aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--ui/firewall_rules.c32
1 files changed, 23 insertions, 9 deletions
diff --git a/ui/firewall_rules.c b/ui/firewall_rules.c
index d0745fa940..538622a947 100644
--- a/ui/firewall_rules.c
+++ b/ui/firewall_rules.c
@@ -44,14 +44,16 @@ static void sf_ipfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type
static void sf_ipfw_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
static void sf_netfilter_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
static void sf_pf_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
-static void sf_netsh_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
+static void sf_netsh_port_old(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
+static void sf_netsh_port_new(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
static void sf_ios_ext_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
static void sf_ipfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
static void sf_ipfw_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
static void sf_pf_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
-static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
+static void sf_netsh_ipv4_port_old(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
+static void sf_netsh_ipv4_port_new(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound, gboolean deny);
typedef struct _fw_product_t {
const char *name;
@@ -78,8 +80,10 @@ static fw_product products[] = {
sf_netfilter_ipv4_port, TRUE },
{ "Packet Filter (pf)", "$ext_if should be set to a valid interface.", "#",
NULL, sf_pf_ipv4, sf_pf_port, sf_pf_ipv4_port, TRUE },
- { "Windows Firewall (netsh)", "", "#",
- NULL, NULL, sf_netsh_port, sf_netsh_ipv4_port, FALSE }
+ { "Windows Firewall (netsh old syntax)", "", "#",
+ NULL, NULL, sf_netsh_port_old, sf_netsh_ipv4_port_old, FALSE },
+ { "Windows Firewall (netsh new syntax)", "", "#",
+ NULL, NULL, sf_netsh_port_new, sf_netsh_ipv4_port_new, FALSE }
};
#define NUM_PRODS (sizeof(products) / sizeof(fw_product))
@@ -223,10 +227,16 @@ static void sf_pf_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type p
PF_RULE(deny), PF_DIR(inbound), RT_TCP_UDP(ptype), port);
}
-#define NETSH_RULE(deny) ((deny) ? "DISABLE" : "ENABLE")
-static void sf_netsh_port(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
+#define NETSH_RULE_OLD(deny) ((deny) ? "DISABLE" : "ENABLE")
+static void sf_netsh_port_old(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s",
- RT_TCP_UDP(ptype), port, NETSH_RULE(deny));
+ RT_TCP_UDP(ptype), port, NETSH_RULE_OLD(deny));
+}
+
+#define NETSH_RULE_NEW(deny) ((deny) ? "block" : "allow")
+static void sf_netsh_port_new(GString *rtxt, gchar *addr _U_, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
+ g_string_append_printf(rtxt, "add rule name=\"Wireshark\" dir=in action=%s protocol=%s localport=%u",
+ NETSH_RULE_NEW(deny), RT_TCP_UDP(ptype), port);
}
/* IPv4 + port */
@@ -261,11 +271,15 @@ static void sf_netfilter_ipv4_port(GString *rtxt, gchar *addr, guint32 port, por
NF_DIR(inbound), RT_TCP_UDP(ptype), NF_ADDR_DIR(inbound), addr, NF_PORT_DIR(inbound), port, NF_RULE(deny));
}
-static void sf_netsh_ipv4_port(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
+static void sf_netsh_ipv4_port_old(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
g_string_append_printf(rtxt, "add portopening %s %u Wireshark %s %s",
- RT_TCP_UDP(ptype), port, NETSH_RULE(deny), addr);
+ RT_TCP_UDP(ptype), port, NETSH_RULE_OLD(deny), addr);
}
+static void sf_netsh_ipv4_port_new(GString *rtxt, gchar *addr, guint32 port, port_type ptype, gboolean inbound _U_, gboolean deny) {
+ g_string_append_printf(rtxt, "add rule name=\"Wireshark\" dir=in action=%s protocol=%s localport=%u remoteip=%s",
+ NETSH_RULE_NEW(deny), RT_TCP_UDP(ptype), port, addr);
+}
/*
* Editor modelines - https://www.wireshark.org/tools/modelines.html
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 15:39:27 +0000