From f437c07ce54e25627b14456ee95285a556952077 Mon Sep 17 00:00:00 2001
From: Tim Young <tim.young@lightsys.org>
Date: Thu, 31 Aug 2017 09:43:44 -0500
Subject: [PATCH] allow firewall rules to affect outbound VPN connections.
---
EduNetworkBuilder/NetworkCard.cs | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/EduNetworkBuilder/NetworkCard.cs b/EduNetworkBuilder/NetworkCard.cs
index 689052d..ce3b134 100644
--- a/EduNetworkBuilder/NetworkCard.cs
+++ b/EduNetworkBuilder/NetworkCard.cs
@@ -596,6 +596,27 @@ namespace EduNetworkBuilder
case NicType.vpn:
foreach (NetworkInterface nf in interfaces.ToList())
{
+ //make sure the firewall allows this.
+ if (tPacket.WhereAmI != null && tPacket.WhereAmI is NetworkDevice)
+ {
+ NetworkDevice ND = (NetworkDevice)tPacket.WhereAmI;
+ if (tPacket.InboundInterface != null && nf != null && !ND.FirewallAllows(tPacket.InboundInterface.nic_name, nf.nic_name))
+ {
+ //The firewall might block it. Check to see if it is a response packet
+ ResponseToPacket rtp = ND.HowToRespondToPacket(tPacket);
+ if (rtp != ResponseToPacket.accept)
+ {
+ //If we are here, the packet is rejected.
+ string message = string.Format(NB.Translate("P_FirewallDropped"), ND.hostname);
+ tPacket.AddMessage(DebugLevel.filtering, message);
+ tPacket.Tracking.Status = message;
+ tPacket.Tracking.AddMessage(DebugLevel.info, ND, message);
+ tPacket.AddMessage(DebugLevel.info, message);
+ tPacket.MyStatus = PacketStatus.finished_ok;
+ break;
+ }
+ }
+ }
if (nf.isLocal(tPacket.OutboundIP, false))
{
//We need to tell the original packet that it is inside another packet