public IPBlockPolicy GetPolicy(BlockedEntry blockEntry) { var whiteListedLocations = ConfigurationManager.AppSettings["IPBlockPolicyFactory:WhiteListedLocations"].ToArray(); var whiteListedIps = ConfigurationManager.AppSettings["IPBlockPolicyFactory:WhiteListedIps"].ToArray(); var shouldBlock = !whiteListedLocations.Any(l => blockEntry.IpLocation.Trim().ToLower().Contains(l.ToLower())); var blockTime = TimeSpan.FromHours(24); if (!shouldBlock) { blockTime = TimeSpan.FromSeconds(0); } else if (shouldBlock && blockEntry.IpLocation.ToLower().Contains("Unknown")) { blockTime = TimeSpan.FromMinutes(60); } if (whiteListedIps.Any(ip => ip.Equals(blockEntry.Ip))) { blockTime = TimeSpan.FromSeconds(0); shouldBlock = false; } return(new IPBlockPolicy(shouldBlock, DateTime.Now.Add(blockTime), $"(IP-BLOCK) {blockEntry.Source} Blocked IP")); }
public bool Unblock(BlockedEntry entry) { var firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); var policy = policyFactory.GetPolicy(entry); var ruleName = $"{policy.GetRuleName()} [{entry.Protocol}-{String.Join(",", entry.Ports)}]"; var rules = GetRules(firewallPolicy, ruleName); var toRemove = new List <INetFwRule>(); foreach (var rule in rules.Where(r => CleanIps(r.RemoteAddresses).Contains(entry.Ip))) { var ips = CleanIps(rule.RemoteAddresses); ips.Remove(entry.Ip); if (ips.Count() == 0) { toRemove.Add(rule); } else { rule.RemoteAddresses = String.Join(",", ips); } } foreach (var rule in toRemove) { firewallPolicy.Rules.Remove(rule.Name); rules.Remove(rule); } return(true); }
public void UnblockBlockedIpRecord(BlockedEntry entry) { var record = _context.BlockedIpRecords.FirstOrDefault(b => b.Ip.Equals(entry.Ip) && b.Source.Equals(entry.Source) && b.Ports.Equals(String.Join(",", entry.Ports)) && b.Protocol.Equals(entry.Protocol.ToString().ToLower()) && b.IsBlocked); record.IsBlocked = false; record.RuleName = null; record.DateUnblocked = DateTime.Now; _context.SaveChanges(); }
public bool Block(BlockedEntry blockEntry, IPBlockPolicy policy, out string ruleName) { var firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); ruleName = $"{policy.GetRuleName()} [{blockEntry.Protocol}-{String.Join(",", blockEntry.Ports)}]"; var rules = GetRules(firewallPolicy, ruleName); var rule = rules.FirstOrDefault(r => CleanIps(r.RemoteAddresses).Count < 1000); if (rule != null) { var ips = CleanIps(rule.RemoteAddresses); if (!ips.Contains(blockEntry.Ip)) { ips.Add(blockEntry.Ip); rule.RemoteAddresses = String.Join(",", ips); ruleName = rule.Name; Console.WriteLine($"Blocked IP: {blockEntry.Ip}"); } else { Console.WriteLine($"IP AlreadyBlocked: {blockEntry.Ip}"); } } else { rule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule")); rule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK; rule.Description = $"IPBlocker blocked IP's"; rule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN; rule.Enabled = true; rule.RemoteAddresses = blockEntry.Ip; rule.InterfaceTypes = "All"; rule.Protocol = (int)blockEntry.Protocol; //NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP / NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP rule.LocalPorts = String.Join(",", blockEntry.Ports); rule.Name = GetNextRuleName(rules.Select(r => r.Name).ToList(), ruleName); firewallPolicy.Rules.Add(rule); rules.Add(rule); ruleName = rule.Name; Console.WriteLine($"Blocked IP: {blockEntry.Ip}"); } return(true); }
public void Add(BlockedEntry blockEntry, IPBlockPolicy policy, string source) { var record = new BlockedIpRecord { Source = source, RuleName = blockEntry.RuleName, DateBlocked = DateTime.Now, DateToUnblockIp = policy.GetUnblockDate(), Ip = blockEntry.Ip, IpLocation = blockEntry.IpLocation, IsBlocked = blockEntry.IsBLocked, Ports = String.Join(",", blockEntry.Ports), Protocol = blockEntry.Protocol.ToString().ToLower() }; _context.BlockedIpRecords.Add(record); _context.SaveChanges(); }
public void Run() { var fromDate = GetLastRunDate(); if (fromDate.Date != DateTime.Now.Date) { fromDate = DateTime.Today; } Console.WriteLine($"[{DateTime.Now}] {nameof(BlockService)} - Starting from {fromDate}"); var badIps = logFileDataSource.GetBadIps(fromDate); var runtime = badIps.LastOrDefault()?.Time.AddSeconds(1) ?? DateTime.Now; foreach (var ipEntry in badIps) { var isBlocked = dataStore.IsIPBlocked(ipEntry.IP, logFileDataSource.GetName(), ipEntry.Ports, ipEntry.Protocol.ToString()); if (!isBlocked) { var blockEntry = new BlockedEntry(ipEntry, logFileDataSource.GetName()); blockEntry.IpLocation = ipLocator.GetIpLocation(blockEntry.Ip); var policy = policyFactory.GetPolicy(blockEntry); if (policy.ShouldBlock() && ipBlocker.Block(blockEntry, policy, out var ruleName)) { blockEntry.RuleName = ruleName; blockEntry.IsBLocked = true; dataStore.Add(blockEntry, policy, logFileDataSource.GetName()); } } } dataStore.SaveConfigValue("LastRunDate", runtime.ToString()); Console.WriteLine($"[{DateTime.Now}] {nameof(BlockService)} - Complete"); }