mirror of
https://github.com/tnodir/fort
synced 2024-11-15 08:56:22 +00:00
Driver: Fix "Block Internet traffic" with "Filter Local Network" turned on
This commit is contained in:
parent
d6eb1bf158
commit
755c0f53fd
@ -209,21 +209,16 @@ inline static BOOL fort_callout_ale_is_zone_blocked(
|
|||||||
&fort_device()->conf, zones_mask, cx->remote_ip, ca->isIPv6);
|
&fort_device()->conf, zones_mask, cx->remote_ip, ca->isIPv6);
|
||||||
}
|
}
|
||||||
|
|
||||||
static BOOL fort_callout_ale_is_ip_blocked(PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx,
|
static BOOL fort_callout_ale_is_ip_blocked(
|
||||||
PFORT_CONF_REF conf_ref, FORT_CONF_FLAGS conf_flags, FORT_APP_DATA app_data)
|
PCFORT_CALLOUT_ARG ca, PFORT_CALLOUT_ALE_EXTRA cx, FORT_APP_DATA app_data)
|
||||||
{
|
{
|
||||||
const BOOL app_found = (app_data.flags.v != 0);
|
const BOOL app_found = (app_data.flags.v != 0);
|
||||||
if (!app_found)
|
if (!app_found)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
if (app_data.flags.lan_only) {
|
if (app_data.flags.lan_only && !cx->is_local_net) {
|
||||||
if (!conf_flags.filter_local_net
|
cx->block_reason = FORT_BLOCK_REASON_LAN_ONLY;
|
||||||
|| fort_conf_ip_is_inet(&conf_ref->conf,
|
return TRUE; /* block LAN Only */
|
||||||
(fort_conf_zones_ip_included_func *) &fort_conf_zones_ip_included,
|
|
||||||
&fort_device()->conf, cx->remote_ip, ca->isIPv6)) {
|
|
||||||
cx->block_reason = FORT_BLOCK_REASON_LAN_ONLY;
|
|
||||||
return TRUE; /* block LAN Only */
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (fort_callout_ale_is_zone_blocked(ca, cx, app_data.reject_zones)
|
if (fort_callout_ale_is_zone_blocked(ca, cx, app_data.reject_zones)
|
||||||
@ -254,7 +249,7 @@ inline static BOOL fort_callout_ale_is_allowed(PCFORT_CALLOUT_ARG ca, PFORT_CALL
|
|||||||
return TRUE;
|
return TRUE;
|
||||||
|
|
||||||
/* Check LAN Only and Zones */
|
/* Check LAN Only and Zones */
|
||||||
if (fort_callout_ale_is_ip_blocked(ca, cx, conf_ref, conf_flags, app_data))
|
if (fort_callout_ale_is_ip_blocked(ca, cx, app_data))
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
||||||
/* Check the conf for a blocked app */
|
/* Check the conf for a blocked app */
|
||||||
@ -291,15 +286,16 @@ inline static BOOL fort_callout_ale_check_filter_flags(PCFORT_CALLOUT_ARG ca,
|
|||||||
return TRUE; /* block all */
|
return TRUE; /* block all */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!conf_flags.filter_local_net
|
cx->is_local_net = !fort_conf_ip_is_inet(&conf_ref->conf,
|
||||||
&& !fort_conf_ip_is_inet(&conf_ref->conf,
|
(fort_conf_zones_ip_included_func *) &fort_conf_zones_ip_included, &fort_device()->conf,
|
||||||
(fort_conf_zones_ip_included_func *) &fort_conf_zones_ip_included,
|
cx->remote_ip, ca->isIPv6);
|
||||||
&fort_device()->conf, cx->remote_ip, ca->isIPv6)) {
|
|
||||||
|
if (!conf_flags.filter_local_net && cx->is_local_net) {
|
||||||
cx->blocked = FALSE;
|
cx->blocked = FALSE;
|
||||||
return TRUE; /* allow Local Network */
|
return TRUE; /* allow Local Network */
|
||||||
}
|
}
|
||||||
|
|
||||||
if (conf_flags.block_inet_traffic) {
|
if (conf_flags.block_inet_traffic && !cx->is_local_net) {
|
||||||
return TRUE; /* block Internet */
|
return TRUE; /* block Internet */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -41,6 +41,7 @@ typedef const FORT_CALLOUT_ARG *PCFORT_CALLOUT_ARG;
|
|||||||
typedef struct fort_callout_ale_extra
|
typedef struct fort_callout_ale_extra
|
||||||
{
|
{
|
||||||
UCHAR is_reauth : 1;
|
UCHAR is_reauth : 1;
|
||||||
|
UCHAR is_local_net : 1;
|
||||||
UCHAR app_data_found : 1;
|
UCHAR app_data_found : 1;
|
||||||
UCHAR inherited : 1;
|
UCHAR inherited : 1;
|
||||||
UCHAR drop_blocked : 1;
|
UCHAR drop_blocked : 1;
|
||||||
|
@ -16,6 +16,6 @@
|
|||||||
#define APP_UPDATES_URL "https://github.com/tnodir/fort/releases"
|
#define APP_UPDATES_URL "https://github.com/tnodir/fort/releases"
|
||||||
#define APP_UPDATES_API_URL "https://api.github.com/repos/tnodir/fort/releases/latest"
|
#define APP_UPDATES_API_URL "https://api.github.com/repos/tnodir/fort/releases/latest"
|
||||||
|
|
||||||
#define DRIVER_VERSION 35
|
#define DRIVER_VERSION 36
|
||||||
|
|
||||||
#endif // FORT_VERSION_H
|
#endif // FORT_VERSION_H
|
||||||
|
Loading…
Reference in New Issue
Block a user