Firewall Rules mostly work
This commit is contained in:
parent
5b62aa59ee
commit
4903d9da9c
@ -476,6 +476,8 @@ namespace EduNetworkBuilder
|
||||
if (tPacket.MyType == PacketType.arp_request && !nf.isLocal(tPacket.destIP))
|
||||
continue; //only send out arp requests on local networks
|
||||
nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
|
||||
nPacket.OutboundIF = nf;
|
||||
nPacket.InboundInterface = tPacket.InboundInterface;
|
||||
nf.ProcessOutboundPacket(nPacket);
|
||||
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
|
||||
continue; //If the packet cannot be sent out (VLAN stuff)
|
||||
@ -528,6 +530,9 @@ namespace EduNetworkBuilder
|
||||
foreach (NetworkInterface nf in interfaces.ToList())
|
||||
{
|
||||
nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
|
||||
nPacket.OutboundIF = nf;
|
||||
nPacket.InboundInterface = tPacket.InboundInterface;
|
||||
|
||||
nf.ProcessOutboundPacket(nPacket);
|
||||
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
|
||||
continue; //If the packet cannot be sent out (VLAN stuff)
|
||||
@ -608,6 +613,8 @@ namespace EduNetworkBuilder
|
||||
foreach (NetworkInterface nf in interfaces.ToList())
|
||||
{
|
||||
nPacket = new Packet(tPacket);
|
||||
nPacket.OutboundIF = nf;
|
||||
nPacket.InboundInterface = tPacket.InboundInterface;
|
||||
|
||||
nf.ProcessOutboundPacket(nPacket);
|
||||
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
|
||||
|
@ -413,7 +413,7 @@ namespace EduNetworkBuilder
|
||||
}
|
||||
foreach (FirewallRule fwr in FirewallRules)
|
||||
{
|
||||
fwr.Save(writer, "firewallrule");
|
||||
fwr.Save(writer, "firwallrule");
|
||||
}
|
||||
|
||||
writer.WriteEndElement();
|
||||
@ -1235,6 +1235,9 @@ namespace EduNetworkBuilder
|
||||
{
|
||||
NICs.Add(NetworkCard.Clone(nic));
|
||||
}
|
||||
|
||||
FirewallRules.Clear();
|
||||
FirewallRules.AddRange(ndCopyFrom.FirewallRules);
|
||||
RouteTable.Clear();
|
||||
RouteTable.AddRange(ndCopyFrom.RouteTable);
|
||||
DHCPRanges.Clear();
|
||||
@ -2825,5 +2828,18 @@ namespace EduNetworkBuilder
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public bool FirewallAllows(string inIF, string outIF)
|
||||
{
|
||||
foreach(FirewallRule fwr in FirewallRules)
|
||||
{
|
||||
if(fwr.Source == inIF && fwr.Destination == outIF)
|
||||
{
|
||||
if (fwr.Action == FirewallRuleType.Allow) return true;
|
||||
if (fwr.Action == FirewallRuleType.Drop) return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -364,6 +364,28 @@ namespace EduNetworkBuilder
|
||||
{
|
||||
if (theLink == null) return;
|
||||
//Console.WriteLine("Starting on link: " + theLink.GetUniqueIdentifier + " vlanID = " + VLANID.ToString());
|
||||
|
||||
//We are just about to go out. Verify we are not getting blocked by the firewall.
|
||||
if (start_device.FirewallRules.Count > 0)
|
||||
{
|
||||
if (InboundInterface != null && OutboundIF != null)
|
||||
{
|
||||
if (!start_device.FirewallAllows(InboundInterface.nic_name, OutboundIF.nic_name))
|
||||
{
|
||||
ResponseToPacket rtp = start_device.HowToRespondToPacket(this);
|
||||
if (rtp != ResponseToPacket.accept)
|
||||
{
|
||||
//If we are here, the packet is rejected.
|
||||
string message = string.Format(NB.Translate("P_FirewallDropped"), start_device.hostname);
|
||||
AddMessage(DebugLevel.filtering, message);
|
||||
Tracking.Status = message;
|
||||
AddMessage(DebugLevel.filtering, message);
|
||||
MyStatus = PacketStatus.finished_failed;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
InboundNic = null;
|
||||
InboundInterface = null;
|
||||
WhereAmI = theLink;
|
||||
|
@ -1633,4 +1633,8 @@
|
||||
<value>Adv. Firewall Enabled</value>
|
||||
<comment>OW_cbFirewallEnabled = Adv. Firewall Enabled</comment>
|
||||
</data>
|
||||
<data name="P_FirewallDropped" xml:space="preserve">
|
||||
<value>Firewall Dropped Packet: Device {0}</value>
|
||||
<comment>P_FirewallDropped = Firewall Dropped Packet: Device {0}</comment>
|
||||
</data>
|
||||
</root>
|
Loading…
Reference in New Issue
Block a user