diff options
-rw-r--r-- | ui/firewall_rules.c | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/ui/firewall_rules.c b/ui/firewall_rules.c index d0745fa940..538622a947 100644 --- a/ui/firewall_rules.c +++ b/ui/firewall_rules.c @@ -44,14 +44,16 @@ static void sf_ipfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type static void sf_ipfw_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); static void sf_netfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); static void sf_pf_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); -static void sf_netsh_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); +static void sf_netsh_port_old(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); +static void sf_netsh_port_new(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); static void sf_ios_ext_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); static void sf_ipfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); static void sf_ipfw_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); static void sf_pf_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); -static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); +static void sf_netsh_ipv4_port_old(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); +static void sf_netsh_ipv4_port_new(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny); typedef struct _fw_product_t { const char *name; @@ -78,8 +80,10 @@ static fw_product products[] = { sf_netfilter_ipv4_port, TRUE }, { "Packet Filter (pf)", "$ext_if should be set to a valid interface.", "#", NULL, sf_pf_ipv4, sf_pf_port, sf_pf_ipv4_port, TRUE }, - { "Windows Firewall (netsh)", "", "#", - NULL, NULL, sf_netsh_port, sf_netsh_ipv4_port, FALSE } + { "Windows Firewall (netsh old syntax)", "", "#", + NULL, NULL, sf_netsh_port_old, sf_netsh_ipv4_port_old, FALSE }, + { "Windows Firewall (netsh new syntax)", "", "#", + NULL, NULL, sf_netsh_port_new, sf_netsh_ipv4_port_new, FALSE } }; #define NUM_PRODS (sizeof(products) / sizeof(fw_product)) @@ -223,10 +227,16 @@ static void sf_pf_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type p PF_RULE(deny), PF_DIR(inbound), RT_TCP_UDP(ptype), port); } -#define NETSH_RULE(deny) ((deny) ? "DISABLE" : "ENABLE") -static void sf_netsh_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) { +#define NETSH_RULE_OLD(deny) ((deny) ? "DISABLE" : "ENABLE") +static void sf_netsh_port_old(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) { g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s", - RT_TCP_UDP(ptype), port, NETSH_RULE(deny)); + RT_TCP_UDP(ptype), port, NETSH_RULE_OLD(deny)); +} + +#define NETSH_RULE_NEW(deny) ((deny) ? "block" : "allow") +static void sf_netsh_port_new(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) { + g_string_append_printf(rtxt, "add rule name=\"Wireshark\" dir=in action=%s protocol=%s localport=%u", + NETSH_RULE_NEW(deny), RT_TCP_UDP(ptype), port); } /* IPv4 + port */ @@ -261,11 +271,15 @@ static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, por NF_DIR(inbound), RT_TCP_UDP(ptype), NF_ADDR_DIR(inbound), addr, NF_PORT_DIR(inbound), port, NF_RULE(deny)); } -static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) { +static void sf_netsh_ipv4_port_old(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) { g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s %s", - RT_TCP_UDP(ptype), port, NETSH_RULE(deny), addr); + RT_TCP_UDP(ptype), port, NETSH_RULE_OLD(deny), addr); } +static void sf_netsh_ipv4_port_new(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) { + g_string_append_printf(rtxt, "add rule name=\"Wireshark\" dir=in action=%s protocol=%s localport=%u remoteip=%s", + NETSH_RULE_NEW(deny), RT_TCP_UDP(ptype), port, addr); +} /* * Editor modelines - https://www.wireshark.org/tools/modelines.html |