Firewall Rules mostly work

This commit is contained in:
Tim Young 2016-11-07 20:31:07 -06:00
parent 5b62aa59ee
commit 4903d9da9c
4 changed files with 50 additions and 1 deletions

View File

@ -476,6 +476,8 @@ namespace EduNetworkBuilder
if (tPacket.MyType == PacketType.arp_request && !nf.isLocal(tPacket.destIP))
continue; //only send out arp requests on local networks
nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
nPacket.OutboundIF = nf;
nPacket.InboundInterface = tPacket.InboundInterface;
nf.ProcessOutboundPacket(nPacket);
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
continue; //If the packet cannot be sent out (VLAN stuff)
@ -528,6 +530,9 @@ namespace EduNetworkBuilder
foreach (NetworkInterface nf in interfaces.ToList())
{
nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
nPacket.OutboundIF = nf;
nPacket.InboundInterface = tPacket.InboundInterface;
nf.ProcessOutboundPacket(nPacket);
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
continue; //If the packet cannot be sent out (VLAN stuff)
@ -608,6 +613,8 @@ namespace EduNetworkBuilder
foreach (NetworkInterface nf in interfaces.ToList())
{
nPacket = new Packet(tPacket);
nPacket.OutboundIF = nf;
nPacket.InboundInterface = tPacket.InboundInterface;
nf.ProcessOutboundPacket(nPacket);
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)

View File

@ -413,7 +413,7 @@ namespace EduNetworkBuilder
}
foreach (FirewallRule fwr in FirewallRules)
{
fwr.Save(writer, "firewallrule");
fwr.Save(writer, "firwallrule");
}
writer.WriteEndElement();
@ -1235,6 +1235,9 @@ namespace EduNetworkBuilder
{
NICs.Add(NetworkCard.Clone(nic));
}
FirewallRules.Clear();
FirewallRules.AddRange(ndCopyFrom.FirewallRules);
RouteTable.Clear();
RouteTable.AddRange(ndCopyFrom.RouteTable);
DHCPRanges.Clear();
@ -2825,5 +2828,18 @@ namespace EduNetworkBuilder
}
return false;
}
public bool FirewallAllows(string inIF, string outIF)
{
foreach(FirewallRule fwr in FirewallRules)
{
if(fwr.Source == inIF && fwr.Destination == outIF)
{
if (fwr.Action == FirewallRuleType.Allow) return true;
if (fwr.Action == FirewallRuleType.Drop) return false;
}
}
return true;
}
}
}

View File

@ -364,6 +364,28 @@ namespace EduNetworkBuilder
{
if (theLink == null) return;
//Console.WriteLine("Starting on link: " + theLink.GetUniqueIdentifier + " vlanID = " + VLANID.ToString());
//We are just about to go out. Verify we are not getting blocked by the firewall.
if (start_device.FirewallRules.Count > 0)
{
if (InboundInterface != null && OutboundIF != null)
{
if (!start_device.FirewallAllows(InboundInterface.nic_name, OutboundIF.nic_name))
{
ResponseToPacket rtp = start_device.HowToRespondToPacket(this);
if (rtp != ResponseToPacket.accept)
{
//If we are here, the packet is rejected.
string message = string.Format(NB.Translate("P_FirewallDropped"), start_device.hostname);
AddMessage(DebugLevel.filtering, message);
Tracking.Status = message;
AddMessage(DebugLevel.filtering, message);
MyStatus = PacketStatus.finished_failed;
return;
}
}
}
}
InboundNic = null;
InboundInterface = null;
WhereAmI = theLink;

View File

@ -1633,4 +1633,8 @@
<value>Adv. Firewall Enabled</value>
<comment>OW_cbFirewallEnabled = Adv. Firewall Enabled</comment>
</data>
<data name="P_FirewallDropped" xml:space="preserve">
<value>Firewall Dropped Packet: Device {0}</value>
<comment>P_FirewallDropped = Firewall Dropped Packet: Device {0}</comment>
</data>
</root>