diff options
| -rw-r--r-- | windows/winfw/src/winfw/mullvadguids.cpp | 219 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/mullvadguids.h | 73 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/mullvadobjects.cpp | 31 | ||||
| -rw-r--r-- | windows/winfw/src/winfw/mullvadobjects.h | 5 |
4 files changed, 150 insertions, 178 deletions
diff --git a/windows/winfw/src/winfw/mullvadguids.cpp b/windows/winfw/src/winfw/mullvadguids.cpp index e73fac26ed..2a96e7239f 100644 --- a/windows/winfw/src/winfw/mullvadguids.cpp +++ b/windows/winfw/src/winfw/mullvadguids.cpp @@ -25,42 +25,39 @@ DetailedWfpObjectRegistry MullvadGuids::BuildDetailedRegistry() std::multimap<WfpObjectType, GUID> registry; registry.insert(std::make_pair(WfpObjectType::Provider, Provider())); - registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerWhitelist())); - registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerBlacklist())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Outbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Inbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Outbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterBlockAll_Inbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Outbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Outbound_Multicast_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Outbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLan_Outbound_Multicast_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_Inbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLanService_Inbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Outbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Inbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Outbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitLoopback_Inbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Outbound_Request_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Inbound_Response_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Outbound_Request_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcp_Inbound_Response_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpServer_Inbound_Request_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitDhcpServer_Outbound_Response_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnRelay())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnel_Outbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterRestrictDns_Outbound_Tunnel_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitVpnTunnelService_Ipv6())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitNdp_Outbound_Router_Solicitation())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitNdp_Inbound_Router_Advertisement())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitNdp_Inbound_Redirect())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitPing_Outbound_Icmpv4())); - registry.insert(std::make_pair(WfpObjectType::Filter, FilterPermitPing_Outbound_Icmpv6())); + registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerBaseline())); + registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerNonTunnelDns())); + registry.insert(std::make_pair(WfpObjectType::Sublayer, SublayerTunnelDns())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_BlockAll_Outbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_BlockAll_Inbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_BlockAll_Outbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_BlockAll_Inbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLan_Outbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLan_Outbound_Multicast_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLan_Outbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLan_Outbound_Multicast_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLanService_Inbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLanService_Inbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLoopback_Outbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLoopback_Inbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLoopback_Outbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitLoopback_Inbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitDhcp_Outbound_Request_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitDhcp_Inbound_Response_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitDhcp_Outbound_Request_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitDhcp_Inbound_Response_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitDhcpServer_Inbound_Request_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitDhcpServer_Outbound_Response_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnRelay())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitVpnTunnelService_Ipv6())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitNdp_Outbound_Router_Solicitation())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitNdp_Inbound_Router_Advertisement())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitNdp_Inbound_Redirect())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitPing_Outbound_Icmpv4())); + registry.insert(std::make_pair(WfpObjectType::Filter, Filter_Baseline_PermitPing_Outbound_Icmpv6())); return registry; } @@ -94,35 +91,49 @@ const GUID &MullvadGuids::Provider() } //static -const GUID &MullvadGuids::SublayerWhitelist() +const GUID &MullvadGuids::SublayerBaseline() { static const GUID g = { - 0x11d1a31a, - 0xd7fa, - 0x469b, - { 0xbc, 0x21, 0xcc, 0xe9, 0x2e, 0x35, 0xfe, 0x90 } + 0xc78056ff, + 0x2bc1, + 0x4211, + { 0xaa, 0xdd, 0x7f, 0x35, 0x8d, 0xef, 0x20, 0x2d } }; return g; } //static -const GUID &MullvadGuids::SublayerBlacklist() +const GUID& MullvadGuids::SublayerNonTunnelDns() { static const GUID g = { - 0x843b74f0, - 0xb499, - 0x499a, - { 0xac, 0xe3, 0xf9, 0xee, 0xa2, 0x4, 0x89, 0xc1 } + 0x60090787, + 0xcca1, + 0x4937, + { 0xaa, 0xce, 0x51, 0x25, 0x6e, 0xf4, 0x81, 0xf3 } }; return g; } //static -const GUID &MullvadGuids::FilterBlockAll_Outbound_Ipv4() +const GUID& MullvadGuids::SublayerTunnelDns() +{ + static const GUID g = + { + 0xd879542d, + 0x2f34, + 0x4af6, + { 0x9f, 0xec, 0xe1, 0xa, 0x20, 0x86, 0xbf, 0xbc } + }; + + return g; +} + +//static +const GUID &MullvadGuids::Filter_Baseline_BlockAll_Outbound_Ipv4() { static const GUID g = { @@ -136,7 +147,7 @@ const GUID &MullvadGuids::FilterBlockAll_Outbound_Ipv4() } //static -const GUID &MullvadGuids::FilterBlockAll_Inbound_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_BlockAll_Inbound_Ipv4() { static const GUID g = { @@ -150,7 +161,7 @@ const GUID &MullvadGuids::FilterBlockAll_Inbound_Ipv4() } //static -const GUID &MullvadGuids::FilterBlockAll_Outbound_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_BlockAll_Outbound_Ipv6() { static const GUID g = { @@ -164,7 +175,7 @@ const GUID &MullvadGuids::FilterBlockAll_Outbound_Ipv6() } //static -const GUID &MullvadGuids::FilterBlockAll_Inbound_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_BlockAll_Inbound_Ipv6() { static const GUID g = { @@ -179,7 +190,7 @@ const GUID &MullvadGuids::FilterBlockAll_Inbound_Ipv6() //static -const GUID &MullvadGuids::FilterPermitLan_Outbound_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitLan_Outbound_Ipv4() { static const GUID g = { @@ -193,7 +204,7 @@ const GUID &MullvadGuids::FilterPermitLan_Outbound_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitLan_Outbound_Multicast_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitLan_Outbound_Multicast_Ipv4() { static const GUID g = { @@ -207,7 +218,7 @@ const GUID &MullvadGuids::FilterPermitLan_Outbound_Multicast_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitLan_Outbound_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitLan_Outbound_Ipv6() { static const GUID g = { @@ -221,7 +232,7 @@ const GUID &MullvadGuids::FilterPermitLan_Outbound_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitLan_Outbound_Multicast_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitLan_Outbound_Multicast_Ipv6() { static const GUID g = { @@ -235,7 +246,7 @@ const GUID &MullvadGuids::FilterPermitLan_Outbound_Multicast_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitLanService_Inbound_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitLanService_Inbound_Ipv4() { static const GUID g = { @@ -249,7 +260,7 @@ const GUID &MullvadGuids::FilterPermitLanService_Inbound_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitLanService_Inbound_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitLanService_Inbound_Ipv6() { static const GUID g = { @@ -263,7 +274,7 @@ const GUID &MullvadGuids::FilterPermitLanService_Inbound_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitLoopback_Outbound_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitLoopback_Outbound_Ipv4() { static const GUID g = { @@ -277,7 +288,7 @@ const GUID &MullvadGuids::FilterPermitLoopback_Outbound_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitLoopback_Inbound_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitLoopback_Inbound_Ipv4() { static const GUID g = { @@ -291,7 +302,7 @@ const GUID &MullvadGuids::FilterPermitLoopback_Inbound_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitLoopback_Outbound_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitLoopback_Outbound_Ipv6() { static const GUID g = { @@ -305,7 +316,7 @@ const GUID &MullvadGuids::FilterPermitLoopback_Outbound_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitLoopback_Inbound_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitLoopback_Inbound_Ipv6() { static const GUID g = { @@ -319,7 +330,7 @@ const GUID &MullvadGuids::FilterPermitLoopback_Inbound_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitDhcp_Outbound_Request_Ipv4() { static const GUID g = { @@ -333,7 +344,7 @@ const GUID &MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitDhcp_Inbound_Response_Ipv4() { static const GUID g = { @@ -347,7 +358,7 @@ const GUID &MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitDhcp_Outbound_Request_Ipv6() { static const GUID g = { @@ -361,7 +372,7 @@ const GUID &MullvadGuids::FilterPermitDhcp_Outbound_Request_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitDhcp_Inbound_Response_Ipv6() { static const GUID g = { @@ -375,7 +386,7 @@ const GUID &MullvadGuids::FilterPermitDhcp_Inbound_Response_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitDhcpServer_Inbound_Request_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitDhcpServer_Inbound_Request_Ipv4() { static const GUID g = { @@ -389,7 +400,7 @@ const GUID &MullvadGuids::FilterPermitDhcpServer_Inbound_Request_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitDhcpServer_Outbound_Response_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitDhcpServer_Outbound_Response_Ipv4() { static const GUID g = { @@ -403,7 +414,7 @@ const GUID &MullvadGuids::FilterPermitDhcpServer_Outbound_Response_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitVpnRelay() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnRelay() { static const GUID g = { @@ -417,7 +428,7 @@ const GUID &MullvadGuids::FilterPermitVpnRelay() } //static -const GUID &MullvadGuids::FilterPermitVpnTunnel_Outbound_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4() { static const GUID g = { @@ -431,7 +442,7 @@ const GUID &MullvadGuids::FilterPermitVpnTunnel_Outbound_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitVpnTunnel_Outbound_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6() { static const GUID g = { @@ -445,63 +456,7 @@ const GUID &MullvadGuids::FilterPermitVpnTunnel_Outbound_Ipv6() } //static -const GUID &MullvadGuids::FilterRestrictDns_Outbound_Ipv4() -{ - static const GUID g = - { - 0xc0792b44, - 0xfc3c, - 0x42e8, - { 0xa6, 0x60, 0x25, 0x4b, 0xd0, 0x4, 0xb1, 0x9d } - }; - - return g; -} - -//static -const GUID &MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv4() -{ - static const GUID g = - { - 0x790445dc, - 0xb23e, - 0x4ab4, - { 0x8e, 0x2f, 0xc7, 0x6, 0x55, 0x5f, 0x94, 0xff } - }; - - return g; -} - -//static -const GUID &MullvadGuids::FilterRestrictDns_Outbound_Ipv6() -{ - static const GUID g = - { - 0xcde477eb, - 0x2d8a, - 0x45b8, - { 0x9a, 0x3e, 0x9a, 0xa3, 0xbe, 0x4d, 0xe2, 0xb4 } - }; - - return g; -} - -//static -const GUID &MullvadGuids::FilterRestrictDns_Outbound_Tunnel_Ipv6() -{ - static const GUID g = - { - 0xacc90d87, - 0xab77, - 0x4cf4, - { 0x84, 0xee, 0x1d, 0x68, 0x95, 0xf0, 0x66, 0xc2 } - }; - - return g; -} - -//static -const GUID &MullvadGuids::FilterPermitVpnTunnelService_Ipv4() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv4() { static const GUID g = { @@ -515,7 +470,7 @@ const GUID &MullvadGuids::FilterPermitVpnTunnelService_Ipv4() } //static -const GUID &MullvadGuids::FilterPermitVpnTunnelService_Ipv6() +const GUID &MullvadGuids::Filter_Baseline_PermitVpnTunnelService_Ipv6() { static const GUID g = { @@ -529,7 +484,7 @@ const GUID &MullvadGuids::FilterPermitVpnTunnelService_Ipv6() } //static -const GUID &MullvadGuids::FilterPermitNdp_Outbound_Router_Solicitation() +const GUID &MullvadGuids::Filter_Baseline_PermitNdp_Outbound_Router_Solicitation() { static const GUID g = { @@ -543,7 +498,7 @@ const GUID &MullvadGuids::FilterPermitNdp_Outbound_Router_Solicitation() } //static -const GUID &MullvadGuids::FilterPermitNdp_Inbound_Router_Advertisement() +const GUID &MullvadGuids::Filter_Baseline_PermitNdp_Inbound_Router_Advertisement() { static const GUID g = { @@ -557,7 +512,7 @@ const GUID &MullvadGuids::FilterPermitNdp_Inbound_Router_Advertisement() } //static -const GUID &MullvadGuids::FilterPermitNdp_Inbound_Redirect() +const GUID &MullvadGuids::Filter_Baseline_PermitNdp_Inbound_Redirect() { static const GUID g = { @@ -571,7 +526,7 @@ const GUID &MullvadGuids::FilterPermitNdp_Inbound_Redirect() } //static -const GUID &MullvadGuids::FilterPermitPing_Outbound_Icmpv4() +const GUID &MullvadGuids::Filter_Baseline_PermitPing_Outbound_Icmpv4() { static const GUID g = { @@ -585,7 +540,7 @@ const GUID &MullvadGuids::FilterPermitPing_Outbound_Icmpv4() } //static -const GUID &MullvadGuids::FilterPermitPing_Outbound_Icmpv6() +const GUID &MullvadGuids::Filter_Baseline_PermitPing_Outbound_Icmpv6() { static const GUID g = { diff --git a/windows/winfw/src/winfw/mullvadguids.h b/windows/winfw/src/winfw/mullvadguids.h index 3c3ca9702b..261dd4edb8 100644 --- a/windows/winfw/src/winfw/mullvadguids.h +++ b/windows/winfw/src/winfw/mullvadguids.h @@ -22,52 +22,53 @@ public: MullvadGuids() = delete; static const GUID &Provider(); - static const GUID &SublayerWhitelist(); - static const GUID &SublayerBlacklist(); + static const GUID &SublayerBaseline(); + static const GUID &SublayerNonTunnelDns(); + static const GUID &SublayerTunnelDns(); - static const GUID &FilterBlockAll_Outbound_Ipv4(); - static const GUID &FilterBlockAll_Inbound_Ipv4(); - static const GUID &FilterBlockAll_Outbound_Ipv6(); - static const GUID &FilterBlockAll_Inbound_Ipv6(); + // + // Filter identifiers + // Naming convention: Filter_sublayer_rule_filter + // - static const GUID &FilterPermitLan_Outbound_Ipv4(); - static const GUID &FilterPermitLan_Outbound_Multicast_Ipv4(); - static const GUID &FilterPermitLan_Outbound_Ipv6(); - static const GUID &FilterPermitLan_Outbound_Multicast_Ipv6(); + static const GUID &Filter_Baseline_BlockAll_Outbound_Ipv4(); + static const GUID &Filter_Baseline_BlockAll_Inbound_Ipv4(); + static const GUID &Filter_Baseline_BlockAll_Outbound_Ipv6(); + static const GUID &Filter_Baseline_BlockAll_Inbound_Ipv6(); - static const GUID &FilterPermitLanService_Inbound_Ipv4(); - static const GUID &FilterPermitLanService_Inbound_Ipv6(); + static const GUID &Filter_Baseline_PermitLan_Outbound_Ipv4(); + static const GUID &Filter_Baseline_PermitLan_Outbound_Multicast_Ipv4(); + static const GUID &Filter_Baseline_PermitLan_Outbound_Ipv6(); + static const GUID &Filter_Baseline_PermitLan_Outbound_Multicast_Ipv6(); - static const GUID &FilterPermitLoopback_Outbound_Ipv4(); - static const GUID &FilterPermitLoopback_Inbound_Ipv4(); - static const GUID &FilterPermitLoopback_Outbound_Ipv6(); - static const GUID &FilterPermitLoopback_Inbound_Ipv6(); + static const GUID &Filter_Baseline_PermitLanService_Inbound_Ipv4(); + static const GUID &Filter_Baseline_PermitLanService_Inbound_Ipv6(); - static const GUID &FilterPermitDhcp_Outbound_Request_Ipv4(); - static const GUID &FilterPermitDhcp_Inbound_Response_Ipv4(); - static const GUID &FilterPermitDhcp_Outbound_Request_Ipv6(); - static const GUID &FilterPermitDhcp_Inbound_Response_Ipv6(); + static const GUID &Filter_Baseline_PermitLoopback_Outbound_Ipv4(); + static const GUID &Filter_Baseline_PermitLoopback_Inbound_Ipv4(); + static const GUID &Filter_Baseline_PermitLoopback_Outbound_Ipv6(); + static const GUID &Filter_Baseline_PermitLoopback_Inbound_Ipv6(); - static const GUID &FilterPermitDhcpServer_Inbound_Request_Ipv4(); - static const GUID &FilterPermitDhcpServer_Outbound_Response_Ipv4(); + static const GUID &Filter_Baseline_PermitDhcp_Outbound_Request_Ipv4(); + static const GUID &Filter_Baseline_PermitDhcp_Inbound_Response_Ipv4(); + static const GUID &Filter_Baseline_PermitDhcp_Outbound_Request_Ipv6(); + static const GUID &Filter_Baseline_PermitDhcp_Inbound_Response_Ipv6(); - static const GUID &FilterPermitVpnRelay(); + static const GUID &Filter_Baseline_PermitDhcpServer_Inbound_Request_Ipv4(); + static const GUID &Filter_Baseline_PermitDhcpServer_Outbound_Response_Ipv4(); - static const GUID &FilterPermitVpnTunnel_Outbound_Ipv4(); - static const GUID &FilterPermitVpnTunnel_Outbound_Ipv6(); + static const GUID &Filter_Baseline_PermitVpnRelay(); - static const GUID &FilterRestrictDns_Outbound_Ipv4(); - static const GUID &FilterRestrictDns_Outbound_Tunnel_Ipv4(); - static const GUID &FilterRestrictDns_Outbound_Ipv6(); - static const GUID &FilterRestrictDns_Outbound_Tunnel_Ipv6(); + static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv4(); + static const GUID &Filter_Baseline_PermitVpnTunnel_Outbound_Ipv6(); - static const GUID &FilterPermitVpnTunnelService_Ipv4(); - static const GUID &FilterPermitVpnTunnelService_Ipv6(); + static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv4(); + static const GUID &Filter_Baseline_PermitVpnTunnelService_Ipv6(); - static const GUID &FilterPermitNdp_Outbound_Router_Solicitation(); - static const GUID &FilterPermitNdp_Inbound_Router_Advertisement(); - static const GUID &FilterPermitNdp_Inbound_Redirect(); + static const GUID &Filter_Baseline_PermitNdp_Outbound_Router_Solicitation(); + static const GUID &Filter_Baseline_PermitNdp_Inbound_Router_Advertisement(); + static const GUID &Filter_Baseline_PermitNdp_Inbound_Redirect(); - static const GUID &FilterPermitPing_Outbound_Icmpv4(); - static const GUID &FilterPermitPing_Outbound_Icmpv6(); + static const GUID &Filter_Baseline_PermitPing_Outbound_Icmpv4(); + static const GUID &Filter_Baseline_PermitPing_Outbound_Icmpv6(); }; diff --git a/windows/winfw/src/winfw/mullvadobjects.cpp b/windows/winfw/src/winfw/mullvadobjects.cpp index 43618b51b3..e305f76388 100644 --- a/windows/winfw/src/winfw/mullvadobjects.cpp +++ b/windows/winfw/src/winfw/mullvadobjects.cpp @@ -16,14 +16,14 @@ std::unique_ptr<wfp::ProviderBuilder> MullvadObjects::Provider() } //static -std::unique_ptr<wfp::SublayerBuilder> MullvadObjects::SublayerWhitelist() +std::unique_ptr<wfp::SublayerBuilder> MullvadObjects::SublayerBaseline() { auto builder = std::make_unique<wfp::SublayerBuilder>(); (*builder) - .name(L"Mullvad VPN whitelist") - .description(L"Filters that permit traffic") - .key(MullvadGuids::SublayerWhitelist()) + .name(L"Mullvad VPN baseline") + .description(L"Filters that enforce a good baseline") + .key(MullvadGuids::SublayerBaseline()) .provider(MullvadGuids::Provider()) .weight(MAXUINT16); @@ -31,14 +31,29 @@ std::unique_ptr<wfp::SublayerBuilder> MullvadObjects::SublayerWhitelist() } //static -std::unique_ptr<wfp::SublayerBuilder> MullvadObjects::SublayerBlacklist() +std::unique_ptr<wfp::SublayerBuilder> MullvadObjects::SublayerNonTunnelDns() { auto builder = std::make_unique<wfp::SublayerBuilder>(); (*builder) - .name(L"Mullvad VPN blacklist") - .description(L"Filters that block traffic") - .key(MullvadGuids::SublayerBlacklist()) + .name(L"Mullvad VPN non-tunnel DNS") + .description(L"Filters that restrict DNS traffic outside tunnel") + .key(MullvadGuids::SublayerNonTunnelDns()) + .provider(MullvadGuids::Provider()) + .weight(MAXUINT16 - 1); + + return builder; +} + +//static +std::unique_ptr<wfp::SublayerBuilder> MullvadObjects::SublayerTunnelDns() +{ + auto builder = std::make_unique<wfp::SublayerBuilder>(); + + (*builder) + .name(L"Mullvad VPN tunnel DNS") + .description(L"Filters that restrict DNS traffic inside tunnel") + .key(MullvadGuids::SublayerTunnelDns()) .provider(MullvadGuids::Provider()) .weight(MAXUINT16 - 1); diff --git a/windows/winfw/src/winfw/mullvadobjects.h b/windows/winfw/src/winfw/mullvadobjects.h index 9a056c9186..430b61f4be 100644 --- a/windows/winfw/src/winfw/mullvadobjects.h +++ b/windows/winfw/src/winfw/mullvadobjects.h @@ -13,6 +13,7 @@ public: MullvadObjects() = delete; static std::unique_ptr<wfp::ProviderBuilder> Provider(); - static std::unique_ptr<wfp::SublayerBuilder> SublayerWhitelist(); - static std::unique_ptr<wfp::SublayerBuilder> SublayerBlacklist(); + static std::unique_ptr<wfp::SublayerBuilder> SublayerBaseline(); + static std::unique_ptr<wfp::SublayerBuilder> SublayerNonTunnelDns(); + static std::unique_ptr<wfp::SublayerBuilder> SublayerTunnelDns(); }; |
