Working on the firewall

This commit is contained in:
Tim Young 2016-11-07 10:50:56 -06:00
parent 6d375c9b60
commit 6f240bc311
9 changed files with 493 additions and 233 deletions

View File

@ -47,6 +47,7 @@
this.cbDHCP = new System.Windows.Forms.CheckBox();
this.btnDHCP = new System.Windows.Forms.Button();
this.btnVLAN = new System.Windows.Forms.Button();
this.btnFirewall = new System.Windows.Forms.Button();
this.SuspendLayout();
//
// tbHostname
@ -229,14 +230,24 @@
//
// btnVLAN
//
this.btnVLAN.Location = new System.Drawing.Point(182, 80);
this.btnVLAN.Location = new System.Drawing.Point(365, 55);
this.btnVLAN.Name = "btnVLAN";
this.btnVLAN.Size = new System.Drawing.Size(75, 23);
this.btnVLAN.Size = new System.Drawing.Size(94, 23);
this.btnVLAN.TabIndex = 21;
this.btnVLAN.Text = "VLANs";
this.btnVLAN.UseVisualStyleBackColor = true;
this.btnVLAN.Click += new System.EventHandler(this.btnVLAN_Click);
//
// btnFirewall
//
this.btnFirewall.Location = new System.Drawing.Point(251, 55);
this.btnFirewall.Name = "btnFirewall";
this.btnFirewall.Size = new System.Drawing.Size(113, 23);
this.btnFirewall.TabIndex = 22;
this.btnFirewall.Text = "Firewall";
this.btnFirewall.UseVisualStyleBackColor = true;
this.btnFirewall.Click += new System.EventHandler(this.btnFirewall_Click);
//
// DeviceConfig
//
this.AcceptButton = this.btnOK;
@ -244,6 +255,7 @@
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.CancelButton = this.btnCancel;
this.ClientSize = new System.Drawing.Size(471, 365);
this.Controls.Add(this.btnFirewall);
this.Controls.Add(this.btnVLAN);
this.Controls.Add(this.btnDHCP);
this.Controls.Add(this.cbDHCP);
@ -292,5 +304,6 @@
private System.Windows.Forms.CheckBox cbDHCP;
private System.Windows.Forms.Button btnDHCP;
private System.Windows.Forms.Button btnVLAN;
private System.Windows.Forms.Button btnFirewall;
}
}

View File

@ -57,6 +57,7 @@ namespace EduNetworkBuilder
cbDHCP.Text = NB.Translate("DC_cbDHCP");
btnDHCP.Text = NB.Translate("_DHCP");
btnVLAN.Text = NB.Translate("DC_btnVLAN");
btnFirewall.Text = NB.Translate("DC_btnFirewall");
Text = NB.Translate("DC_Form");
}
@ -95,6 +96,10 @@ namespace EduNetworkBuilder
nicLocked = true;
interfacesLocked = true;
}
if (theNet.FirewallEnabled && ndCLonedItem.DoesFirewall())
btnFirewall.Visible = true;
else
btnFirewall.Visible = false;
if (lbNics.SelectedIndex != -1)
{
string nic_name = StripNicName(lbNics.SelectedItem.ToString());
@ -512,5 +517,15 @@ namespace EduNetworkBuilder
VLANConfig VLC = new VLANConfig((NetworkDevice)ClonedItem);
VLC.ShowDialog();
}
private void btnFirewall_Click(object sender, EventArgs e)
{
//Open a firewall editing window.
if (ClonedItem is NetworkDevice)
{
FirewallEditor FEditor = new FirewallEditor((NetworkDevice)ClonedItem);
FEditor.ShowDialog();
}
}
}
}

View File

@ -244,7 +244,6 @@
<None Include="Resources\Level1-MidDHCP.enbx" />
<None Include="Resources\Level1-NoGateway.enbx" />
<None Include="Resources\Level1_AddingDevices.enbx" />
<None Include="Resources\Level1_AddingDevicesenbx" />
<None Include="Resources\Level1_BadGateway.enbx" />
<None Include="Resources\Level1_DuplicateMAC.enbx" />
<None Include="Resources\Level1_OneNetTwoSubnets.enbx" />

View File

@ -7,23 +7,20 @@ using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Xml;
namespace EduNetworkBuilder
{
public class FirewallRule
{
public string Source;
public string Destination;
public FirewallRuleType Action;
}
public partial class FirewallEditor : Form
{
public FirewallEditor()
NetworkDevice FirewallDevice = null;
public FirewallEditor(NetworkDevice WhatToEdit)
{
InitializeComponent();
FirewallDevice = WhatToEdit;
UpdateForm();
Icon = Properties.Resources.NBIco;
}
void UpdateForm()
@ -32,11 +29,32 @@ namespace EduNetworkBuilder
btnDel.Visible = true;
else
btnDel.Visible = false;
int selected = lbRules.SelectedIndex;
lbRules.Items.Clear();
foreach (FirewallRule FW in FirewallDevice.FirewallRules)
{
string OneLine = FW.Action.ToString() + " " + FW.Source + " -> " + FW.Destination;
lbRules.Items.Add(OneLine);
}
if (selected >= 0 && selected < lbRules.Items.Count)
lbRules.SelectedIndex = selected;
else
{
if (lbRules.Items.Count > 0)
lbRules.SelectedIndex = 0;
}
}
private void btnNew_Click(object sender, EventArgs e)
{
FirewallRule FW = new FirewallRule("","",FirewallRuleType.Drop);
NetTestEditor NTE = new NetTestEditor(FW,FirewallDevice);
NTE.ShowDialog();
if(FW.Source!="" && FW.Destination != "")
{
FirewallDevice.FirewallRules.Add(FW);
}
UpdateForm();
}
private void btnDel_Click(object sender, EventArgs e)
@ -46,7 +64,7 @@ namespace EduNetworkBuilder
private void btnDone_Click(object sender, EventArgs e)
{
Close();
}
}
}

View File

@ -230,6 +230,54 @@ namespace EduNetworkBuilder
}
}
[Serializable]
public class FirewallRule
{
public string Source;
public string Destination;
public FirewallRuleType Action;
public FirewallRule(string source, string dest, FirewallRuleType action)
{
Source = source;
Destination = dest;
Action = action;
}
public FirewallRule(XmlNode theNode)
{
foreach (XmlNode Individual in theNode.ChildNodes)
{
XmlNodeType myNodetype = Individual.NodeType;
if (myNodetype == XmlNodeType.Element)
{
switch (Individual.Name.ToLower())
{
case "source":
Source = Individual.InnerText;
break;
case "destination":
Destination = Individual.InnerText;
break;
case "action":
Action = NB.ParseEnum<FirewallRuleType>(Individual.InnerText);
break;
}
}
}
}
public void Save(XmlWriter writer, string tag)
{
writer.WriteStartElement(tag);
writer.WriteElementString("source", Source);
writer.WriteElementString("destination", Destination);
writer.WriteElementString("action", Action.ToString());
writer.WriteEndElement();
}
}
class NB
{

View File

@ -21,12 +21,18 @@ namespace EduNetworkBuilder
List<string> HostNames = new List<string>();
List<string> Networks = new List<string>();
List<string> Broadcasts = new List<string>();
List<string> Interfaces = new List<string>();
bool processing = false;
FirewallRule RuleToEdit;
FirewallRule OrigRule;
NetworkDevice FirewallDevice = null;
bool EditingFirewallRule = false;
public NetTestEditor(NetTest WhatToEdit)
{
EditingFirewallRule = false;
InitializeComponent();
LanguagifyComponents();
LanguagifyTestComponents();
OrigTest = WhatToEdit;
ToEdit = new NetTest(OrigTest);
@ -37,24 +43,66 @@ namespace EduNetworkBuilder
UpdateForm();
}
private void LanguagifyComponents()
public NetTestEditor(FirewallRule WhatToEdit, NetworkDevice DeviceWorkingOn)
{
Text = NB.Translate("NTE_lblSource");
Text = NB.Translate("NTE_lblTest");
Text = NB.Translate("NTE_lblDest");
Text = NB.Translate("_Done");
Text = NB.Translate("_Cancel");
EditingFirewallRule = true;
InitializeComponent();
LanguagifyFWComponents();
OrigRule = WhatToEdit;
FirewallDevice = DeviceWorkingOn;
RuleToEdit = new FirewallRule(OrigRule.Source, OrigRule.Destination, OrigRule.Action);
// Make a list of all interfaces on this device
foreach (string nname in DeviceWorkingOn.NICNames())
{
NetworkCard nic = DeviceWorkingOn.NicFromName(nname);
for (int i = 0; i < nic.IFCount; i++)
{
NetworkInterface nif = nic.GetInterface(i);
Interfaces.Add(nif.nic_name);
}
}
if (Interfaces.Count < 2)
{
//we cannot do firewalling on a device that has one or zero interfaces.
Close();
}
UpdateForm();
}
private void LanguagifyTestComponents()
{
lblSource.Text = NB.Translate("NTE_lblSource");
lblTest.Text = NB.Translate("NTE_lblTest");
lblDest.Text = NB.Translate("NTE_lblDest");
btnOK.Text = NB.Translate("_Done");
btnCancel.Text = NB.Translate("_Cancel");
Text = NB.Translate("NTE_Form");
}
private void LanguagifyFWComponents()
{
LanguagifyTestComponents();
lblTest.Text = NB.Translate("NTE_lblTestFW");
}
private void btnOK_Click(object sender, EventArgs e)
{
if (EditingFirewallRule)
{
OrigRule.Destination = RuleToEdit.Destination;
OrigRule.Source = RuleToEdit.Source;
OrigRule.Action = RuleToEdit.Action;
Close();
}
else
{
OrigTest.UpdateValuesFromAnother(ToEdit);
OrigTest.TaskWasDone = false; //We edited it. Set it to false
OrigTest.SetInitialDoneState(); //Set some of them to true (locked. etc)
Close();
}
}
private void btnCancel_Click(object sender, EventArgs e)
{
@ -65,17 +113,70 @@ namespace EduNetworkBuilder
{
NetworkDevice sItem;
processing = true;
List<string> tList = new List<string>();
Network theNet = NB.GetNetwork();
//We add all the hostnames as source
if (EditingFirewallRule)
{
cbSource.Items.Clear();
foreach(string host in HostNames)
cbDest.Items.Clear();
cbTest.Items.Clear();
foreach (string one in Interfaces)
{
if (one != RuleToEdit.Destination)
cbSource.Items.Add(one); //We add all of them except the selected destination
if (one != RuleToEdit.Source)
cbDest.Items.Add(one); //We add all of them except the selected source
}
foreach (string test in Enum.GetNames(typeof(FirewallRuleType)))
{
tList.Add(test);
}
tList.Sort(); //Sort them alphabetically. Just to make things easier
foreach (string test in tList)
{
cbTest.Items.Add(test);
}
//select the current stuff
if (cbSource.Items.Contains(RuleToEdit.Source))
{
cbSource.SelectedItem = RuleToEdit.Source;
}
else
{
if (cbSource.Items.Count > 0)
cbSource.SelectedIndex = 0; //select the first item
}
if (cbDest.Items.Contains(RuleToEdit.Source))
{
cbDest.SelectedItem = RuleToEdit.Source;
}
else
{
if (cbDest.Items.Count > 0)
cbDest.SelectedIndex = 0; //select the first item
}
if (cbTest.Items.Contains(RuleToEdit.Action.ToString()))
{
cbTest.SelectedItem = RuleToEdit.Action.ToString();
}
else
cbTest.SelectedIndex = 0;//select first item
}
else
{
cbSource.Items.Clear();
foreach (string host in HostNames)
{
cbSource.Items.Add(host);
}
//The tests are just the list of available tests.
cbTest.Items.Clear();
List<string> tList = new List<string>();
foreach (string test in Enum.GetNames(typeof(NetTestType)))
{
tList.Add(test);
@ -129,7 +230,7 @@ namespace EduNetworkBuilder
{
//return all the dhcp ranges
sItem = theNet.GetDeviceFromName(ToEdit.sHost);
foreach(string ip in sItem.DHCPStrings(false))
foreach (string ip in sItem.DHCPStrings(false))
{
cbDest.Items.Add(ip);
}
@ -161,7 +262,7 @@ namespace EduNetworkBuilder
cbDest.Items.Add(nname);
}
}
else if(ToEdit.TheTest == NetTestType.LockVLANNames)
else if (ToEdit.TheTest == NetTestType.LockVLANNames)
{
//No items for lockvlannames
cbDest.Items.Add(NB.Translate("_All"));
@ -199,7 +300,7 @@ namespace EduNetworkBuilder
}
else if (ToEdit.TheTest == NetTestType.NeedsForbiddenVLAN ||
ToEdit.TheTest == NetTestType.NeedsTaggedVLAN ||
ToEdit.TheTest == NetTestType.NeedsUntaggedVLAN )
ToEdit.TheTest == NetTestType.NeedsUntaggedVLAN)
{
sItem = theNet.GetDeviceFromName(ToEdit.sHost);
foreach (string nname in sItem.NICNames())
@ -233,13 +334,13 @@ namespace EduNetworkBuilder
}
//Now we select all the appropriate items.
if(cbSource.Items.Contains(ToEdit.sHost))
if (cbSource.Items.Contains(ToEdit.sHost))
{
cbSource.SelectedItem = ToEdit.sHost;
}
else
{
if(cbSource.Items.Count > 0)
if (cbSource.Items.Count > 0)
cbSource.SelectedIndex = 0; //select the first item
}
@ -262,6 +363,7 @@ namespace EduNetworkBuilder
if (cbTest.Items.Count > 0)
cbTest.SelectedIndex = 0; //select the first item
}
}
processing = false;
}
@ -274,6 +376,14 @@ namespace EduNetworkBuilder
{
if (processing) return true; //If we are processing, we are all OK.
Network theNet = NB.GetNetwork();
if (EditingFirewallRule)
{
//The source cannot be the dest.
//The values need to exist
return true;
}
else
{
NetTestType ntt = NB.ParseEnum<NetTestType>(cbTest.SelectedItem.ToString());
if (ntt == NetTestType.ReadContextHelp) return true;
if (ntt == NetTestType.DHCPServerEnabled) return true;
@ -313,19 +423,40 @@ namespace EduNetworkBuilder
if (theNet.GetDeviceFromName(cbDest.SelectedItem.ToString()) == null)
return false; //This should never happen with a drop-down list, but just in case...
}
}
return true;
}
private void cbTest_SelectedValueChanged(object sender, EventArgs e)
{
if (EditingFirewallRule)
{
RuleToEdit.Action = NB.ParseEnum<FirewallRuleType>(cbTest.SelectedItem.ToString());
if (!processing)
UpdateForm();
}
else
{
ToEdit.TheTest = NB.ParseEnum<NetTestType>(cbTest.SelectedItem.ToString());
if (!processing)
UpdateForm();
}
}
private void cbSource_SelectedValueChanged(object sender, EventArgs e)
{
if (EditingFirewallRule)
{
if (validate_choices())
{
RuleToEdit.Source = cbSource.SelectedItem.ToString();
if (!processing) UpdateForm();
}
else
if (!processing)
UpdateForm();
}
else
{
if (validate_choices())
{
@ -335,8 +466,22 @@ namespace EduNetworkBuilder
if (!processing)
UpdateForm();
}
}
private void cbDest_SelectedValueChanged(object sender, EventArgs e)
{
if (EditingFirewallRule)
{
if (validate_choices())
{
RuleToEdit.Destination = cbDest.SelectedItem.ToString();
if (!processing) UpdateForm();
}
else
if (!processing)
UpdateForm();
}
else
{
if (validate_choices())
{
@ -347,4 +492,5 @@ namespace EduNetworkBuilder
UpdateForm();
}
}
}
}

View File

@ -33,7 +33,7 @@ namespace EduNetworkBuilder
public bool CanAddNics = false;
public Color BackgroundColor = Color.Empty;
protected Color MorphColor = Color.Empty;
protected List<FirewallRule> FirewallRules = new List<FirewallRule>();
public List<FirewallRule> FirewallRules = new List<FirewallRule>();
public NetworkDevice(NetworkComponentType what, string tHostname, Point tLocation, NicType firstNic = NicType.eth)
{
@ -373,6 +373,10 @@ namespace EduNetworkBuilder
IPAddress dhcpip = new IPAddress(Individual);
DHCPRanges.Add(dhcpip);
break;
case "firwallrule":
FirewallRule fwr = new FirewallRule(Individual);
FirewallRules.Add(fwr);
break;
case "morphcolor":
MorphColor = Color.FromName(Individual.InnerText);
break;
@ -407,6 +411,10 @@ namespace EduNetworkBuilder
{
dhcp.Save(writer, "dhcprange");
}
foreach (FirewallRule fwr in FirewallRules)
{
fwr.Save(writer, "firewallrule");
}
writer.WriteEndElement();
}

View File

@ -65,6 +65,7 @@ namespace EduNetworkBuilder
lblStartingHelp.Text = NB.Translate("OW_lblStartingHelp");
cbVLANs.Text = NB.Translate("OW_cbVLANs");
cb_ColoredPackets.Text = NB.Translate("OW_OWVLANColoredPackets");
cbFirewallEnabled.Text = NB.Translate("OW_cbFirewallEnabled");
Text = NB.Translate("OW_Form");
}
@ -105,7 +106,7 @@ namespace EduNetworkBuilder
cbStartingHelpLevel.Items.Add(helplevel);
}
cbStartingHelpLevel.SelectedItem = myNet.StartingHelpLevel.ToString();
cbVLANs_CheckedChanged(this, EventArgs.Empty);
}
private void SaveValuesToNetwork()

View File

@ -1609,6 +1609,10 @@
<value>When packets are passing across a VLAN link, color the packets so we can visualize them better.</value>
<comment>OW_OWVLANColoredPacketsTT = When packets are passing across a VLAN link, color the packets so we can visualize them better.</comment>
</data>
<data name="DC_btnFirewall" xml:space="preserve">
<value>Firewall</value>
<comment>DC_btnFirewall = Firewall</comment>
</data>
<data name="NB_LockedOut" xml:space="preserve">
<value>Locked Out. Cannot determine settings for this device.</value>
<comment>NB_LockedOut = Locked Out. Cannot determine settings for this device.</comment>
@ -1621,4 +1625,12 @@
<value>ERROR: Packet forbidden by Management Interface VLAN</value>
<comment>ND_PrepPackVLANErr = ERROR: Packet forbidden by Management Interface VLAN</comment>
</data>
<data name="NTE_lblTestFW" xml:space="preserve">
<value>Action</value>
<comment>NTE_lblTestFW = Action</comment>
</data>
<data name="OW_cbFirewallEnabled" xml:space="preserve">
<value>Adv. Firewall Enabled</value>
<comment>OW_cbFirewallEnabled = Adv. Firewall Enabled</comment>
</data>
</root>