public IPBlockPolicy GetPolicy(BlockedEntry blockEntry)
{
var whiteListedLocations = ConfigurationManager.AppSettings["IPBlockPolicyFactory:WhiteListedLocations"].ToArray();
var whiteListedIps = ConfigurationManager.AppSettings["IPBlockPolicyFactory:WhiteListedIps"].ToArray();
var shouldBlock = !whiteListedLocations.Any(l => blockEntry.IpLocation.Trim().ToLower().Contains(l.ToLower()));
var blockTime = TimeSpan.FromHours(24);
if (!shouldBlock)
{
blockTime = TimeSpan.FromSeconds(0);
}
else if (shouldBlock && blockEntry.IpLocation.ToLower().Contains("Unknown"))
{
blockTime = TimeSpan.FromMinutes(60);
}
if (whiteListedIps.Any(ip => ip.Equals(blockEntry.Ip)))
{
blockTime = TimeSpan.FromSeconds(0);
shouldBlock = false;
}
return(new IPBlockPolicy(shouldBlock, DateTime.Now.Add(blockTime), $"(IP-BLOCK) {blockEntry.Source} Blocked IP"));
}
public bool Unblock(BlockedEntry entry)
{
var firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
var policy = policyFactory.GetPolicy(entry);
var ruleName = $"{policy.GetRuleName()} [{entry.Protocol}-{String.Join(",", entry.Ports)}]";
var rules = GetRules(firewallPolicy, ruleName);
var toRemove = new List <INetFwRule>();
foreach (var rule in rules.Where(r => CleanIps(r.RemoteAddresses).Contains(entry.Ip)))
{
var ips = CleanIps(rule.RemoteAddresses);
ips.Remove(entry.Ip);
if (ips.Count() == 0)
{
toRemove.Add(rule);
}
else
{
rule.RemoteAddresses = String.Join(",", ips);
}
}
foreach (var rule in toRemove)
{
firewallPolicy.Rules.Remove(rule.Name);
rules.Remove(rule);
}
return(true);
}
public void UnblockBlockedIpRecord(BlockedEntry entry)
{
var record = _context.BlockedIpRecords.FirstOrDefault(b => b.Ip.Equals(entry.Ip) &&
b.Source.Equals(entry.Source) &&
b.Ports.Equals(String.Join(",", entry.Ports)) &&
b.Protocol.Equals(entry.Protocol.ToString().ToLower()) &&
b.IsBlocked);
record.IsBlocked = false;
record.RuleName = null;
record.DateUnblocked = DateTime.Now;
_context.SaveChanges();
}
public bool Block(BlockedEntry blockEntry, IPBlockPolicy policy, out string ruleName)
{
var firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
ruleName = $"{policy.GetRuleName()} [{blockEntry.Protocol}-{String.Join(",", blockEntry.Ports)}]";
var rules = GetRules(firewallPolicy, ruleName);
var rule = rules.FirstOrDefault(r => CleanIps(r.RemoteAddresses).Count < 1000);
if (rule != null)
{
var ips = CleanIps(rule.RemoteAddresses);
if (!ips.Contains(blockEntry.Ip))
{
ips.Add(blockEntry.Ip);
rule.RemoteAddresses = String.Join(",", ips);
ruleName = rule.Name;
Console.WriteLine($"Blocked IP: {blockEntry.Ip}");
}
else
{
Console.WriteLine($"IP AlreadyBlocked: {blockEntry.Ip}");
}
}
else
{
rule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
rule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
rule.Description = $"IPBlocker blocked IP's";
rule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN;
rule.Enabled = true;
rule.RemoteAddresses = blockEntry.Ip;
rule.InterfaceTypes = "All";
rule.Protocol = (int)blockEntry.Protocol; //NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP / NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP
rule.LocalPorts = String.Join(",", blockEntry.Ports);
rule.Name = GetNextRuleName(rules.Select(r => r.Name).ToList(), ruleName);
firewallPolicy.Rules.Add(rule);
rules.Add(rule);
ruleName = rule.Name;
Console.WriteLine($"Blocked IP: {blockEntry.Ip}");
}
return(true);
}
public void Add(BlockedEntry blockEntry, IPBlockPolicy policy, string source)
{
var record = new BlockedIpRecord
{
Source = source,
RuleName = blockEntry.RuleName,
DateBlocked = DateTime.Now,
DateToUnblockIp = policy.GetUnblockDate(),
Ip = blockEntry.Ip,
IpLocation = blockEntry.IpLocation,
IsBlocked = blockEntry.IsBLocked,
Ports = String.Join(",", blockEntry.Ports),
Protocol = blockEntry.Protocol.ToString().ToLower()
};
_context.BlockedIpRecords.Add(record);
_context.SaveChanges();
}
public void Run()
{
var fromDate = GetLastRunDate();
if (fromDate.Date != DateTime.Now.Date)
{
fromDate = DateTime.Today;
}
Console.WriteLine($"[{DateTime.Now}] {nameof(BlockService)} - Starting from {fromDate}");
var badIps = logFileDataSource.GetBadIps(fromDate);
var runtime = badIps.LastOrDefault()?.Time.AddSeconds(1) ?? DateTime.Now;
foreach (var ipEntry in badIps)
{
var isBlocked = dataStore.IsIPBlocked(ipEntry.IP, logFileDataSource.GetName(), ipEntry.Ports, ipEntry.Protocol.ToString());
if (!isBlocked)
{
var blockEntry = new BlockedEntry(ipEntry, logFileDataSource.GetName());
blockEntry.IpLocation = ipLocator.GetIpLocation(blockEntry.Ip);
var policy = policyFactory.GetPolicy(blockEntry);
if (policy.ShouldBlock() && ipBlocker.Block(blockEntry, policy, out var ruleName))
{
blockEntry.RuleName = ruleName;
blockEntry.IsBLocked = true;
dataStore.Add(blockEntry, policy, logFileDataSource.GetName());
}
}
}
dataStore.SaveConfigValue("LastRunDate", runtime.ToString());
Console.WriteLine($"[{DateTime.Now}] {nameof(BlockService)} - Complete");
}
