mirrors/fort
1
0
Fork 0
mirror of https://github.com/tnodir/fort synced 2024-11-15 07:15:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Driver: Filter local addresses when Fort is not running

Browse Source
This commit is contained in:
Nodir Temirkhodjaev 2023-03-18 19:58:54 +03:00
parent d8446d7e34
commit 80b5c9af09
18 changed files with 139 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/driver/common/fortconf.h
View File

@ -21,7 +21,7 @@
typedef struct fort_conf_flags
{
UINT32 prov_boot : 1;
UINT32 boot_filter : 1;
UINT32 filter_enabled : 1;
UINT32 filter_locals : 1;
UINT32 stop_traffic : 1;

3
src/driver/common/fortdef.h
View File

@ -25,8 +25,7 @@ enum FortBlockReason {
FORT_BLOCK_REASON_APP_GROUP_FOUND,
FORT_BLOCK_REASON_FILTER_MODE,
FORT_BLOCK_REASON_LAN_ONLY,
FORT_BLOCK_REASON_PROMPT_TIMEOUT,
FORT_BLOCK_REASON_PROMPT = 15 /* must be last! */
FORT_BLOCK_REASON_PENDING = 15 /* must be last! */
};
#endif // FORTDEF_H

27
src/driver/common/fortprov.c
View File

@ -151,16 +151,18 @@ FORT_API void fort_prov_flow_unregister(HANDLE transEngine)
fort_prov_trans_close_engine(transEngine, engine, /*status=*/0);
}
FORT_API BOOL fort_prov_is_boot(void)
FORT_API FORT_PROV_BOOT_CONF fort_prov_boot_conf(void)
{
HANDLE engine;
BOOL is_boot = FALSE;
FORT_PROV_BOOT_CONF boot_conf = { .v = 0 };
if (!fort_prov_open(&engine)) {
FWPM_PROVIDER0 *provider;
if (!FwpmProviderGetByKey0(engine, (GUID *) &FORT_GUID_PROVIDER, &provider)) {
is_boot = (provider->flags & FWPM_PROVIDER_FLAG_PERSISTENT);
if (provider->providerData.size == sizeof(FORT_PROV_BOOT_CONF)) {
RtlCopyMemory(&boot_conf, provider->providerData.data, sizeof(FORT_PROV_BOOT_CONF));
}
FwpmFreeMemory0((void **) &provider);
}
@ -168,7 +170,7 @@ FORT_API BOOL fort_prov_is_boot(void)
fort_prov_close(engine);
}
return is_boot;
return boot_conf;
}
inline static FWPM_CALLOUT0 fort_prov_init_callout(GUID key, PCWCH name, PCWCH descr, GUID layer)
@ -228,9 +230,10 @@ static DWORD fort_prov_register_callouts(HANDLE engine)
engine, callouts, /*count=*/sizeof(callouts) / sizeof(callouts[0]));
}
static DWORD fort_prov_register_filters(HANDLE engine, BOOL is_boot)
static DWORD fort_prov_register_filters(HANDLE engine, const FORT_PROV_BOOT_CONF boot_conf)
{
const UINT32 filter_flags = is_boot ? 0 : FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
const UINT32 filter_flags =
boot_conf.boot_filter ? 0 : FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED;
const FWPM_FILTER0 filters[] = {
/* ofilter4 */
@ -282,14 +285,16 @@ static DWORD fort_prov_register_filters(HANDLE engine, BOOL is_boot)
return fort_prov_add_filters(engine, filters, /*count=*/sizeof(filters) / sizeof(filters[0]));
}
static DWORD fort_prov_register_provider(HANDLE engine, BOOL is_boot)
static DWORD fort_prov_register_provider(HANDLE engine, const FORT_PROV_BOOT_CONF boot_conf)
{
FWPM_PROVIDER0 provider;
RtlZeroMemory(&provider, sizeof(FWPM_PROVIDER0));
provider.flags = is_boot ? FWPM_PROVIDER_FLAG_PERSISTENT : 0;
provider.flags = boot_conf.boot_filter ? FWPM_PROVIDER_FLAG_PERSISTENT : 0;
provider.providerKey = FORT_GUID_PROVIDER;
provider.displayData.name = (PWCHAR) L"FortProvider";
provider.displayData.description = (PWCHAR) L"Fort Firewall Provider";
provider.providerData.size = sizeof(FORT_PROV_BOOT_CONF);
provider.providerData.data = (PUINT8) &boot_conf;
provider.serviceName = (PWCHAR) L"fortfw";
FWPM_SUBLAYER0 sublayer;
@ -303,14 +308,14 @@ static DWORD fort_prov_register_provider(HANDLE engine, BOOL is_boot)
if ((status = FwpmProviderAdd0(engine, &provider, NULL))
|| (status = FwpmSubLayerAdd0(engine, &sublayer, NULL))
|| (status = fort_prov_register_callouts(engine))
|| (status = fort_prov_register_filters(engine, is_boot))) {
|| (status = fort_prov_register_filters(engine, boot_conf))) {
return status;
}
return 0;
}
FORT_API DWORD fort_prov_register(HANDLE transEngine, BOOL is_boot)
FORT_API DWORD fort_prov_register(HANDLE transEngine, const FORT_PROV_BOOT_CONF boot_conf)
{
HANDLE engine = transEngine;
DWORD status;
@ -319,7 +324,7 @@ FORT_API DWORD fort_prov_register(HANDLE transEngine, BOOL is_boot)
if (status)
return status;
status = fort_prov_register_provider(engine, is_boot);
status = fort_prov_register_provider(engine, boot_conf);
status = fort_prov_trans_close_engine(transEngine, engine, status);

17
src/driver/common/fortprov.h
View File

@ -3,6 +3,19 @@
#include "common.h"
typedef struct fort_prov_boot_conf
{
union {
UINT32 v;
struct
{
UINT32 boot_filter : 1;
UINT32 filter_locals : 1;
};
};
} FORT_PROV_BOOT_CONF, *PFORT_PROV_BOOT_CONF;
#define fort_prov_open(engine) FwpmEngineOpen0(NULL, RPC_C_AUTHN_WINNT, NULL, NULL, (engine))
#define fort_prov_close(engine) FwpmEngineClose0(engine)
#define fort_prov_trans_begin(engine) FwpmTransactionBegin0((engine), 0)
@ -19,9 +32,9 @@ FORT_API void fort_prov_unregister(HANDLE transEngine);
FORT_API void fort_prov_flow_unregister(HANDLE transEngine);
FORT_API BOOL fort_prov_is_boot(void);
FORT_API FORT_PROV_BOOT_CONF fort_prov_boot_conf(void);
FORT_API DWORD fort_prov_register(HANDLE transEngine, BOOL is_boot);
FORT_API DWORD fort_prov_register(HANDLE transEngine, const FORT_PROV_BOOT_CONF boot_conf);
FORT_API DWORD fort_prov_flow_register(HANDLE transEngine, BOOL filter_packets);

21
src/driver/fortcnf.c
View File

@ -318,8 +318,11 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_set(PFORT_DEVICE_CONF device_conf, PFORT_
if (old_conf_ref != NULL) {
old_conf_flags = old_conf_ref->conf.flags;
} else {
const UCHAR flags = fort_device_flag(device_conf, FORT_DEVICE_BOOT_MASK);
RtlZeroMemory(&old_conf_flags, sizeof(FORT_CONF_FLAGS));
old_conf_flags.prov_boot = fort_device_flag(device_conf, FORT_DEVICE_PROV_BOOT) != 0;
old_conf_flags.boot_filter = (flags & FORT_DEVICE_BOOT_FILTER) != 0;
old_conf_flags.filter_locals = (flags & FORT_DEVICE_BOOT_FILTER_LOCALS) != 0;
}
KLOCK_QUEUE_HANDLE lock_queue;
@ -333,10 +336,13 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_set(PFORT_DEVICE_CONF device_conf, PFORT_
PFORT_CONF conf = &conf_ref->conf;
conf_flags = conf->flags;
fort_device_flag_set(device_conf, FORT_DEVICE_PROV_BOOT, conf_flags.prov_boot);
fort_device_flag_set(device_conf, FORT_DEVICE_BOOT_FILTER, conf_flags.boot_filter);
fort_device_flag_set(
device_conf, FORT_DEVICE_BOOT_FILTER_LOCALS, conf_flags.filter_locals);
} else {
RtlZeroMemory((void *) &conf_flags, sizeof(FORT_CONF_FLAGS));
conf_flags.prov_boot = fort_device_flag(device_conf, FORT_DEVICE_PROV_BOOT) != 0;
conf_flags.boot_filter = old_conf_flags.boot_filter;
conf_flags.filter_locals = old_conf_flags.filter_locals;
}
device_conf->conf_flags = conf_flags;
@ -368,12 +374,17 @@ FORT_API FORT_CONF_FLAGS fort_conf_ref_flags_set(
fort_conf_app_perms_mask_init(conf, conf_flags->group_bits);
fort_device_flag_set(device_conf, FORT_DEVICE_PROV_BOOT, conf_flags->prov_boot);
fort_device_flag_set(device_conf, FORT_DEVICE_BOOT_FILTER, conf_flags->boot_filter);
fort_device_flag_set(
device_conf, FORT_DEVICE_BOOT_FILTER_LOCALS, conf_flags->filter_locals);
device_conf->conf_flags = *conf_flags;
} else {
const UCHAR flags = fort_device_flag(device_conf, FORT_DEVICE_BOOT_MASK);
RtlZeroMemory(&old_conf_flags, sizeof(FORT_CONF_FLAGS));
old_conf_flags.prov_boot = fort_device_flag(device_conf, FORT_DEVICE_PROV_BOOT) != 0;
old_conf_flags.boot_filter = (flags & FORT_DEVICE_BOOT_FILTER) != 0;
old_conf_flags.filter_locals = (flags & FORT_DEVICE_BOOT_FILTER_LOCALS) != 0;
device_conf->conf_flags = old_conf_flags;
}

12
src/driver/fortcnf.h
View File

@ -22,11 +22,13 @@ typedef struct fort_conf_ref
FORT_CONF conf;
} FORT_CONF_REF, *PFORT_CONF_REF;
#define FORT_DEVICE_PROV_BOOT 0x01
#define FORT_DEVICE_IS_OPENED 0x02
#define FORT_DEVICE_IS_VALIDATED 0x04
#define FORT_DEVICE_POWER_OFF 0x08
#define FORT_DEVICE_FILTER_PACKETS 0x10
#define FORT_DEVICE_BOOT_FILTER 0x01
#define FORT_DEVICE_BOOT_FILTER_LOCALS 0x02
#define FORT_DEVICE_BOOT_MASK (FORT_DEVICE_BOOT_FILTER | FORT_DEVICE_BOOT_FILTER_LOCALS)
#define FORT_DEVICE_IS_OPENED 0x04
#define FORT_DEVICE_IS_VALIDATED 0x08
#define FORT_DEVICE_POWER_OFF 0x10
#define FORT_DEVICE_FILTER_PACKETS 0x20
typedef struct fort_device_conf
{

48
src/driver/fortcout.c
View File

@ -72,8 +72,9 @@ inline static BOOL fort_callout_ale_associate_flow(const FORT_CALLOUT_ARG ca,
if (!NT_SUCCESS(status)) {
if (status == FORT_STATUS_FLOW_BLOCK) {
cx->blocked = TRUE; /* block (Reauth) */
cx->block_reason = FORT_BLOCK_REASON_REAUTH;
return TRUE; /* block (Reauth) */
return TRUE;
}
LOG("Classify v4: Flow assoc. error: %x\n", status);
@ -130,23 +131,27 @@ inline static void fort_callout_ale_log_blocked_ip(const FORT_CALLOUT_ARG ca,
cx->process_id, cx->real_path->Length, cx->real_path->Buffer, &cx->irp, &cx->info);
}
inline static BOOL fort_callout_ale_check_log(const FORT_CALLOUT_ARG ca,
inline static BOOL fort_callout_ale_check_blocked(const FORT_CALLOUT_ARG ca,
const FORT_CALLOUT_ALE_INDEX ci, PFORT_CALLOUT_ALE_EXTRA cx, PFORT_CONF_REF conf_ref,
FORT_CONF_FLAGS conf_flags, FORT_APP_FLAGS app_flags)
{
if (app_flags.v == 0 && conf_flags.ask_to_connect) {
cx->block_reason =
cx->is_reauth ? FORT_BLOCK_REASON_PROMPT_TIMEOUT : FORT_BLOCK_REASON_PROMPT;
cx->blocked = TRUE; /* blocked (prompt) */
#if 0
/* Skip self injected packet */
if (fort_shaper_injected_by_self(&fort_device()->shaper, ca))
return;
#endif
cx->drop_blocked = TRUE;
cx->blocked = TRUE; /* block (pending) */
cx->block_reason = FORT_BLOCK_REASON_PENDING;
return TRUE;
}
if (conf_flags.log_stat && fort_callout_ale_associate_flow(ca, ci, cx, conf_ref, app_flags)) {
cx->blocked = TRUE; /* blocked (error) */
return TRUE;
}
if (!conf_flags.log_stat)
return FALSE;
return FALSE;
return fort_callout_ale_associate_flow(ca, ci, cx, conf_ref, app_flags);
}
inline static void fort_callout_ale_log(const FORT_CALLOUT_ARG ca, const FORT_CALLOUT_ALE_INDEX ci,
@ -155,12 +160,12 @@ inline static void fort_callout_ale_log(const FORT_CALLOUT_ARG ca, const FORT_CA
const FORT_APP_FLAGS app_flags = fort_callout_ale_conf_app_flags(cx, conf_ref);
if (!cx->blocked /* collect traffic, when Filter Disabled */
/* collect new Blocked Programs or Prompt */
/* collect new Blocked Programs or Ask to Connect */
|| (app_flags.v == 0 && (conf_flags.allow_all_new || conf_flags.ask_to_connect))
/* check the conf for a blocked app */
|| !fort_conf_app_blocked(&conf_ref->conf, app_flags, &cx->block_reason)) {
if (fort_callout_ale_check_log(ca, ci, cx, conf_ref, conf_flags, app_flags))
if (fort_callout_ale_check_blocked(ca, ci, cx, conf_ref, conf_flags, app_flags))
return;
cx->blocked = FALSE; /* allow */
@ -192,8 +197,8 @@ inline static BOOL fort_callout_ale_check_filter_flags(const FORT_CALLOUT_ARG ca
if (!fort_conf_ip_inet_included(&conf_ref->conf,
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
&fort_device()->conf, cx->remote_ip, ca.isIPv6)) {
cx->block_reason = FORT_BLOCK_REASON_IP_INET;
cx->blocked = TRUE; /* block address */
cx->block_reason = FORT_BLOCK_REASON_IP_INET;
return TRUE;
}
@ -222,7 +227,7 @@ inline static void fort_callout_ale_classify_blocked(const FORT_CALLOUT_ARG ca,
/* Log the blocked connection */
fort_callout_ale_log_blocked_ip(ca, ci, cx, conf_ref, conf_flags);
if (cx->block_reason == FORT_BLOCK_REASON_PROMPT) {
if (cx->drop_blocked) {
/* Drop the connection */
fort_callout_classify_drop(ca.classifyOut);
} else {
@ -290,7 +295,7 @@ inline static void fort_callout_ale_by_conf(const FORT_CALLOUT_ARG ca,
PFORT_CONF_REF conf_ref = fort_conf_ref_take(device_conf);
if (conf_ref == NULL) {
if (fort_device_flag(device_conf, FORT_DEVICE_PROV_BOOT) != 0) {
if (fort_device_flag(device_conf, FORT_DEVICE_BOOT_FILTER) != 0) {
fort_callout_classify_block(ca.classifyOut);
} else {
fort_callout_classify_continue(ca.classifyOut);
@ -324,7 +329,7 @@ static void fort_callout_ale_classify(FORT_CALLOUT_ARG ca, const FORT_CALLOUT_AL
PFORT_DEVICE_CONF device_conf = &fort_device()->conf;
if (!device_conf->conf_flags.filter_locals
if (fort_device_flag(device_conf, FORT_DEVICE_BOOT_FILTER_LOCALS) == 0
&& ((classify_flags & FWP_CONDITION_FLAG_IS_LOOPBACK) != 0
|| fort_addr_is_local_broadcast(remote_ip, ca.isIPv6))) {
fort_callout_classify_permit(ca.filter, ca.classifyOut);
@ -821,10 +826,17 @@ static NTSTATUS fort_callout_force_reauth_prov(
/* Check provider filters */
BOOL prov_recreated = FALSE;
if (old_conf_flags.prov_boot != conf_flags.prov_boot) {
if (old_conf_flags.boot_filter != conf_flags.boot_filter
|| old_conf_flags.filter_locals != conf_flags.filter_locals) {
const FORT_PROV_BOOT_CONF boot_conf = {
.boot_filter = conf_flags.boot_filter,
.filter_locals = conf_flags.filter_locals,
};
fort_prov_unregister(engine);
status = fort_prov_register(engine, conf_flags.prov_boot);
status = fort_prov_register(engine, boot_conf);
if (status)
return status;

1
src/driver/fortcoutarg.h
View File

@ -36,6 +36,7 @@ typedef struct fort_callout_ale_extra
UCHAR is_reauth : 1;
UCHAR app_flags_found : 1;
UCHAR inherited : 1;
UCHAR drop_blocked : 1;
UCHAR blocked : 1;
INT8 block_reason;

17
src/driver/fortdev.c
View File

@ -330,7 +330,11 @@ FORT_API NTSTATUS fort_device_load(PDEVICE_OBJECT device)
/* Unregister old filters provider */
{
fort_device_flag_set(&fort_device()->conf, FORT_DEVICE_PROV_BOOT, fort_prov_is_boot());
const FORT_PROV_BOOT_CONF boot_conf = fort_prov_boot_conf();
fort_device_flag_set(&fort_device()->conf, FORT_DEVICE_BOOT_FILTER, boot_conf.boot_filter);
fort_device_flag_set(
&fort_device()->conf, FORT_DEVICE_BOOT_FILTER_LOCALS, boot_conf.filter_locals);
fort_prov_unregister(NULL);
}
@ -345,9 +349,14 @@ FORT_API NTSTATUS fort_device_load(PDEVICE_OBJECT device)
/* Register filters provider */
if (NT_SUCCESS(status)) {
const BOOL prov_boot = fort_device_flag(&fort_device()->conf, FORT_DEVICE_PROV_BOOT) != 0;
const UCHAR flags = fort_device_flag(&fort_device()->conf, FORT_DEVICE_BOOT_MASK);
status = fort_prov_register(0, prov_boot);
const FORT_PROV_BOOT_CONF boot_conf = {
.boot_filter = (flags & FORT_DEVICE_BOOT_FILTER) != 0,
.filter_locals = (flags & FORT_DEVICE_BOOT_FILTER_LOCALS) != 0,
};
status = fort_prov_register(0, boot_conf);
}
/* Register power state change callback */
@ -398,7 +407,7 @@ FORT_API void fort_device_unload()
fort_callout_remove();
/* Unregister filters provider */
if (fort_device_flag(&fort_device()->conf, FORT_DEVICE_PROV_BOOT) == 0) {
if (fort_device_flag(&fort_device()->conf, FORT_DEVICE_BOOT_FILTER) == 0) {
fort_prov_unregister(NULL);
}

10
src/driver/fortpkt.c
View File

@ -893,6 +893,13 @@ inline static NTSTATUS fort_shaper_packet_queue(
return STATUS_SUCCESS;
}
FORT_API BOOL fort_shaper_injected_by_self(PFORT_SHAPER shaper, const FORT_CALLOUT_ARG ca)
{
const HANDLE injection_id = fort_shaper_injection_id(shaper, ca.isIPv6, ca.inbound);
return fort_packet_injected_by_self(injection_id, ca.netBufList);
}
FORT_API BOOL fort_shaper_packet_process(PFORT_SHAPER shaper, FORT_CALLOUT_ARG ca)
{
PFORT_FLOW flow = (PFORT_FLOW) ca.flowContext;
@ -905,10 +912,9 @@ FORT_API BOOL fort_shaper_packet_process(PFORT_SHAPER shaper, FORT_CALLOUT_ARG c
return FALSE;
ca.isIPv6 = (flow_flags & FORT_FLOW_IP6) != 0;
const HANDLE injection_id = fort_shaper_injection_id(shaper, ca.isIPv6, ca.inbound);
/* Skip self injected packet */
if (fort_packet_injected_by_self(injection_id, ca.netBufList))
if (fort_shaper_injected_by_self(shaper, ca))
return FALSE;
const NTSTATUS status = fort_shaper_packet_queue(&fort_device()->shaper, ca, flow);

2
src/driver/fortpkt.h
View File

@ -113,6 +113,8 @@ FORT_API void fort_shaper_conf_update(PFORT_SHAPER shaper, const PFORT_CONF_IO c
FORT_API void fort_shaper_conf_flags_update(PFORT_SHAPER shaper, const PFORT_CONF_FLAGS conf_flags);
FORT_API BOOL fort_shaper_injected_by_self(PFORT_SHAPER shaper, const FORT_CALLOUT_ARG ca);
FORT_API BOOL fort_shaper_packet_process(PFORT_SHAPER shaper, FORT_CALLOUT_ARG ca);
FORT_API void fort_shaper_drop_flow_packets(PFORT_SHAPER shaper, UINT64 flowContext);

2
src/tests/LogReaderTest/tst_logreader.h
View File

@ -52,7 +52,7 @@ void setConf(Device &device)
EnvManager envManager;
FirewallConf conf;
conf.setProvBoot(true);
conf.setBootFilter(true);
conf.setLogBlockedIp(true);
// Address Groups

12
src/ui/conf/firewallconf.cpp
View File

@ -9,7 +9,7 @@
FirewallConf::FirewallConf(Settings *settings, QObject *parent) :
QObject(parent),
m_editedFlags(AllEdited), // update all on load()!
m_provBoot(false),
m_bootFilter(false),
m_filterEnabled(true),
m_filterLocals(false),
m_stopTraffic(false),
@ -34,9 +34,9 @@ void FirewallConf::resetEdited(bool v)
m_editedFlags = v ? AllEdited : NoneEdited;
}
void FirewallConf::setProvBoot(bool provBoot)
void FirewallConf::setBootFilter(bool bootFilter)
{
m_provBoot = provBoot;
m_bootFilter = bootFilter;
}
void FirewallConf::setFilterEnabled(bool filterEnabled)
@ -315,7 +315,7 @@ void FirewallConf::copyFlags(const FirewallConf &o)
{
m_editedFlags = o.editedFlags();
m_provBoot = o.provBoot();
m_bootFilter = o.bootFilter();
m_filterEnabled = o.filterEnabled();
m_filterLocals = o.filterLocals();
m_stopTraffic = o.stopTraffic();
@ -362,7 +362,7 @@ QVariant FirewallConf::flagsToVariant() const
{
QVariantMap map;
map["provBoot"] = provBoot();
map["bootFilter"] = bootFilter();
map["filterEnabled"] = filterEnabled();
map["filterLocals"] = filterLocals();
map["stopTraffic"] = stopTraffic();
@ -393,7 +393,7 @@ void FirewallConf::flagsFromVariant(const QVariant &v)
{
const QVariantMap map = v.toMap();
m_provBoot = map["provBoot"].toBool();
m_bootFilter = map["bootFilter"].toBool();
m_filterEnabled = map["filterEnabled"].toBool();
m_filterLocals = map["filterLocals"].toBool();
m_stopTraffic = map["stopTraffic"].toBool();

6
src/ui/conf/firewallconf.h
View File

@ -43,8 +43,8 @@ public:
bool anyEdited() const { return m_editedFlags != NoneEdited; }
void resetEdited(bool v = false);
bool provBoot() const { return m_provBoot; }
void setProvBoot(bool provBoot);
bool bootFilter() const { return m_bootFilter; }
void setBootFilter(bool bootFilter);
bool filterEnabled() const { return m_filterEnabled; }
void setFilterEnabled(bool filterEnabled);
@ -170,7 +170,7 @@ private:
private:
uint m_editedFlags : 8;
uint m_provBoot : 1;
uint m_bootFilter : 1;
uint m_filterEnabled : 1;
uint m_filterLocals : 1;
uint m_stopTraffic : 1;

8
src/ui/form/opt/pages/optionspage.cpp
View File

@ -180,7 +180,7 @@ void OptionsPage::onRetranslateUi()
m_labelLanguage->setText(tr("Language:"));
m_cbProvBoot->setText(tr("Stop traffic when Fort Firewall is not running"));
m_cbBootFilter->setText(tr("Stop traffic when Fort Firewall is not running"));
m_cbNoServiceControl->setText(tr("Disable Service controls"));
m_cbCheckPasswordOnUninstall->setText(tr("Check password on Uninstall"));
@ -517,8 +517,8 @@ void OptionsPage::setupComboLanguage()
void OptionsPage::setupProtectionBox()
{
m_cbProvBoot = ControlUtil::createCheckBox(conf()->provBoot(), [&](bool checked) {
conf()->setProvBoot(checked);
m_cbBootFilter = ControlUtil::createCheckBox(conf()->bootFilter(), [&](bool checked) {
conf()->setBootFilter(checked);
ctrl()->setFlagsEdited();
});
@ -541,7 +541,7 @@ void OptionsPage::setupProtectionBox()
setupPasswordLock();
auto layout = new QVBoxLayout();
layout->addWidget(m_cbProvBoot);
layout->addWidget(m_cbBootFilter);
layout->addWidget(m_cbNoServiceControl);
layout->addWidget(m_cbCheckPasswordOnUninstall);
layout->addLayout(passwordLayout);

2
src/ui/form/opt/pages/optionspage.h
View File

@ -89,7 +89,7 @@ private:
QCheckBox *m_cbHotKeys = nullptr;
QLabel *m_labelLanguage = nullptr;
QComboBox *m_comboLanguage = nullptr;
QCheckBox *m_cbProvBoot = nullptr;
QCheckBox *m_cbBootFilter = nullptr;
QCheckBox *m_cbNoServiceControl = nullptr;
QCheckBox *m_cbCheckPasswordOnUninstall = nullptr;
QCheckBox *m_cbPassword = nullptr;

16
src/ui/fortsettings.cpp
View File

@ -306,12 +306,12 @@ QString FortSettings::defaultProfilePath(bool isService)
void FortSettings::readConfIni(FirewallConf &conf) const
{
ini()->beginGroup("confFlags");
conf.setProvBoot(iniBool("provBoot"));
conf.setBootFilter(iniBool("bootFilter"));
conf.setFilterEnabled(iniBool("filterEnabled", true));
conf.setFilterLocals(iniBool("filterLocals"));
conf.setStopTraffic(iniBool("stopTraffic"));
conf.setStopInetTraffic(iniBool("stopInetTraffic"));
conf.setAskToConnect(iniBool("askToConnect"));
conf.setAskToConnect(iniBool("askToConnect", true));
conf.setAllowAllNew(iniBool("allowAllNew", true));
conf.setLogBlocked(iniBool("logBlocked", true));
conf.setLogStat(iniBool("logStat", true));
@ -336,7 +336,7 @@ void FortSettings::writeConfIni(const FirewallConf &conf)
if (conf.flagsEdited()) {
ini()->beginGroup("confFlags");
setIniValue("provBoot", conf.provBoot());
setIniValue("bootFilter", conf.bootFilter());
setIniValue("filterEnabled", conf.filterEnabled());
setIniValue("filterLocals", conf.filterLocals());
setIniValue("stopTraffic", conf.stopTraffic());
@ -396,6 +396,11 @@ void FortSettings::migrateIniOnStartup()
StartupUtil::setExplorerIntegrated(true);
}
}
// COMPAT: v3.8.1
if (version < 0x030801) {
setCacheValue("confFlags/bootFilter", ini()->value("confFlags/provBoot"));
}
}
void FortSettings::migrateIniOnWrite()
@ -419,6 +424,11 @@ void FortSettings::migrateIniOnWrite()
removeIniKey("zoneWindow");
removeIniKey("connWindow");
}
// COMPAT: v3.8.1
if (version < 0x030801) {
ini()->setValue("confFlags/bootFilter", cacheValue("confFlags/bootFilter"));
}
}
bool FortSettings::wasMigrated() const

2
src/ui/util/conf/confutil.cpp
View File

@ -25,7 +25,7 @@ namespace {
void writeConfFlags(const FirewallConf &conf, PFORT_CONF_FLAGS confFlags)
{
confFlags->prov_boot = conf.provBoot();
confFlags->boot_filter = conf.bootFilter();
confFlags->filter_enabled = conf.filterEnabled();
confFlags->filter_locals = conf.filterLocals();
confFlags->stop_traffic = conf.stopTraffic();