diff options
| -rw-r--r-- | CHANGELOG.md | 4 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/fwcontext.cpp | 36 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/fwcontext.h | 6 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/mullvadguids.cpp | 54 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/mullvadguids.h | 6 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/permittunneldns.cpp | 115 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/permittunneldns.h | 27 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/permitvpntunnel.cpp | 12 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/restrictdns.cpp | 132 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/rules/restrictdns.h | 35 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/winfw.cpp | 8 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/winfw.vcxproj | 4 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/winfw.vcxproj.filters | 12 |
13 files changed, 250 insertions, 201 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index f6f429bf02..a66346c576 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -57,6 +57,10 @@ Line wrap the file at 100 chars. Th states: While connecting, when blocked due to an error happening and when disconnected if the "block when disconnected" setting was enabled. + #### Windows +- Prevent DNS leak that happened if "Local network sharing" was enabled and the device had a + default DNS on the local private network. + ## [2020.1] - 2020-02-10 This release is identical to 2020.1-beta1 diff --git a/windows/winfw/src/winfw/fwcontext.cpp b/windows/winfw/src/winfw/fwcontext.cpp index ed1d204560..609f097336 100644 --- a/windows/winfw/src/winfw/fwcontext.cpp +++ b/windows/winfw/src/winfw/fwcontext.cpp @@ -10,11 +10,11 @@ #include "rules/permitlan.h" #include "rules/permitlanservice.h" #include "rules/permitloopback.h" -#include "rules/permittunneldns.h" #include "rules/permitvpnrelay.h" #include "rules/permitvpntunnel.h" #include "rules/permitvpntunnelservice.h" #include "rules/permitping.h" +#include "rules/restrictdns.h" #include <libwfp/transaction.h> #include <libwfp/filterengine.h> #include <libcommon/error.h> @@ -53,10 +53,11 @@ void AppendSettingsRules(FwContext::Ruleset &ruleset, const WinFwSettings &setti } } -void AppendNetBlockedRules(FwContext::Ruleset &ruleset) +void AppendNetBlockedRules(FwContext::Ruleset &ruleset, const std::optional<WinFwRelay> &relay, const std::optional<rules::RestrictDns::DnsHosts> &dnsHosts) { ruleset.emplace_back(std::make_unique<rules::BlockAll>()); ruleset.emplace_back(std::make_unique<rules::PermitLoopback>()); + ruleset.emplace_back(std::make_unique<rules::RestrictDns>(relay, dnsHosts)); } } // anonymous namespace @@ -108,7 +109,7 @@ bool FwContext::applyPolicyConnecting { Ruleset ruleset; - AppendNetBlockedRules(ruleset); + AppendNetBlockedRules(ruleset, relay, std::nullopt); AppendSettingsRules(ruleset, settings); ruleset.emplace_back(std::make_unique<rules::PermitVpnRelay>( @@ -140,14 +141,20 @@ bool FwContext::applyPolicyConnected ( const WinFwSettings &settings, const WinFwRelay &relay, - const wchar_t *tunnelInterfaceAlias, - const wchar_t *v4DnsHost, - const wchar_t *v6DnsHost + const std::wstring &tunnelInterfaceAlias, + const wfp::IpAddress &v4DnsHost, + const std::optional<wfp::IpAddress> &v6DnsHost ) { Ruleset ruleset; - AppendNetBlockedRules(ruleset); + rules::RestrictDns::DnsHosts dnsHosts = + { + tunnelInterfaceAlias, + v4DnsHost, + v6DnsHost + }; + AppendNetBlockedRules(ruleset, relay, dnsHosts); AppendSettingsRules(ruleset, settings); ruleset.emplace_back(std::make_unique<rules::PermitVpnRelay>( @@ -164,19 +171,6 @@ bool FwContext::applyPolicyConnected tunnelInterfaceAlias )); - std::vector<wfp::IpAddress> dnsHosts; - dnsHosts.push_back(wfp::IpAddress(v4DnsHost)); - - if (nullptr != v6DnsHost) - { - dnsHosts.push_back(wfp::IpAddress(v6DnsHost)); - } - - ruleset.emplace_back(std::make_unique<rules::PermitTunnelDns>( - tunnelInterfaceAlias, - dnsHosts - )); - return applyRuleset(ruleset); } @@ -197,7 +191,7 @@ FwContext::Ruleset FwContext::composePolicyBlocked(const WinFwSettings &settings { Ruleset ruleset; - AppendNetBlockedRules(ruleset); + AppendNetBlockedRules(ruleset, std::nullopt, std::nullopt); AppendSettingsRules(ruleset, settings); return ruleset; diff --git a/windows/winfw/src/winfw/fwcontext.h b/windows/winfw/src/winfw/fwcontext.h index 9d5b34c51b..552b075869 100644 --- a/windows/winfw/src/winfw/fwcontext.h +++ b/windows/winfw/src/winfw/fwcontext.h @@ -35,9 +35,9 @@ public: ( const WinFwSettings &settings, const WinFwRelay &relay, - const wchar_t *tunnelInterfaceAlias, - const wchar_t *v4DnsHost, - const wchar_t *v6DnsHost + const std::wstring &tunnelInterfaceAlias, + const wfp::IpAddress &v4DnsHost, + const std::optional<wfp::IpAddress> &v6DnsHost ); bool applyPolicyBlocked(const WinFwSettings &settings); diff --git a/windows/winfw/src/winfw/mullvadguids.cpp b/windows/winfw/src/winfw/mullvadguids.cpp index ef27e4823c..e73fac26ed 100644 --- a/windows/winfw/src/winfw/mullvadguids.cpp +++ b/windows/winfw/src/winfw/mullvadguids.cpp @@ -50,8 +50,10 @@ DetailedWfpObjectRegistry MullvadGuids::BuildDetailedRegistry() registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnRelay())); registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv4())); registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitTunnelDns_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitTunnelDns_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv6())); registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv4())); registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv6())); registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitNdp_Outbound_Router_Solicitation())); @@ -443,28 +445,56 @@ const GUID &MullvadGuids::FilterPermitVpnTunnel_Outbound_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitTunnelDns_Ipv4() +const GUID &MullvadGuids::FilterRestrictDns_Outbound_Ipv4() { static const GUID g = { - 0x60474363, - 0x42b7, - 0x44ad, - { 0xa6, 0xdb, 0x9c, 0x4a, 0x4d, 0x3c, 0xde, 0x4a } + 0xc0792b44, + 0xfc3c, + 0x42e8, + { 0xa6, 0x60, 0x25, 0x4b, 0xd0, 0x4, 0xb1, 0x9d } }; return g; } //static -const GUID &MullvadGuids::FilterPermitTunnelDns_Ipv6() +const GUID &MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv4() { static const GUID g = { - 0xa832ce1d, - 0xa250, - 0x42be, - { 0x8b, 0x97, 0x2, 0xb7, 0x9f, 0x9c, 0x5e, 0x1 } + 0x790445dc, + 0xb23e, + 0x4ab4, + { 0x8e, 0x2f, 0xc7, 0x6, 0x55, 0x5f, 0x94, 0xff } + }; + + return g; +} + +//static +const GUID &MullvadGuids::FilterRestrictDns_Outbound_Ipv6() +{ + static const GUID g = + { + 0xcde477eb, + 0x2d8a, + 0x45b8, + { 0x9a, 0x3e, 0x9a, 0xa3, 0xbe, 0x4d, 0xe2, 0xb4 } + }; + + return g; +} + +//static +const GUID &MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv6() +{ + static const GUID g = + { + 0xacc90d87, + 0xab77, + 0x4cf4, + { 0x84, 0xee, 0x1d, 0x68, 0x95, 0xf0, 0x66, 0xc2 } }; return g; diff --git a/windows/winfw/src/winfw/mullvadguids.h b/windows/winfw/src/winfw/mullvadguids.h index 8a32c1c9df..3c3ca9702b 100644 --- a/windows/winfw/src/winfw/mullvadguids.h +++ b/windows/winfw/src/winfw/mullvadguids.h @@ -56,8 +56,10 @@ public: static const GUID &FilterPermitVpnTunnel_Outbound_Ipv4(); static const GUID &FilterPermitVpnTunnel_Outbound_Ipv6(); - static const GUID &FilterPermitTunnelDns_Ipv4(); - static const GUID &FilterPermitTunnelDns_Ipv6(); + static const GUID &FilterRestrictDns_Outbound_Ipv4(); + static const GUID &FilterRestrictDns_Outbound_Tunnel_Ipv4(); + static const GUID &FilterRestrictDns_Outbound_Ipv6(); + static const GUID &FilterRestrictDns_Outbound_Tunnel_Ipv6(); static const GUID &FilterPermitVpnTunnelService_Ipv4(); static const GUID &FilterPermitVpnTunnelService_Ipv6(); diff --git a/windows/winfw/src/winfw/rules/permittunneldns.cpp b/windows/winfw/src/winfw/rules/permittunneldns.cpp deleted file mode 100644 index 57c1d39763..0000000000 --- a/windows/winfw/src/winfw/rules/permittunneldns.cpp +++ /dev/null @@ -1,115 +0,0 @@ -#include "stdafx.h" -#include "permittunneldns.h" -#include "winfw/mullvadguids.h" -#include "libwfp/filterbuilder.h" -#include "libwfp/conditionbuilder.h" -#include "libwfp/conditions/comparison.h" -#include "libwfp/conditions/conditioninterface.h" -#include "libwfp/conditions/conditionip.h" -#include "libwfp/conditions/conditionport.h" - -using namespace wfp::conditions; - -namespace -{ - -constexpr uint16_t DNS_PORT = 53; - -} // anonymous namespace - -namespace rules -{ - -PermitTunnelDns::PermitTunnelDns( - const std::wstring &tunnelInterfaceAlias, - const std::vector<wfp::IpAddress> &dnsHosts -) - : m_tunnelInterfaceAlias(tunnelInterfaceAlias) -{ - for (const auto &host : dnsHosts) - { - if (wfp::IpAddress::Ipv4 == host.type()) - { - m_v4DnsHosts.push_back(host); - } - else - { - m_v6DnsHosts.push_back(host); - } - } -} - -bool PermitTunnelDns::apply(IObjectInstaller &objectInstaller) -{ - // - // Permit outbound DNS traffic to specific servers (IPv4) - // - - wfp::FilterBuilder filterBuilder; - - filterBuilder - .provider(MullvadGuids::Provider()) - .description(L"This filter is part of a rule that permits DNS traffic inside the VPN tunnel") - .sublayer(MullvadGuids::SublayerWhitelist()) - .weight(wfp::FilterBuilder::WeightClass::Max) - .permit(); - - if (!m_v4DnsHosts.empty()) - { - filterBuilder - .key(MullvadGuids::FilterPermitTunnelDns_Ipv4()) - .name(L"Permit select outbound DNS traffic on tunnel interface (IPv4)") - .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4); - - wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4); - conditionBuilder.add_condition(ConditionInterface::Alias(m_tunnelInterfaceAlias)); - - for (const auto &host : m_v4DnsHosts) - { - // Multiple conditions of same type are OR'ed - conditionBuilder.add_condition(ConditionIp::Remote(host)); - } - - conditionBuilder.add_condition(ConditionPort::Remote(DNS_PORT)); - - if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) - { - return false; - } - } - - // - // Permit outbound DNS traffic to specific servers (IPv6) - // - - if (!m_v6DnsHosts.empty()) - { - filterBuilder - .key(MullvadGuids::FilterPermitTunnelDns_Ipv6()) - .name(L"Permit select outbound DNS traffic on tunnel interface (IPv6)") - .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6); - - wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); - conditionBuilder.add_condition(ConditionInterface::Alias(m_tunnelInterfaceAlias)); - - for (const auto &host : m_v6DnsHosts) - { - // Multiple conditions of same type are OR'ed - if (wfp::IpAddress::Ipv6 == host.type()) - { - conditionBuilder.add_condition(ConditionIp::Remote(host)); - } - } - - conditionBuilder.add_condition(ConditionPort::Remote(DNS_PORT)); - - if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) - { - return false; - } - } - - return true; -} - -} diff --git a/windows/winfw/src/winfw/rules/permittunneldns.h b/windows/winfw/src/winfw/rules/permittunneldns.h deleted file mode 100644 index eec22b0924..0000000000 --- a/windows/winfw/src/winfw/rules/permittunneldns.h +++ /dev/null @@ -1,27 +0,0 @@ -#pragma once - -#include "ifirewallrule.h" -#include "libwfp/ipaddress.h" -#include <string> -#include <cstdint> - -namespace rules -{ - -class PermitTunnelDns : public IFirewallRule -{ -public: - - PermitTunnelDns(const std::wstring &tunnelInterfaceAlias, const std::vector<wfp::IpAddress> &dnsHosts); - - bool apply(IObjectInstaller &objectInstaller) override; - -private: - - const std::wstring m_tunnelInterfaceAlias; - std::vector<wfp::IpAddress> m_v4DnsHosts; - std::vector<wfp::IpAddress> m_v6DnsHosts; - -}; - -} diff --git a/windows/winfw/src/winfw/rules/permitvpntunnel.cpp b/windows/winfw/src/winfw/rules/permitvpntunnel.cpp index a757f5e164..e21a99c04d 100644 --- a/windows/winfw/src/winfw/rules/permitvpntunnel.cpp +++ b/windows/winfw/src/winfw/rules/permitvpntunnel.cpp @@ -4,17 +4,9 @@ #include "libwfp/filterbuilder.h" #include "libwfp/conditionbuilder.h" #include "libwfp/conditions/conditioninterface.h" -#include "libwfp/conditions/conditionport.h" using namespace wfp::conditions; -namespace -{ - -constexpr uint16_t DNS_PORT = 53; - -} // anonymous namespace - namespace rules { @@ -29,7 +21,6 @@ bool PermitVpnTunnel::apply(IObjectInstaller &objectInstaller) // // #1 permit locally-initiated traffic on tunnel interface, ipv4 - // except DNS requests // filterBuilder @@ -46,7 +37,6 @@ bool PermitVpnTunnel::apply(IObjectInstaller &objectInstaller) wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4); conditionBuilder.add_condition(ConditionInterface::Alias(m_tunnelInterfaceAlias)); - conditionBuilder.add_condition(ConditionPort::Remote(DNS_PORT, CompareNeq())); if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) { @@ -56,7 +46,6 @@ bool PermitVpnTunnel::apply(IObjectInstaller &objectInstaller) // // #2 permit locally-initiated traffic on tunnel interface, ipv6 - // except DNS requests // filterBuilder @@ -67,7 +56,6 @@ bool PermitVpnTunnel::apply(IObjectInstaller &objectInstaller) wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); conditionBuilder.add_condition(ConditionInterface::Alias(m_tunnelInterfaceAlias)); - conditionBuilder.add_condition(ConditionPort::Remote(DNS_PORT, CompareNeq())); return objectInstaller.addFilter(filterBuilder, conditionBuilder); } diff --git a/windows/winfw/src/winfw/rules/restrictdns.cpp b/windows/winfw/src/winfw/rules/restrictdns.cpp new file mode 100644 index 0000000000..751e278233 --- /dev/null +++ b/windows/winfw/src/winfw/rules/restrictdns.cpp @@ -0,0 +1,132 @@ +#include "stdafx.h" +#include "restrictdns.h" +#include "winfw/mullvadguids.h" +#include "libwfp/filterbuilder.h" +#include "libwfp/conditionbuilder.h" +#include "libwfp/conditions/conditioninterface.h" +#include "libwfp/conditions/conditionip.h" +#include "libwfp/conditions/conditionport.h" + +using namespace wfp::conditions; + +namespace rules +{ + +RestrictDns::RestrictDns( + const std::optional<WinFwRelay> &relay, + const std::optional<DnsHosts> &dnsHosts +) + : m_dnsHosts(dnsHosts) +{ + if (relay.has_value() && 53 == relay->port) + { + m_allowHost = std::make_optional(wfp::IpAddress(relay->ip)); + } +} + +bool RestrictDns::apply(IObjectInstaller &objectInstaller) +{ + wfp::FilterBuilder filterBuilder; + + // + // Requires that the following rules are in effect: + // + // BlockAll + // PermitVpnTunnel + // + // TODO: Have each rule specify requirements? + // + + filterBuilder + .provider(MullvadGuids::Provider()) + .description(L"This filter is part of a rule that restricts DNS traffic") + .sublayer(MullvadGuids::SublayerBlacklist()); + + if (m_dnsHosts.has_value()) + { + filterBuilder + .key(MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv4()) + .name(L"Restrict DNS requests inside the VPN tunnel (IPv4)") + .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4) + .weight(MAXUINT16) + .permit(); + + { + wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4); + + conditionBuilder.add_condition(ConditionInterface::Alias(m_dnsHosts->tunnelInterfaceAlias, CompareEq())); + conditionBuilder.add_condition(ConditionIp::Remote(m_dnsHosts->v4DnsHost, CompareEq())); + + if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) + { + return false; + } + } + } + + filterBuilder + .key(MullvadGuids::FilterRestrictDns_Outbound_Ipv4()) + .name(L"Block DNS requests outside the VPN tunnel (IPv4)") + .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V4) + .weight(MAXUINT16 - 1) + .block(); + + { + wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V4); + conditionBuilder.add_condition(ConditionPort::Remote(53)); + + // + // Allow DNS traffic over select host + // + if (m_allowHost.has_value()) + { + conditionBuilder.add_condition(ConditionIp::Remote(*m_allowHost, CompareNeq())); + } + + if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) + { + return false; + } + } + + // + // IPv6 also + // + + if (m_dnsHosts.has_value() && m_dnsHosts->v6DnsHost.has_value()) + { + filterBuilder + .key(MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv6()) + .name(L"Restrict DNS requests inside the VPN tunnel (IPv6)") + .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6) + .weight(MAXUINT16) + .permit(); + + { + wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); + + conditionBuilder.add_condition(ConditionInterface::Alias(m_dnsHosts->tunnelInterfaceAlias, CompareEq())); + conditionBuilder.add_condition(ConditionIp::Remote(*m_dnsHosts->v6DnsHost, CompareEq())); + + if (!objectInstaller.addFilter(filterBuilder, conditionBuilder)) + { + return false; + } + } + } + + filterBuilder + .key(MullvadGuids::FilterRestrictDns_Outbound_Ipv6()) + .name(L"Block DNS requests outside the VPN tunnel (IPv6)") + .layer(FWPM_LAYER_ALE_AUTH_CONNECT_V6) + .weight(MAXUINT16 - 1) + .block(); + + { + wfp::ConditionBuilder conditionBuilder(FWPM_LAYER_ALE_AUTH_CONNECT_V6); + conditionBuilder.add_condition(ConditionPort::Remote(53)); + return objectInstaller.addFilter(filterBuilder, conditionBuilder); + } +} + +} diff --git a/windows/winfw/src/winfw/rules/restrictdns.h b/windows/winfw/src/winfw/rules/restrictdns.h new file mode 100644 index 0000000000..9cf0ad00a9 --- /dev/null +++ b/windows/winfw/src/winfw/rules/restrictdns.h @@ -0,0 +1,35 @@ +#pragma once + +#include "ifirewallrule.h" +#include "libwfp/ipaddress.h" +#include "winfw/winfw.h" +#include <optional> +#include <string> +#include <cstdint> + +namespace rules +{ + +class RestrictDns : public IFirewallRule +{ +public: + + struct DnsHosts + { + std::wstring tunnelInterfaceAlias; + wfp::IpAddress v4DnsHost; + std::optional<wfp::IpAddress> v6DnsHost; + }; + + RestrictDns(const std::optional<WinFwRelay> &relay, const std::optional<DnsHosts> &dnsHosts); + + bool apply(IObjectInstaller &objectInstaller) override; + +private: + + std::optional<wfp::IpAddress> m_allowHost; + const std::optional<DnsHosts> m_dnsHosts; + +}; + +} diff --git a/windows/winfw/src/winfw/winfw.cpp b/windows/winfw/src/winfw/winfw.cpp index bb79c2eff6..c053087355 100644 --- a/windows/winfw/src/winfw/winfw.cpp +++ b/windows/winfw/src/winfw/winfw.cpp @@ -205,7 +205,13 @@ WinFw_ApplyPolicyConnected( try { - return g_fwContext->applyPolicyConnected(settings, relay, tunnelInterfaceAlias, v4DnsHost, v6DnsHost); + return g_fwContext->applyPolicyConnected( + settings, + relay, + tunnelInterfaceAlias, + wfp::IpAddress(v4DnsHost), + nullptr != v6DnsHost ? std::make_optional(wfp::IpAddress(v6DnsHost)) : std::nullopt + ); } catch (std::exception &err) { diff --git a/windows/winfw/src/winfw/winfw.vcxproj b/windows/winfw/src/winfw/winfw.vcxproj index 7b35c8b939..15da42ec0f 100644 --- a/windows/winfw/src/winfw/winfw.vcxproj +++ b/windows/winfw/src/winfw/winfw.vcxproj @@ -23,7 +23,6 @@ <ClCompile Include="mullvadguids.cpp" /> <ClCompile Include="mullvadobjects.cpp" /> <ClCompile Include="objectpurger.cpp" /> - <ClCompile Include="rules\permittunneldns.cpp" /> <ClCompile Include="rules\blockall.cpp" /> <ClCompile Include="rules\permitdhcp.cpp" /> <ClCompile Include="rules\permitdhcpserver.cpp" /> @@ -35,6 +34,7 @@ <ClCompile Include="rules\permitvpntunnelservice.cpp" /> <ClCompile Include="rules\permitvpnrelay.cpp" /> <ClCompile Include="rules\permitvpntunnel.cpp" /> + <ClCompile Include="rules\restrictdns.cpp" /> <ClCompile Include="sessioncontroller.cpp" /> <ClCompile Include="sessionrecord.cpp" /> <ClCompile Include="stdafx.cpp"> @@ -52,7 +52,6 @@ <ClInclude Include="mullvadguids.h" /> <ClInclude Include="mullvadobjects.h" /> <ClInclude Include="objectpurger.h" /> - <ClInclude Include="rules\permittunneldns.h" /> <ClInclude Include="rules\permitdhcpserver.h" /> <ClInclude Include="rules\permitndp.h" /> <ClInclude Include="rules\permitping.h" /> @@ -66,6 +65,7 @@ <ClInclude Include="rules\permitvpntunnelservice.h" /> <ClInclude Include="rules\permitvpnrelay.h" /> <ClInclude Include="rules\permitvpntunnel.h" /> + <ClInclude Include="rules\restrictdns.h" /> <ClInclude Include="sessioncontroller.h" /> <ClInclude Include="sessionrecord.h" /> <ClInclude Include="stdafx.h" /> diff --git a/windows/winfw/src/winfw/winfw.vcxproj.filters b/windows/winfw/src/winfw/winfw.vcxproj.filters index c491cb2a8d..a758a1c9ec 100644 --- a/windows/winfw/src/winfw/winfw.vcxproj.filters +++ b/windows/winfw/src/winfw/winfw.vcxproj.filters @@ -30,6 +30,9 @@ <Filter>rules</Filter> </ClCompile> <ClCompile Include="sessionrecord.cpp" /> + <ClCompile Include="rules\restrictdns.cpp"> + <Filter>rules</Filter> + </ClCompile> <ClCompile Include="rules\permitvpntunnelservice.cpp"> <Filter>rules</Filter> </ClCompile> @@ -43,9 +46,6 @@ <ClCompile Include="rules\permitping.cpp"> <Filter>rules</Filter> </ClCompile> - <ClCompile Include="rules\permittunneldns.cpp"> - <Filter>rules</Filter> - </ClCompile> </ItemGroup> <ItemGroup> <ClInclude Include="stdafx.h" /> @@ -81,6 +81,9 @@ <Filter>rules</Filter> </ClInclude> <ClInclude Include="sessionrecord.h" /> + <ClInclude Include="rules\restrictdns.h"> + <Filter>rules</Filter> + </ClInclude> <ClInclude Include="rules\permitvpntunnelservice.h"> <Filter>rules</Filter> </ClInclude> @@ -96,9 +99,6 @@ <ClInclude Include="rules\permitping.h"> <Filter>rules</Filter> </ClInclude> - <ClInclude Include="rules\permittunneldns.h"> - <Filter>rules</Filter> - </ClInclude> </ItemGroup> <ItemGroup> <Filter Include="rules"> |