diff options
| author | Odd Stranne <odd@mullvad.net> | 2019-05-17 10:59:52 +0200 |
|---|---|---|
| committer | Odd Stranne <odd@mullvad.net> | 2019-05-27 10:30:55 +0200 |
| commit | 40692f2804da8a9cfbdea587f47e0b6de202a43f (patch) | |
| tree | 886ab57d27a6617a94322ea95e88607a0a9e054b /windows | |
| parent | 536d9befe57f7d054ba0f712070f706cb14936d9 (diff) | |
| download | mullvadvpn-40692f2804da8a9cfbdea587f47e0b6de202a43f.tar.xz mullvadvpn-40692f2804da8a9cfbdea587f47e0b6de202a43f.zip | |
Separate IPv4 and IPv6 filters
Diffstat (limited to 'windows')
| -rw-r--r-- | windows/winfw/src/winfw/rules/blockall.cpp | 14 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/permitloopback.cpp | 18 |
2 files changed, 16 insertions, 16 deletions
diff --git a/windows/winfw/src/winfw/rules/blockall.cpp b/windows/winfw/src/winfw/rules/blockall.cpp index ff8ba5a065..54f35e5f1d 100644 --- a/windows/winfw/src/winfw/rules/blockall.cpp +++ b/windows/winfw/src/winfw/rules/blockall.cpp @@ -33,12 +33,13 @@ bool BlockAll::apply(IObjectInstaller &objectInstaller) } // - // #2 block outbound connections, ipv6 + // #2 block inbound connections, ipv4 // filterBuilder - .key(MullvadGuids::FilterBlockAll_Outbound_Ipv6()) - .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6); + .key(MullvadGuids::FilterBlockAll_Inbound_Ipv4()) + .name(L"Block all inbound connections") + .layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4); if (false == objectInstaller.addFilter(filterBuilder, nullConditionBuilder)) { @@ -46,13 +47,12 @@ bool BlockAll::apply(IObjectInstaller &objectInstaller) } // - // #3 block inbound connections, ipv4 + // #3 block outbound connections, ipv6 // filterBuilder - .key(MullvadGuids::FilterBlockAll_Inbound_Ipv4()) - .name(L"Block all inbound connections") - .layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4); + .key(MullvadGuids::FilterBlockAll_Outbound_Ipv6()) + .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6); if (false == objectInstaller.addFilter(filterBuilder, nullConditionBuilder)) { diff --git a/windows/winfw/src/winfw/rules/permitloopback.cpp b/windows/winfw/src/winfw/rules/permitloopback.cpp index f98fe4f756..990d732881 100644 --- a/windows/winfw/src/winfw/rules/permitloopback.cpp +++ b/windows/winfw/src/winfw/rules/permitloopback.cpp @@ -40,15 +40,16 @@ bool PermitLoopback::apply(IObjectInstaller &objectInstaller) } // - // #2 permit outbound connections, ipv6 + // #2 permit inbound connections, ipv4 // filterBuilder - .key(MullvadGuids::FilterPermitLoopback_Outbound_Ipv6()) - .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6); + .key(MullvadGuids::FilterPermitLoopback_Inbound_Ipv4()) + .name(L"Permit inbound connections on loopback") + .layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4); { - wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); + wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4); conditionBuilder.add_condition(std::make_unique<ConditionLoopback>()); @@ -59,16 +60,15 @@ bool PermitLoopback::apply(IObjectInstaller &objectInstaller) } // - // #3 permit inbound connections, ipv4 + // #3 permit outbound connections, ipv6 // filterBuilder - .key(MullvadGuids::FilterPermitLoopback_Inbound_Ipv4()) - .name(L"Permit inbound connections on loopback") - .layer(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4); + .key(MullvadGuids::FilterPermitLoopback_Outbound_Ipv6()) + .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6); { - wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_RECV_ACCEPT_V4); + wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); conditionBuilder.add_condition(std::make_unique<ConditionLoopback>()); |