mirror of
https://github.com/tnodir/fort
synced 2024-11-15 03:36:07 +00:00
Driver: "Stop Traffic" is effective, when "Filter Enabled" is turned on.
This commit is contained in:
parent
d792191549
commit
dc5384e333
13
README.md
13
README.md
@ -50,12 +50,13 @@ Filtered apps will be shown in the "Blocked" tab.
|
||||
|
||||
#### Filtering steps:
|
||||
1) If **address** is 127.* or 255.255.255.255 and "Filter Local Addresses" is turned off, then _**PERMIT**_
|
||||
2) If "Stop Traffic" is turned on, then _**BLOCK**_
|
||||
3) If "Filter Enabled" is turned off or **address** is not from "Internet Addresses", then _**PERMIT**_
|
||||
4) If "Stop Internet Traffic" is turned on, then _**BLOCK**_
|
||||
5) If **address** is not from "Allowed Internet Addresses", then _**BLOCK**_
|
||||
6) If **app path** is allowed, then _**PERMIT**_
|
||||
7) Log about blocked event and _**BLOCK**_
|
||||
2) If "Filter Enabled" is turned off, then _**PERMIT**_
|
||||
3) If "Stop Traffic" is turned on, then _**BLOCK**_
|
||||
4) If **address** is not from "Internet Addresses", then _**PERMIT**_
|
||||
5) If "Stop Internet Traffic" is turned on, then _**BLOCK**_
|
||||
6) If **address** is not from "Allowed Internet Addresses", then _**BLOCK**_
|
||||
7) If **app path** is allowed, then _**PERMIT**_
|
||||
8) Log about blocked event and _**BLOCK**_
|
||||
|
||||
## Code Quality Monitor
|
||||
|
||||
|
@ -109,44 +109,45 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
|
||||
const FORT_CONF_FLAGS conf_flags = conf_ref->conf.flags;
|
||||
|
||||
if (conf_flags.stop_traffic)
|
||||
goto block;
|
||||
|
||||
UCHAR block_reason = FORT_BLOCK_REASON_UNKNOWN;
|
||||
BOOL blocked = TRUE;
|
||||
|
||||
if (!conf_flags.filter_enabled) {
|
||||
if (conf_flags.log_stat && conf_flags.log_stat_no_filter) {
|
||||
blocked = FALSE;
|
||||
} else
|
||||
goto permit;
|
||||
}
|
||||
|
||||
if (!fort_conf_ip_is_inet(&conf_ref->conf,
|
||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included, &g_device->conf,
|
||||
remote_ip))
|
||||
goto permit;
|
||||
|
||||
if (blocked && conf_flags.stop_inet_traffic)
|
||||
goto block;
|
||||
|
||||
const UINT32 process_id = (UINT32) inMetaValues->processId;
|
||||
const UINT32 path_len =
|
||||
inMetaValues->processPath->size - sizeof(WCHAR); /* chop terminating zero */
|
||||
const PVOID path = inMetaValues->processPath->data;
|
||||
|
||||
if (blocked
|
||||
&& !fort_conf_ip_inet_included(&conf_ref->conf,
|
||||
UCHAR block_reason = FORT_BLOCK_REASON_UNKNOWN;
|
||||
BOOL blocked = TRUE;
|
||||
|
||||
if (conf_flags.filter_enabled) {
|
||||
if (conf_flags.stop_traffic)
|
||||
goto end;
|
||||
|
||||
if (!fort_conf_ip_is_inet(&conf_ref->conf,
|
||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
|
||||
&g_device->conf, remote_ip)) {
|
||||
block_reason = FORT_BLOCK_REASON_IP_INET;
|
||||
goto block_log;
|
||||
blocked = FALSE; /* permit (LAN) */
|
||||
goto end;
|
||||
}
|
||||
|
||||
if (conf_flags.stop_inet_traffic)
|
||||
goto end;
|
||||
|
||||
if (!fort_conf_ip_inet_included(&conf_ref->conf,
|
||||
(fort_conf_zones_ip_included_func *) fort_conf_zones_ip_included,
|
||||
&g_device->conf, remote_ip)) {
|
||||
block_reason = FORT_BLOCK_REASON_IP_INET;
|
||||
goto end;
|
||||
}
|
||||
} else {
|
||||
blocked = FALSE; /* permit (Filter Disabled) */
|
||||
if (!(conf_flags.log_stat && conf_flags.log_stat_no_filter))
|
||||
goto end;
|
||||
}
|
||||
|
||||
FORT_APP_FLAGS app_flags =
|
||||
fort_conf_app_find(&conf_ref->conf, path, path_len, fort_conf_exe_find);
|
||||
|
||||
if (!blocked || (app_flags.v == 0 && conf_flags.allow_all_new)
|
||||
if (!blocked /* collect traffic, when Filter Disabled */
|
||||
|| (app_flags.v == 0 && conf_flags.allow_all_new) /* collect new Blocked Programs */
|
||||
|| !fort_conf_app_blocked(&conf_ref->conf, app_flags, &block_reason)) {
|
||||
if (conf_flags.log_stat) {
|
||||
const UINT64 flow_id = inMetaValues->flowHandle;
|
||||
@ -167,7 +168,8 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
if (!NT_SUCCESS(status)) {
|
||||
if (status == FORT_STATUS_FLOW_BLOCK) {
|
||||
block_reason = FORT_BLOCK_REASON_REAUTH;
|
||||
goto block_log;
|
||||
blocked = TRUE;
|
||||
goto end;
|
||||
}
|
||||
|
||||
DbgPrintEx(DPFLTR_IHVNETWORK_ID, DPFLTR_ERROR_LEVEL,
|
||||
@ -178,7 +180,7 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
}
|
||||
}
|
||||
|
||||
blocked = FALSE;
|
||||
blocked = FALSE; /* permit */
|
||||
}
|
||||
|
||||
if (app_flags.v == 0 && (conf_flags.allow_all_new || conf_flags.log_blocked)
|
||||
@ -193,28 +195,28 @@ static void fort_callout_classify_v4(const FWPS_INCOMING_VALUES0 *inFixedValues,
|
||||
}
|
||||
}
|
||||
|
||||
if (!blocked)
|
||||
goto permit;
|
||||
end:
|
||||
if (blocked) {
|
||||
/* Log the blocked connection */
|
||||
if (block_reason != FORT_BLOCK_REASON_UNKNOWN && conf_flags.log_blocked_ip) {
|
||||
const UINT32 local_ip = inFixedValues->incomingValue[localIpField].value.uint32;
|
||||
const UINT16 local_port = inFixedValues->incomingValue[localPortField].value.uint16;
|
||||
const UINT16 remote_port = inFixedValues->incomingValue[remotePortField].value.uint16;
|
||||
const IPPROTO ip_proto =
|
||||
(IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
|
||||
|
||||
block_log:
|
||||
if (conf_flags.log_blocked_ip) {
|
||||
const UINT32 local_ip = inFixedValues->incomingValue[localIpField].value.uint32;
|
||||
const UINT16 local_port = inFixedValues->incomingValue[localPortField].value.uint16;
|
||||
const UINT16 remote_port = inFixedValues->incomingValue[remotePortField].value.uint16;
|
||||
const IPPROTO ip_proto = (IPPROTO) inFixedValues->incomingValue[ipProtoField].value.uint8;
|
||||
fort_buffer_blocked_ip_write(&g_device->buffer, inbound, block_reason, ip_proto,
|
||||
local_port, remote_port, local_ip, remote_ip, process_id, path_len, path, &irp,
|
||||
&info);
|
||||
}
|
||||
|
||||
fort_buffer_blocked_ip_write(&g_device->buffer, inbound, block_reason, ip_proto, local_port,
|
||||
remote_port, local_ip, remote_ip, process_id, path_len, path, &irp, &info);
|
||||
/* Block the connection */
|
||||
fort_callout_classify_block(classifyOut);
|
||||
} else {
|
||||
/* Allow the connection */
|
||||
fort_callout_classify_permit(filter, classifyOut);
|
||||
}
|
||||
|
||||
block:
|
||||
fort_callout_classify_block(classifyOut);
|
||||
goto end;
|
||||
|
||||
permit:
|
||||
fort_callout_classify_permit(filter, classifyOut);
|
||||
|
||||
end:
|
||||
fort_conf_ref_put(&g_device->conf, conf_ref);
|
||||
|
||||
if (irp != NULL) {
|
||||
|
Loading…
Reference in New Issue
Block a user