Name GUIDs and filters consistently

author: Odd Stranne <odd@mullvad.net> 2019-05-17 21:47:18 +0200
committer: Odd Stranne <odd@mullvad.net> 2019-05-27 10:30:55 +0200
commit: 88ea2269971f1eb482c338c8891432ecb691ab19 (patch)
tree: 267b0e980e1018416abc55aad40808bdb455b2c9
parent: 3f5517db761a40dc375eca7fadea8e6b15c03198 (diff)
download: mullvadvpn-88ea2269971f1eb482c338c8891432ecb691ab19.tar.xz
mullvadvpn-88ea2269971f1eb482c338c8891432ecb691ab19.zip
11 files changed, 110 insertions, 106 deletions
diff --git a/windows/winfw/src/winfw/mullvadguids.cpp b/windows/winfw/src/winfw/mullvadguids.cpp
index 29e38a3b49..010d41e44a 100644
--- a/windows/winfw/src/winfw/mullvadguids.cpp
+++ b/windows/winfw/src/winfw/mullvadguids.cpp
@@ -28,8 +28,8 @@ DetailedWfpObjectRegistry MullvadGuids::BuildDetailedRegistry()
 	registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerWhitelist()));
 	registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerBlacklist()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Outbound_Ipv4()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Outbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Inbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Outbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Inbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Outbound_Ipv4()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Outbound_Multicast_Ipv4()));
@@ -38,21 +38,21 @@ DetailedWfpObjectRegistry MullvadGuids::BuildDetailedRegistry()
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_Inbound_Ipv4()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_Inbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Outbound_Ipv4()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Outbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Inbound_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Outbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Inbound_Ipv6()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV4_Outbound_Request()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV6_Outbound_Request()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV4_Inbound_Response()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV6_Inbound_Response()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV4Server_Inbound_Request()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpV4Server_Outbound_Response()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Outbound_Request_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Inbound_Response_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Outbound_Request_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Inbound_Response_Ipv6()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpServer_Inbound_Request_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpServer_Outbound_Response_Ipv4()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnRelay()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv4()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv4()));
-	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv4()));
+	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv6()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv4()));
 	registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv6()));
@@ -134,28 +134,28 @@ const GUID &MullvadGuids::FilterBlockAll_Outbound_Ipv4()
 }
 
 //static
-const GUID &MullvadGuids::FilterBlockAll_Outbound_Ipv6()
+const GUID &MullvadGuids::FilterBlockAll_Inbound_Ipv4()
 {
 	static const GUID g =
 	{
-		0x8ae5c389,
-		0xd604,
-		0x43df,
-		{ 0x87, 0x4a, 0x5c, 0x86, 0x76, 0xc9, 0xc2, 0xb8 }
+		0x86d07155,
+		0x885f,
+		0x409a,
+		{ 0x8f, 0x22, 0x1, 0x9f, 0x87, 0x7a, 0xe4, 0x9 }
 	};
 
 	return g;
 }
 
 //static
-const GUID &MullvadGuids::FilterBlockAll_Inbound_Ipv4()
+const GUID &MullvadGuids::FilterBlockAll_Outbound_Ipv6()
 {
 	static const GUID g =
 	{
-		0x86d07155,
-		0x885f,
-		0x409a,
-		{ 0x8f, 0x22, 0x1, 0x9f, 0x87, 0x7a, 0xe4, 0x9 }
+		0x8ae5c389,
+		0xd604,
+		0x43df,
+		{ 0x87, 0x4a, 0x5c, 0x86, 0x76, 0xc9, 0xc2, 0xb8 }
 	};
 
 	return g;
@@ -275,28 +275,28 @@ const GUID &MullvadGuids::FilterPermitLoopback_Outbound_Ipv4()
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitLoopback_Outbound_Ipv6()
+const GUID &MullvadGuids::FilterPermitLoopback_Inbound_Ipv4()
 {
 	static const GUID g =
 	{
-		0x764d4944,
-		0x8a1e,
-		0x4d96,
-		{ 0xbf, 0xf0, 0x8d, 0xa6, 0x4f, 0x31, 0x44, 0xa2 }
+		0xb8efb500,
+		0xc51,
+		0x4550,
+		{ 0xbf, 0x5c, 0x48, 0x54, 0xa6, 0xc8, 0x48, 0xb9 }
 	};
 
 	return g;
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitLoopback_Inbound_Ipv4()
+const GUID &MullvadGuids::FilterPermitLoopback_Outbound_Ipv6()
 {
 	static const GUID g =
 	{
-		0xb8efb500,
-		0xc51,
-		0x4550,
-		{ 0xbf, 0x5c, 0x48, 0x54, 0xa6, 0xc8, 0x48, 0xb9 }
+		0x764d4944,
+		0x8a1e,
+		0x4d96,
+		{ 0xbf, 0xf0, 0x8d, 0xa6, 0x4f, 0x31, 0x44, 0xa2 }
 	};
 
 	return g;
@@ -317,7 +317,7 @@ const GUID &MullvadGuids::FilterPermitLoopback_Inbound_Ipv6()
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitDhcpV4_Outbound_Request()
+const GUID &MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv4()
 {
 	static const GUID g =
 	{
@@ -331,35 +331,35 @@ const GUID &MullvadGuids::FilterPermitDhcpV4_Outbound_Request()
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitDhcpV6_Outbound_Request()
+const GUID &MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv4()
 {
 	static const GUID g =
 	{
-		0x67bd69b0,
-		0x522d,
-		0x4631,
-		{ 0x9a, 0x8f, 0x1c, 0xee, 0xdf, 0x64, 0xb7, 0x2b }
+		0x2db298d7,
+		0x4108,
+		0x47ff,
+		{ 0x85, 0x99, 0xaf, 0xa5, 0xcb, 0x95, 0x9c, 0x25 }
 	};
 
 	return g;
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitDhcpV4_Inbound_Response()
+const GUID &MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv6()
 {
 	static const GUID g =
 	{
-		0x2db298d7,
-		0x4108,
-		0x47ff,
-		{ 0x85, 0x99, 0xaf, 0xa5, 0xcb, 0x95, 0x9c, 0x25 }
+		0x67bd69b0,
+		0x522d,
+		0x4631,
+		{ 0x9a, 0x8f, 0x1c, 0xee, 0xdf, 0x64, 0xb7, 0x2b }
 	};
 
 	return g;
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitDhcpV6_Inbound_Response()
+const GUID &MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv6()
 {
 	static const GUID g =
 	{
@@ -373,7 +373,7 @@ const GUID &MullvadGuids::FilterPermitDhcpV6_Inbound_Response()
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitDhcpV4Server_Inbound_Request()
+const GUID &MullvadGuids::FilterPermitDhcpServer_Inbound_Request_Ipv4()
 {
 	static const GUID g =
 	{
@@ -387,7 +387,7 @@ const GUID &MullvadGuids::FilterPermitDhcpV4Server_Inbound_Request()
 }
 
 //static
-const GUID &MullvadGuids::FilterPermitDhcpV4Server_Outbound_Response()
+const GUID &MullvadGuids::FilterPermitDhcpServer_Outbound_Response_Ipv4()
 {
 	static const GUID g =
 	{
@@ -457,28 +457,28 @@ const GUID &MullvadGuids::FilterRestrictDns_Outbound_Ipv4()
 }
 
 //static
-const GUID &MullvadGuids::FilterRestrictDns_Outbound_Ipv6()
+const GUID &MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv4()
 {
 	static const GUID g =
 	{
-		0xcde477eb,
-		0x2d8a,
-		0x45b8,
-		{ 0x9a, 0x3e, 0x9a, 0xa3, 0xbe, 0x4d, 0xe2, 0xb4 }
+		0x790445dc,
+		0xb23e,
+		0x4ab4,
+		{ 0x8e, 0x2f, 0xc7, 0x6, 0x55, 0x5f, 0x94, 0xff }
 	};
 
 	return g;
 }
 
 //static
-const GUID &MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv4()
+const GUID &MullvadGuids::FilterRestrictDns_Outbound_Ipv6()
 {
 	static const GUID g =
 	{
-		0x790445dc,
-		0xb23e,
-		0x4ab4,
-		{ 0x8e, 0x2f, 0xc7, 0x6, 0x55, 0x5f, 0x94, 0xff }
+		0xcde477eb,
+		0x2d8a,
+		0x45b8,
+		{ 0x9a, 0x3e, 0x9a, 0xa3, 0xbe, 0x4d, 0xe2, 0xb4 }
 	};
 
 	return g;
diff --git a/windows/winfw/src/winfw/mullvadguids.h b/windows/winfw/src/winfw/mullvadguids.h
index c2a8c8537e..d4fb470d90 100644
--- a/windows/winfw/src/winfw/mullvadguids.h
+++ b/windows/winfw/src/winfw/mullvadguids.h
@@ -26,8 +26,8 @@ public:
 	static const GUID &SublayerBlacklist();
 
 	static const GUID &FilterBlockAll_Outbound_Ipv4();
-	static const GUID &FilterBlockAll_Outbound_Ipv6();
 	static const GUID &FilterBlockAll_Inbound_Ipv4();
+	static const GUID &FilterBlockAll_Outbound_Ipv6();
 	static const GUID &FilterBlockAll_Inbound_Ipv6();
 
 	static const GUID &FilterPermitLan_Outbound_Ipv4();
@@ -39,17 +39,17 @@ public:
 	static const GUID &FilterPermitLanService_Inbound_Ipv6();
 
 	static const GUID &FilterPermitLoopback_Outbound_Ipv4();
-	static const GUID &FilterPermitLoopback_Outbound_Ipv6();
 	static const GUID &FilterPermitLoopback_Inbound_Ipv4();
+	static const GUID &FilterPermitLoopback_Outbound_Ipv6();
 	static const GUID &FilterPermitLoopback_Inbound_Ipv6();
 
-	static const GUID &FilterPermitDhcpV4_Outbound_Request();
-	static const GUID &FilterPermitDhcpV6_Outbound_Request();
-	static const GUID &FilterPermitDhcpV4_Inbound_Response();
-	static const GUID &FilterPermitDhcpV6_Inbound_Response();
+	static const GUID &FilterPermitDhcp_Outbound_Request_Ipv4();
+	static const GUID &FilterPermitDhcp_Inbound_Response_Ipv4();
+	static const GUID &FilterPermitDhcp_Outbound_Request_Ipv6();
+	static const GUID &FilterPermitDhcp_Inbound_Response_Ipv6();
 
-	static const GUID &FilterPermitDhcpV4Server_Inbound_Request();
-	static const GUID &FilterPermitDhcpV4Server_Outbound_Response();
+	static const GUID &FilterPermitDhcpServer_Inbound_Request_Ipv4();
+	static const GUID &FilterPermitDhcpServer_Outbound_Response_Ipv4();
 
 	static const GUID &FilterPermitVpnRelay();
 
@@ -57,8 +57,8 @@ public:
 	static const GUID &FilterPermitVpnTunnel_Outbound_Ipv6();
 
 	static const GUID &FilterRestrictDns_Outbound_Ipv4();
-	static const GUID &FilterRestrictDns_Outbound_Ipv6();
 	static const GUID &FilterRestrictDns_Outbound_Tunnel_Ipv4();
+	static const GUID &FilterRestrictDns_Outbound_Ipv6();
 	static const GUID &FilterRestrictDns_Outbound_Tunnel_Ipv6();
 
 	static const GUID &FilterPermitVpnTunnelService_Ipv4();
diff --git a/windows/winfw/src/winfw/rules/blockall.cpp b/windows/winfw/src/winfw/rules/blockall.cpp
index 54f35e5f1d..7695ece765 100644
--- a/windows/winfw/src/winfw/rules/blockall.cpp
+++ b/windows/winfw/src/winfw/rules/blockall.cpp
@@ -17,7 +17,7 @@ bool BlockAll::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterBlockAll_Outbound_Ipv4())
-		.name(L"Block all outbound connections")
+		.name(L"Block all outbound connections (IPv4)")
 		.description(L"This filter is part of a rule that restricts inbound and outbound traffic")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4)
@@ -38,7 +38,7 @@ bool BlockAll::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterBlockAll_Inbound_Ipv4())
-		.name(L"Block all inbound connections")
+		.name(L"Block all inbound connections (IPv4)")
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4);
 
 	if (false == objectInstaller.addFilter(filterBuilder, nullConditionBuilder))
@@ -52,6 +52,7 @@ bool BlockAll::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterBlockAll_Outbound_Ipv6())
+		.name(L"Block all outbound connections (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 	if (false == objectInstaller.addFilter(filterBuilder, nullConditionBuilder))
@@ -65,6 +66,7 @@ bool BlockAll::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterBlockAll_Inbound_Ipv6())
+		.name(L"Block all inbound connections (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
 
 	return objectInstaller.addFilter(filterBuilder, nullConditionBuilder);
diff --git a/windows/winfw/src/winfw/rules/permitdhcp.cpp b/windows/winfw/src/winfw/rules/permitdhcp.cpp
index 3537a2a2a1..d2d7292746 100644
--- a/windows/winfw/src/winfw/rules/permitdhcp.cpp
+++ b/windows/winfw/src/winfw/rules/permitdhcp.cpp
@@ -45,8 +45,8 @@ bool PermitDhcp::applyIpv4(IObjectInstaller &objectInstaller) const
 	//
 
 	filterBuilder
-		.key(MullvadGuids::FilterPermitDhcpV4_Outbound_Request())
-		.name(L"Permit outbound DHCPv4 request")
+		.key(MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv4())
+		.name(L"Permit outbound DHCP request (IPv4)")
 		.description(L"This filter is part of a rule that permits DHCP client traffic")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4)
@@ -73,8 +73,8 @@ bool PermitDhcp::applyIpv4(IObjectInstaller &objectInstaller) const
 	//
 
 	filterBuilder
-		.key(MullvadGuids::FilterPermitDhcpV4_Inbound_Response())
-		.name(L"Permit inbound DHCPv4 response")
+		.key(MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv4())
+		.name(L"Permit inbound DHCP response (IPv4)")
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4);
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4);
@@ -97,8 +97,8 @@ bool PermitDhcp::applyIpv6(IObjectInstaller &objectInstaller) const
 	//
 
 	filterBuilder
-		.key(MullvadGuids::FilterPermitDhcpV6_Outbound_Request())
-		.name(L"Permit outbound DHCPv6 request")
+		.key(MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv6())
+		.name(L"Permit outbound DHCP request (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 	{
@@ -125,8 +125,8 @@ bool PermitDhcp::applyIpv6(IObjectInstaller &objectInstaller) const
 	//
 
 	filterBuilder
-		.key(MullvadGuids::FilterPermitDhcpV6_Inbound_Response())
-		.name(L"Permit inbound DHCPv6 response")
+		.key(MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv6())
+		.name(L"Permit inbound DHCP response (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
diff --git a/windows/winfw/src/winfw/rules/permitdhcpserver.cpp b/windows/winfw/src/winfw/rules/permitdhcpserver.cpp
index 00d49a049f..ffc786c616 100644
--- a/windows/winfw/src/winfw/rules/permitdhcpserver.cpp
+++ b/windows/winfw/src/winfw/rules/permitdhcpserver.cpp
@@ -35,8 +35,8 @@ bool PermitDhcpServer::applyIpv4(IObjectInstaller &objectInstaller) const
 	wfp::FilterBuilder filterBuilder;
 
 	filterBuilder
-		.key(MullvadGuids::FilterPermitDhcpV4Server_Inbound_Request())
-		.name(L"Permit inbound DHCPv4 request")
+		.key(MullvadGuids::FilterPermitDhcpServer_Inbound_Request_Ipv4())
+		.name(L"Permit inbound DHCP request (IPv4)")
 		.description(L"This filter is part of a rule that permits DHCP server traffic")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4)
@@ -63,8 +63,8 @@ bool PermitDhcpServer::applyIpv4(IObjectInstaller &objectInstaller) const
 	//
 
 	filterBuilder
-		.key(MullvadGuids::FilterPermitDhcpV4Server_Outbound_Response())
-		.name(L"Permit outbound DHCPv4 response")
+		.key(MullvadGuids::FilterPermitDhcpServer_Outbound_Response_Ipv4())
+		.name(L"Permit outbound DHCP response (IPv4)")
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4);
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4);
diff --git a/windows/winfw/src/winfw/rules/permitlan.cpp b/windows/winfw/src/winfw/rules/permitlan.cpp
index 7c389f6517..e973bf29d8 100644
--- a/windows/winfw/src/winfw/rules/permitlan.cpp
+++ b/windows/winfw/src/winfw/rules/permitlan.cpp
@@ -27,7 +27,7 @@ bool PermitLan::applyIpv4(IObjectInstaller &objectInstaller) const
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLan_Outbound_Ipv4())
-		.name(L"Permit locally-initiated LAN traffic")
+		.name(L"Permit outbound LAN traffic (IPv4)")
 		.description(L"This filter is part of a rule that permits LAN traffic")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4)
@@ -53,7 +53,7 @@ bool PermitLan::applyIpv4(IObjectInstaller &objectInstaller) const
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLan_Outbound_Multicast_Ipv4())
-		.name(L"Permit locally-initiated multicast traffic");
+		.name(L"Permit outbound LAN multicast traffic (IPv4)");
 
 	conditionBuilder.reset();
 
@@ -79,7 +79,7 @@ bool PermitLan::applyIpv6(IObjectInstaller &objectInstaller) const
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLan_Outbound_Ipv6())
-		.name(L"Permit locally-initiated LAN traffic")
+		.name(L"Permit outbound LAN traffic (IPv6)")
 		.description(L"This filter is part of a rule that permits LAN traffic")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6)
@@ -104,7 +104,7 @@ bool PermitLan::applyIpv6(IObjectInstaller &objectInstaller) const
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLan_Outbound_Multicast_Ipv6())
-		.name(L"Permit locally-initiated IPv6 multicast traffic");
+		.name(L"Permit outbound LAN multicast traffic (IPv6)");
 
 	conditionBuilder.reset();
 
diff --git a/windows/winfw/src/winfw/rules/permitlanservice.cpp b/windows/winfw/src/winfw/rules/permitlanservice.cpp
index da98c48245..516aa3fcd7 100644
--- a/windows/winfw/src/winfw/rules/permitlanservice.cpp
+++ b/windows/winfw/src/winfw/rules/permitlanservice.cpp
@@ -27,7 +27,7 @@ bool PermitLanService::applyIpv4(IObjectInstaller &objectInstaller) const
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLanService_Inbound_Ipv4())
-		.name(L"Permit incoming requests on LAN")
+		.name(L"Permit inbound LAN traffic (IPv4)")
 		.description(L"This filter is part of a rule that permits hosting services in a LAN environment")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4)
@@ -55,7 +55,7 @@ bool PermitLanService::applyIpv6(IObjectInstaller &objectInstaller) const
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLanService_Inbound_Ipv6())
-		.name(L"Permit incoming requests on LAN")
+		.name(L"Permit inbound LAN traffic (IPv6)")
 		.description(L"This filter is part of a rule that permits hosting services in a LAN environment")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6)
diff --git a/windows/winfw/src/winfw/rules/permitloopback.cpp b/windows/winfw/src/winfw/rules/permitloopback.cpp
index 990d732881..99ee977b86 100644
--- a/windows/winfw/src/winfw/rules/permitloopback.cpp
+++ b/windows/winfw/src/winfw/rules/permitloopback.cpp
@@ -20,7 +20,7 @@ bool PermitLoopback::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLoopback_Outbound_Ipv4())
-		.name(L"Permit outbound connections on loopback")
+		.name(L"Permit outbound on loopback (IPv4)")
 		.description(L"This filter is part of a rule that permits all loopback traffic")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4)
@@ -45,7 +45,7 @@ bool PermitLoopback::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLoopback_Inbound_Ipv4())
-		.name(L"Permit inbound connections on loopback")
+		.name(L"Permit inbound on loopback (IPv4)")
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4);
 
 	{
@@ -65,6 +65,7 @@ bool PermitLoopback::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLoopback_Outbound_Ipv6())
+		.name(L"Permit outbound on loopback (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 	{
@@ -84,6 +85,7 @@ bool PermitLoopback::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitLoopback_Inbound_Ipv6())
+		.name(L"Permit inbound on loopback (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
diff --git a/windows/winfw/src/winfw/rules/permitvpntunnel.cpp b/windows/winfw/src/winfw/rules/permitvpntunnel.cpp
index 39830e70ec..e21a99c04d 100644
--- a/windows/winfw/src/winfw/rules/permitvpntunnel.cpp
+++ b/windows/winfw/src/winfw/rules/permitvpntunnel.cpp
@@ -25,7 +25,7 @@ bool PermitVpnTunnel::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitVpnTunnel_Outbound_Ipv4())
-		.name(L"Permit locally-initiated traffic on tunnel interface")
+		.name(L"Permit outbound on tunnel interface (IPv4)")
 		.description(L"This filter is part of a rule that permits communications inside the VPN tunnel")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4)
@@ -50,6 +50,7 @@ bool PermitVpnTunnel::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitVpnTunnel_Outbound_Ipv6())
+		.name(L"Permit outbound on tunnel interface (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 	wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
diff --git a/windows/winfw/src/winfw/rules/permitvpntunnelservice.cpp b/windows/winfw/src/winfw/rules/permitvpntunnelservice.cpp
index 182dad4067..bbdf9a6e2b 100644
--- a/windows/winfw/src/winfw/rules/permitvpntunnelservice.cpp
+++ b/windows/winfw/src/winfw/rules/permitvpntunnelservice.cpp
@@ -25,7 +25,7 @@ bool PermitVpnTunnelService::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitVpnTunnelService_Ipv4())
-		.name(L"Permit incoming requests on VPN tunnel IPv4")
+		.name(L"Permit inbound on tunnel interface (IPv4)")
 		.description(L"This filter is part of a rule that permits hosting services that listen on the tunnel interface")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4)
@@ -48,7 +48,7 @@ bool PermitVpnTunnelService::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterPermitVpnTunnelService_Ipv6())
-		.name(L"Permit incoming requests on VPN tunnel IPv6")
+		.name(L"Permit inbound on tunnel interface (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
 
 	conditionBuilder.reset(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V6);
diff --git a/windows/winfw/src/winfw/rules/restrictdns.cpp b/windows/winfw/src/winfw/rules/restrictdns.cpp
index 9009dcc4ee..41446db19a 100644
--- a/windows/winfw/src/winfw/rules/restrictdns.cpp
+++ b/windows/winfw/src/winfw/rules/restrictdns.cpp
@@ -35,7 +35,7 @@ bool RestrictDns::apply(IObjectInstaller &objectInstaller)
 
 	filterBuilder
 		.key(MullvadGuids::FilterRestrictDns_Outbound_Ipv4())
-		.name(L"Block DNS requests outside the VPN tunnel")
+		.name(L"Block DNS requests outside the VPN tunnel (IPv4)")
 		.description(L"This filter is part of a rule that restricts DNS traffic")
 		.provider(MullvadGuids::Provider())
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4)
@@ -55,19 +55,16 @@ bool RestrictDns::apply(IObjectInstaller &objectInstaller)
 		}
 	}
 
-	//
-	// IPv6 also
-	//
-
 	filterBuilder
-		.key(MullvadGuids::FilterRestrictDns_Outbound_Ipv6())
-		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
+		.name(L"Restrict DNS requests inside the VPN tunnel (IPv4)")
+		.key(MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv4())
+		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4);
 
 	{
-		wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
+		wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4);
 
 		conditionBuilder.add_condition(ConditionPort::Remote(53));
-		conditionBuilder.add_condition(ConditionInterface::Alias(m_tunnelInterfaceAlias, CompareNeq()));
+		conditionBuilder.add_condition(ConditionIp::Remote(m_v4DnsHost, CompareNeq()));
 
 		if (!objectInstaller.addFilter(filterBuilder, conditionBuilder))
 		{
@@ -75,17 +72,20 @@ bool RestrictDns::apply(IObjectInstaller &objectInstaller)
 		}
 	}
 
+	//
+	// IPv6 also
+	//
 
 	filterBuilder
-		.name(L"Restrict IPv4 DNS requests inside the VPN tunnel")
-		.key(MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv4())
-		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4);
+		.key(MullvadGuids::FilterRestrictDns_Outbound_Ipv6())
+		.name(L"Block DNS requests outside the VPN tunnel (IPv6)")
+		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 	{
-		wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4);
+		wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 		conditionBuilder.add_condition(ConditionPort::Remote(53));
-		conditionBuilder.add_condition(ConditionIp::Remote(m_v4DnsHost, CompareNeq()));
+		conditionBuilder.add_condition(ConditionInterface::Alias(m_tunnelInterfaceAlias, CompareNeq()));
 
 		if (!objectInstaller.addFilter(filterBuilder, conditionBuilder))
 		{
@@ -93,19 +93,18 @@ bool RestrictDns::apply(IObjectInstaller &objectInstaller)
 		}
 	}
 
-	//
-	// Specified DNS is IPv6
-	//
 	filterBuilder
-		.name(L"Restrict IPv6 DNS requests inside the VPN tunnel")
 		.key(MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv6())
+		.name(L"Restrict DNS requests inside the VPN tunnel (IPv6)")
 		.layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 	{
 		wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6);
 
 		conditionBuilder.add_condition(ConditionPort::Remote(53));
-		if (m_v6DnsHost != nullptr) {
+
+		if (m_v6DnsHost != nullptr)
+		{
 			conditionBuilder.add_condition(ConditionIp::Remote(*m_v6DnsHost, CompareNeq()));
 		}
author	Odd Stranne <odd@mullvad.net>	2019-05-17 21:47:18 +0200
committer	Odd Stranne <odd@mullvad.net>	2019-05-27 10:30:55 +0200
commit	88ea2269971f1eb482c338c8891432ecb691ab19 (patch)
tree	267b0e980e1018416abc55aad40808bdb455b2c9
parent	3f5517db761a40dc375eca7fadea8e6b15c03198 (diff)
download	mullvadvpn-88ea2269971f1eb482c338c8891432ecb691ab19.tar.xz mullvadvpn-88ea2269971f1eb482c338c8891432ecb691ab19.zip