diff --git a/IPBanCore/Core/IPBan/IPBanConfig.cs b/IPBanCore/Core/IPBan/IPBanConfig.cs index 5a383a26..ac7021f8 100644 --- a/IPBanCore/Core/IPBan/IPBanConfig.cs +++ b/IPBanCore/Core/IPBan/IPBanConfig.cs @@ -316,7 +316,12 @@ private bool IsMatch(string entry, System.Net.IPAddress entryIPAddress, HashSet< return false; } - private void PopulateList(HashSet set, HashSet ranges, HashSet others, ref Regex regex, string setValue, string regexValue) + private void PopulateList(HashSet set, + HashSet ranges, + HashSet others, + ref Regex regex, + string setValue, + string regexValue) { setValue = (setValue ?? string.Empty).Trim(); regexValue = (regexValue ?? string.Empty).Replace("*", @"[0-9A-Fa-f:]+?").Trim(); @@ -841,9 +846,12 @@ public static string ChangeConfigAppSetting(string config, string key, string ne public bool ClearFailedLoginsOnSuccessfulLogin { get { return clearFailedLoginsOnSuccessfulLogin; } } /// - /// Black list of ips as a comma separated string + /// Get all ip address ranges in the blacklist /// - public string BlackList { get { return string.Join(",", blackList); } } + public IReadOnlyCollection BlackList + { + get { return blackList.Select(b => new IPAddressRange(b)).Union(blackListRanges).ToArray(); } + } /// /// Black list regex @@ -851,9 +859,12 @@ public static string ChangeConfigAppSetting(string config, string key, string ne public string BlackListRegex { get { return (blackListRegex is null ? string.Empty : blackListRegex.ToString()); } } /// - /// White list of ips as a comma separated string + /// Get all ip address ranges in the whitelist /// - public string Whitelist { get { return string.Join(",", whitelist); } } + public IReadOnlyCollection Whitelist + { + get { return whitelist.Select(b => new IPAddressRange(b)).Union(whitelistRanges).ToArray(); } + } /// /// White list regex diff --git a/IPBanCore/Core/IPBan/IPBanService_Private.cs b/IPBanCore/Core/IPBan/IPBanService_Private.cs index 2d63f7dd..46418d06 100644 --- a/IPBanCore/Core/IPBan/IPBanService_Private.cs +++ b/IPBanCore/Core/IPBan/IPBanService_Private.cs @@ -536,7 +536,11 @@ private void LoadFirewall(IPBanConfig oldConfig) } } - // add/update new rules + // add/update global rules + Firewall.AllowIPAddresses("GlobalWhitelist", Config.Whitelist); + Firewall.BlockIPAddresses("GlobalBlacklist", Config.BlackList); + + // add/update user specified rules foreach (IPBanFirewallRule rule in Config.ExtraRules) { if (rule.Block) diff --git a/IPBanCore/Core/Utility/IPAddressRange.cs b/IPBanCore/Core/Utility/IPAddressRange.cs index 788f7ec7..5c85c999 100644 --- a/IPBanCore/Core/Utility/IPAddressRange.cs +++ b/IPBanCore/Core/Utility/IPAddressRange.cs @@ -495,6 +495,15 @@ public static implicit operator IPAddressRange(string s) return (string.IsNullOrWhiteSpace(s) ? null : IPAddressRange.Parse(s)); } + /// + /// Convert ip address range to string implicit + /// + /// Ip address + public static implicit operator IPAddressRange(IPAddress ip) + { + return (ip is null ? null : new IPAddressRange(ip)); + } + /// /// Takes a subnetmask (eg, "255.255.254.0") and returns the CIDR bit length of that /// address. Throws an exception if the passed address is not valid as a subnet mask. diff --git a/IPBanCore/DigitalRuby.IPBan.dll.config b/IPBanCore/DigitalRuby.IPBan.dll.config index 2f4d3033..a821dc7c 100644 --- a/IPBanCore/DigitalRuby.IPBan.dll.config +++ b/IPBanCore/DigitalRuby.IPBan.dll.config @@ -726,9 +726,7 @@ - + diff --git a/IPBanTests/IPBanConfigTests.cs b/IPBanTests/IPBanConfigTests.cs index 2b569b54..e366c25f 100644 --- a/IPBanTests/IPBanConfigTests.cs +++ b/IPBanTests/IPBanConfigTests.cs @@ -235,7 +235,7 @@ public void TestListComments() "", DefaultDnsLookup.Instance); - Assert.AreEqual(config.Whitelist, "99.99.99.99,88.88.88.88"); + Assert.AreEqual(string.Join(",", config.Whitelist.OrderBy(i => i)), "88.88.88.88,99.99.99.99"); Assert.IsTrue(config.IsWhitelisted("99.99.99.99")); Assert.IsTrue(config.IsWhitelisted("88.88.88.88")); Assert.IsFalse(config.IsWhitelisted("77.77.77.77"));