// ReSharper disable once TooManyDeclarations
public void CreateDirectICMPRule()
{
var ruleName = RulesPrefix + Guid.NewGuid().ToString("N");
var rule = new FirewallWASRule(
ruleName,
FirewallAction.Allow,
FirewallDirection.Inbound,
FirewallProfiles.Domain
)
{
Protocol = FirewallProtocol.ICMPv4,
RemoteAddresses = new IAddress[] { SingleIP.Parse("192.168.0.1") }
};
_firewall.Rules.Add(rule);
var checkRule = _firewall.Rules.FirstOrDefault(firewallRule => firewallRule.Name == ruleName);
Assert.IsNotNull(checkRule);
Assert.AreEqual(checkRule.Protocol, FirewallProtocol.ICMPv4);
Assert.AreEqual(checkRule.Profiles, FirewallProfiles.Domain);
_firewall.Rules.Remove(rule);
checkRule = _firewall.Rules.FirstOrDefault(firewallRule => firewallRule.Name == ruleName);
Assert.IsNull(checkRule);
}
// ReSharper disable once TooManyDeclarations
public void CreateDirectIPv6Rule()
{
var ruleName = RulesPrefix + Guid.NewGuid().ToString("N");
var remoteAddress = SingleIP.Parse("2607:fea8:4260:31a::9");
var rule = new FirewallWASRule(
ruleName,
FirewallAction.Block,
FirewallDirection.Outbound,
FirewallProfiles.Public
)
{
Protocol = FirewallProtocol.Any,
RemoteAddresses = new IAddress[] { remoteAddress }
};
_firewall.Rules.Add(rule);
var checkRule = _firewall.Rules.FirstOrDefault(firewallRule => firewallRule.Name == ruleName);
Assert.IsNotNull(checkRule);
Assert.IsTrue(checkRule.RemoteAddresses.SequenceEqual(new IAddress[] { remoteAddress }));
Assert.AreEqual(checkRule.Profiles, FirewallProfiles.Public);
Assert.AreEqual(checkRule.Direction, FirewallDirection.Outbound);
Assert.AreEqual(checkRule.Action, FirewallAction.Block);
_firewall.Rules.Remove(rule);
checkRule = _firewall.Rules.FirstOrDefault(firewallRule => firewallRule.Name == ruleName);
Assert.IsNull(checkRule);
}
//[ResponseType(typeof(string))]
public IHttpActionResult AddAdditionalIpForRdp([FromUri] string ipAddress)
{
var ruleName = "Allow Remote Desktop";
try
{
var rule = FirewallManager.Instance.Rules.Where(o =>
o.Direction == FirewallDirection.Inbound &&
o.Name.Equals(ruleName)
).FirstOrDefault();
if (rule != null)
{
var items = rule.RemoteAddresses.ToList();
items.Add(SingleIP.Parse(ipAddress));
//Update an existing Rule
rule.RemoteAddresses = items.ToArray();
return(Ok());
}
//Create a new rule
rule = FirewallManager.Instance.CreateApplicationRule(
FirewallManager.Instance.GetProfile().Type,
ruleName,
FirewallAction.Allow,
null
);
rule.Direction = FirewallDirection.Inbound;
rule.LocalPorts = new ushort[] { 3389 };
rule.Action = FirewallAction.Allow;
rule.Protocol = FirewallProtocol.TCP;
rule.Scope = FirewallScope.All;
rule.Profiles = FirewallProfiles.Public | FirewallProfiles.Private;
rule.RemoteAddresses = new IAddress[] { SingleIP.Parse(ipAddress) };
FirewallManager.Instance.Rules.Add(rule);
return(Ok());
}
catch (Exception exception)
{
Log.Error($"{nameof(AddAdditionalIpForRdp)}", exception);
}
return(InternalServerError());
}
public void InvalidParses()
{
// Can't parse empty strings
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("");
}
);
// Can't parse invalid ip addresses
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("-1.0.0.0");
}
);
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("-1::");
}
);
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("256.0.0.0");
}
);
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("10000::");
}
);
// Can't parse ip ranges containing more than one ip address
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("192.168.1.1-192.168.2.1");
}
);
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("2001:1::-2001:2::");
}
);
// Can't parse network addresses containing more than one ip address
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("127.0.0.1/28");
}
);
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("::1/112");
}
);
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("192.168.1.1/255.255.255.0");
}
);
Assert.Throws <FormatException>(() =>
{
SingleIP.Parse("2001:1::/ffff:ffff:ffff:ffff:ffff:ffff:ffff:0");
}
);
}