresses))
                    {
                        if (rule.Action == Actions.Allow && InetProts)
                        {
                            Stat.AllowAll |= ((int)rule.Direction);
                        }
                        else if (rule.Action == Actions.Block && AllProts)
                        {
                            Stat.BlockAll |= ((int)rule.Direction);
                        }
                    }
                    else if (rule.RemoteAddresses == InetRanges)
                    {
                        if (rule.Action == Actions.Block && AllProts)
                        {
                            Stat.BlockInet |= ((int)rule.Direction);
                        }
                    }
                    else if (rule.RemoteAddresses == "LocalSubnet")
                    {
                        if (rule.Action == Actions.Allow && InetProts)
                        {
                            Stat.AllowLan |= ((int)rule.Direction);
                        }
                    }
                    RuleStats[rule.mID] = Stat;
                }

                RuleStat MergedStat = RuleStats.Values.ElementAt(0);

                for (int i = 1; i < RuleStats.Count; i++)
                {
                    RuleStat Stat = RuleStats.Values.ElementAt(i);

                    MergedStat.AllowAll  &= Stat.AllowAll;
                    MergedStat.BlockAll  &= Stat.BlockAll;
                    MergedStat.AllowLan  &= Stat.AllowLan;
                    MergedStat.BlockInet &= Stat.BlockInet;
                }

                if ((MergedStat.BlockAll & (int)Directions.Outboun) != 0 && (!StrictTest || (MergedStat.BlockAll & (int)Directions.Inbound) != 0))
                {
                    prog.config.CurAccess = Program.Config.AccessLevels.BlockAccess;
                }
                else if ((MergedStat.AllowAll & (int)Directions.Outboun) != 0 && (!StrictTest || (MergedStat.AllowAll & (int)Directions.Inbound) != 0))
                {
                    prog.config.CurAccess = Program.Config.AccessLevels.FullAccess;
                }
                else if ((MergedStat.AllowLan & (int)Directions.Outboun) != 0 && (!StrictTest || ((MergedStat.AllowLan & (int)Directions.Inbound) != 0 && (MergedStat.AllowLan & (int)Directions.Inbound) != 0)))
                {
                    prog.config.CurAccess = Program.Config.AccessLevels.LocalOnly;
                }
                else if (enabledCound > 0)
                {
                    prog.config.CurAccess = Program.Config.AccessLevels.CustomConfig;
                }
            }


            if (!apply || prog.config.NetAccess == Program.Config.AccessLevels.Unconfigured || prog.config.NetAccess == Program.Config.AccessLevels.CustomConfig)
            {
                return;
            }

            if (prog.config.NetAccess == prog.config.CurAccess)
            {
                return;
            }


            if (prog.config.NetAccess != Program.Config.AccessLevels.CustomConfig)
            {
                DisableUserRules(prog);
            }

            ClearPrivRules(prog);

            foreach (ProgramList.ID id in prog.IDs)
            {
                for (int i = 1; i <= 2; i++)
                {
                    Directions direction = (Directions)i;

                    switch (prog.config.NetAccess)
                    {
                    case Program.Config.AccessLevels.FullAccess:

                        // add and enable allow all rule
                        UpdateRule(FirewallRule.MakeAllowRule(id, direction), true);
                        break;

                    case Program.Config.AccessLevels.LocalOnly:

                        // create block rule only of we operate in blacklist mode
                        //if (GetFilteringMode() == FilteringModes.BlackList)
                        //{
                        //add and enable block rules for the internet
                        UpdateRule(FirewallRule.MakeBlockInetRule(id, direction), true);
                        //}

                        //add and enable allow rules for the lan
                        UpdateRule(FirewallRule.MakeAllowLanRule(id, direction), true);
                        break;

                    case Program.Config.AccessLevels.BlockAccess:

                        // add and enable broad block rules
                        UpdateRule(FirewallRule.MakeBlockRule(id, direction), true);
                        break;
                    }
                }
            }

            prog.config.CurAccess = prog.config.NetAccess;

            App.engine.NotifyChange(prog);
        }