Firewall Rules mostly work

This commit is contained in:
Tim Young 2016-11-07 20:31:07 -06:00
parent 5b62aa59ee
commit 4903d9da9c
4 changed files with 50 additions and 1 deletions

View File

@ -476,6 +476,8 @@ namespace EduNetworkBuilder
if (tPacket.MyType == PacketType.arp_request && !nf.isLocal(tPacket.destIP)) if (tPacket.MyType == PacketType.arp_request && !nf.isLocal(tPacket.destIP))
continue; //only send out arp requests on local networks continue; //only send out arp requests on local networks
nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
nPacket.OutboundIF = nf;
nPacket.InboundInterface = tPacket.InboundInterface;
nf.ProcessOutboundPacket(nPacket); nf.ProcessOutboundPacket(nPacket);
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok) if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
continue; //If the packet cannot be sent out (VLAN stuff) continue; //If the packet cannot be sent out (VLAN stuff)
@ -528,6 +530,9 @@ namespace EduNetworkBuilder
foreach (NetworkInterface nf in interfaces.ToList()) foreach (NetworkInterface nf in interfaces.ToList())
{ {
nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false nPacket = new Packet(tPacket);//Creates a new packet but sets isfresh=false
nPacket.OutboundIF = nf;
nPacket.InboundInterface = tPacket.InboundInterface;
nf.ProcessOutboundPacket(nPacket); nf.ProcessOutboundPacket(nPacket);
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok) if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)
continue; //If the packet cannot be sent out (VLAN stuff) continue; //If the packet cannot be sent out (VLAN stuff)
@ -608,6 +613,8 @@ namespace EduNetworkBuilder
foreach (NetworkInterface nf in interfaces.ToList()) foreach (NetworkInterface nf in interfaces.ToList())
{ {
nPacket = new Packet(tPacket); nPacket = new Packet(tPacket);
nPacket.OutboundIF = nf;
nPacket.InboundInterface = tPacket.InboundInterface;
nf.ProcessOutboundPacket(nPacket); nf.ProcessOutboundPacket(nPacket);
if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok) if (nPacket.MyStatus == PacketStatus.finished || nPacket.MyStatus == PacketStatus.finished_failed || nPacket.MyStatus == PacketStatus.finished_ok)

View File

@ -413,7 +413,7 @@ namespace EduNetworkBuilder
} }
foreach (FirewallRule fwr in FirewallRules) foreach (FirewallRule fwr in FirewallRules)
{ {
fwr.Save(writer, "firewallrule"); fwr.Save(writer, "firwallrule");
} }
writer.WriteEndElement(); writer.WriteEndElement();
@ -1235,6 +1235,9 @@ namespace EduNetworkBuilder
{ {
NICs.Add(NetworkCard.Clone(nic)); NICs.Add(NetworkCard.Clone(nic));
} }
FirewallRules.Clear();
FirewallRules.AddRange(ndCopyFrom.FirewallRules);
RouteTable.Clear(); RouteTable.Clear();
RouteTable.AddRange(ndCopyFrom.RouteTable); RouteTable.AddRange(ndCopyFrom.RouteTable);
DHCPRanges.Clear(); DHCPRanges.Clear();
@ -2825,5 +2828,18 @@ namespace EduNetworkBuilder
} }
return false; return false;
} }
public bool FirewallAllows(string inIF, string outIF)
{
foreach(FirewallRule fwr in FirewallRules)
{
if(fwr.Source == inIF && fwr.Destination == outIF)
{
if (fwr.Action == FirewallRuleType.Allow) return true;
if (fwr.Action == FirewallRuleType.Drop) return false;
}
}
return true;
}
} }
} }

View File

@ -364,6 +364,28 @@ namespace EduNetworkBuilder
{ {
if (theLink == null) return; if (theLink == null) return;
//Console.WriteLine("Starting on link: " + theLink.GetUniqueIdentifier + " vlanID = " + VLANID.ToString()); //Console.WriteLine("Starting on link: " + theLink.GetUniqueIdentifier + " vlanID = " + VLANID.ToString());
//We are just about to go out. Verify we are not getting blocked by the firewall.
if (start_device.FirewallRules.Count > 0)
{
if (InboundInterface != null && OutboundIF != null)
{
if (!start_device.FirewallAllows(InboundInterface.nic_name, OutboundIF.nic_name))
{
ResponseToPacket rtp = start_device.HowToRespondToPacket(this);
if (rtp != ResponseToPacket.accept)
{
//If we are here, the packet is rejected.
string message = string.Format(NB.Translate("P_FirewallDropped"), start_device.hostname);
AddMessage(DebugLevel.filtering, message);
Tracking.Status = message;
AddMessage(DebugLevel.filtering, message);
MyStatus = PacketStatus.finished_failed;
return;
}
}
}
}
InboundNic = null; InboundNic = null;
InboundInterface = null; InboundInterface = null;
WhereAmI = theLink; WhereAmI = theLink;

View File

@ -1633,4 +1633,8 @@
<value>Adv. Firewall Enabled</value> <value>Adv. Firewall Enabled</value>
<comment>OW_cbFirewallEnabled = Adv. Firewall Enabled</comment> <comment>OW_cbFirewallEnabled = Adv. Firewall Enabled</comment>
</data> </data>
<data name="P_FirewallDropped" xml:space="preserve">
<value>Firewall Dropped Packet: Device {0}</value>
<comment>P_FirewallDropped = Firewall Dropped Packet: Device {0}</comment>
</data>
</root> </root>