Blog de Javier Castañón – JavCastaPosts RSS Comments RSS


Nuevo Post: WipFW Script Generator V1.Beta - http://t.co/m5fo8DR7
@javcasta
Javier Castañón

WipFW Script Generator V1 Beta.

Esta utilidad ( WipFW Script Generator ) la he implementado con C# 4.0, en el IDE SharpDevelop 4.1, para .Net 4.0 client profile. Y la he probado en un Windows 7 ultimate SP1 con WipFW 0.5.5b en una LAN stub

Su función es generar un batch script para configurar el firewall WipFW, en un host o máquina de una red stub, es decir que solo conoce una ruta de último recurso (un Gateway) para salir a Inet.

El script generado es simple, no contempla NAT ni redirección de puertos, ya que esta enfocado a configurar el cortafuegos WipFW a modo de “personal firewall” (a grosso modo: capar/permitir redes, hosts, dominios y capar/permitir puertos tcp, udp) para una maquina que no haga funciones router y sea la típica maquina cliente en una típica LAN.)

La utilidad detecta las NICs del host y sus parámetros TCP/IPv4 (IPv4, mascara, dns, gw y proxy si lo hubiera), y se elegiria en un comboBox, mediante la MAC, la NIC con salida a Inet. Tambien se puede elegir la opción “interfaz ppp / modem 3G / …” donde se parametrizaria “a mano” (siempre se podran editar los parametros a mano, idenpendientemente de los valores que obtengan).

Una vez elegida la NIC por su Mac y completado sus parametros tcp/ip, se clikaria el boton OK para validar si estan todos los parametros necesarios, y si lo estuviesen, apareceria el mensaje “parametriza script“, donde el siguiente paso seria acceder al panel de configuración de WipFW, que se encuentra abajo y donde procederiamos a configurar cada pestaña.

Por defecto he marcado o habilitado y desmarcado o deshabilitado los checkBox de las reglas que me parece que son necesarias para optimizar la securización de la maquina con WipFW.

Los comoBox de cada regla permiten definir si la regla va a:

  • allow – permitir
  • allow log – permitir y escribir en el log
  • deny – denegar
  • deny log – denegar y escribir en el log
  • drop – descartar sin envio de icmp destination port unrechable
  • drop log – descartar sin envio de icmp destination port unrechable y escribir en el log

En la pestaña redes, se puede definir las reglas para redes como multicast (224.0.0.0/3), link-local (169.254.0.0/16), y las redes privadas y bogon (a marcar en un checkedListBox ), tambien se puede editar el fichero de la Lista Negra, donde se pueden incluir IPs de host ( 80.59.69.239) o de red ( 80.59.69.0/24 ) o dominios ( www.malware.com ) que se van a bloquear su acceso tanto de salida ( out ) como de entrada ( in )

En la pestaña puertos, podras editar los puertos a permitir o capar ya sean tcp o udp de entrada y salida

Para el usuario no avanzado, tan solo con elegir la nic con salida a Inet y dejar casi por defecto las opciones de la utilidad, tendra un batch script (ultima pestaña SCRIPT) muy funcional, donde solo se permitiria por defecto las consultas DNS a sus servidores DNS, el cliente ssh (tcp22), la navegación WEB (tcp80,tcp443), el correo (smtp, pop3, imap, …) y ser accesible via terminal server o remote desktop protocol (tcp3389)…

En la pestaña proxy, credenciales, IPv6, se podrá dar permisos o capar el proxy:port, definir las credenciales (usuario:contraseña del host) por si se desea ejecutar el script (hacen falta rivilegios de administrador local de la máquina) y dar permiso o capar IPv6.

Tras esto en la pestaña SCRIPT podra ejecutar el script y/o guardarlo o copiarlo al portapapeles. Tan solo es condicion necesaria tener instalado WipFW en la maquina (obvio, pero siempre hay despistados :-) )

En el botón de “Monitorizar Log” he adjuntado otra utilidad, Tail Con C#, que he implementado tanmbien en c#, para monitorizar el log de WipFW

Y voila :-)

El código del MainForm.cs

MainForm.cs

///*
// * Created by SharpDevelop.
// * User: JavCasta - http://javcasta.com/
// * Date: 19/09/2011
// * Time: 11:09
// * 
// * To change this template use Tools | Options | Coding | Edit Standard Headers.
// */

using System;
using System.Collections.Generic;
using System.Data;
using System.Diagnostics;
using System.Drawing;
using System.IO;
using System.Management;
using System.Net;
using System.Text.RegularExpressions;
using System.Windows.Forms;

namespace Prueba
{
	/// <summary>
	/// Description of MainForm.
	/// </summary>
	public partial class MainForm : Form
	{
		ManagementClass objMC;
		ManagementObjectCollection objMOC;
		string[] ipaddresses;
		string[] subnets;
		string[] gateways;
		string[] dns;
		string hostname;
		int i = 0;
		public MainForm()
		{
			//
			// The InitializeComponent() call is required for Windows Forms designer support.
			//
			InitializeComponent();
			
			//
			// TODO: Add constructor code after the InitializeComponent() call.
			//
			// Begin show
			richTextBox1.Text="";
			ListIP();
			// end show
		}
		public void fulldata()
		{
			if (comboBox2.Text!="" && comboBox3.Text!="" && comboBox4.Text!="" && textBox4.Text!="") {
				MessageBox.Show("Parametriza script");
				tabControl1.Enabled=true;
			}
			else {
				MessageBox.Show("Faltan parametros");
				tabControl1.Enabled=false;
			}
		}
		public void ListIP()
		{
			objMC = new ManagementClass("Win32_NetworkAdapterConfiguration"); 
 			objMOC = objMC.GetInstances(); 
 			i=0;
			foreach(ManagementObject objMO in objMOC) 
			{ 
          		if(!(bool)objMO["ipEnabled"]) 
                	 continue; 
       			i=i+1; // i = nº de NICs
       			// j = nº de IPs
          		richTextBox1.Text=richTextBox1.Text + "NIC: " + objMO["Caption"] + "," +  objMO["ServiceName"] + "," + objMO["MACAddress"] +"\n";
          		comboBox1.Items.Add(objMO["MACAddress"]);
          		ipaddresses = (string[]) objMO["IPAddress"]; 
          		subnets = (string[]) objMO["IPSubnet"]; 
          		gateways = (string[]) objMO["DefaultIPGateway"]; 
          		dns = (string[]) objMO["DNSServerSearchOrder"];
          		hostname = (String) objMO["DNSHostName"];
          		groupBox1.Text = "Info TCP/IPv4: " + hostname;
          		
          		try
        		{ 
          		
          		richTextBox1.Text=richTextBox1.Text + "Gateway: ";
          		if (gateways != null)
          			foreach(string sGate in gateways) {
          				richTextBox1.Text=richTextBox1.Text + sGate + "\n";
          			}
				else richTextBox1.Text=richTextBox1.Text + "\n";
				
          		richTextBox1.Text=richTextBox1.Text + "Ip: ";
          		
          		if (ipaddresses != null) {
					foreach(string sIP in ipaddresses) {
          				richTextBox1.Text=richTextBox1.Text + sIP + "\n";
					}
          		}
          		else richTextBox1.Text=richTextBox1.Text + "\n";
 				
				richTextBox1.Text=richTextBox1.Text + "Mascara: ";
				
				if (subnets != null)
          		foreach(string sNet in subnets) 
          			richTextBox1.Text=richTextBox1.Text + sNet + "\n";
				else richTextBox1.Text=richTextBox1.Text + "\n";
				
				richTextBox1.Text=richTextBox1.Text + "DNS: ";
				
				if (dns != null)
				foreach(string sDns in dns) 
          			richTextBox1.Text=richTextBox1.Text + sDns + ", ";
				else richTextBox1.Text=richTextBox1.Text + "\n";
				
          		} //fin try
          		catch(Exception ex) 
        		{ 
              	MessageBox.Show("error : " + ex.Message);
        		}
          		richTextBox1.Text=richTextBox1.Text + "\n===================================================\n";
			}
			comboBox1.Items.Add("Interfaz ppp/modem 3G/ ...");
			//proxy
			//ref http://stackoverflow.com/questions/4254351/get-the-uri-from-the-default-web-proxy
			var proxy = HttpWebRequest.GetSystemWebProxy();
			string laurl="http://javcasta.com";
			string myproxy = "";
			string myproxyport = "";
			Uri proxyUri = proxy.GetProxy(new Uri(laurl));
			if (laurl == "http://"+proxyUri.Host.ToString())
			{
				//MessageBox.Show("No hay proxy");
				myproxy = "";
				myproxyport = "";
			}
			else
			{
				myproxy = proxyUri.Host.ToString();
				myproxyport = proxyUri.Port.ToString();
				//MessageBox.Show("Proxy: "+myproxy+" puerto: "+myproxyport);
				
			}
			textBox6.Text = myproxy;
			textBox7.Text = myproxyport;
			comboBox5.SelectedIndex = 0;
			comboBox7.SelectedIndex = 0;
			comboBox8.SelectedIndex = 0;
			comboBox9.SelectedIndex = 0;
			comboBox10.SelectedIndex = 0;
			comboBox11.SelectedIndex = 0;
			comboBox13.SelectedIndex = 3;
			comboBox15.SelectedIndex = 0;
			comboBox17.SelectedIndex = 0;
			comboBox12.SelectedIndex = 3;
			comboBox14.SelectedIndex = 0;
			comboBox16.SelectedIndex = 0;
			comboBox18.SelectedIndex = 0;
			comboBox19.SelectedIndex = 0;
			comboBox20.SelectedIndex = 0;
			comboBox21.SelectedIndex = 0;
			comboBox26.SelectedIndex = 0;
			comboBox24.SelectedIndex = 0;
			comboBox22.SelectedIndex = 0;
			comboBox23.SelectedIndex = 0;
			comboBox25.SelectedIndex = 0;
			comboBox27.SelectedIndex = 0;
			comboBox28.SelectedIndex = 0;
			comboBox29.SelectedIndex = 0;
			for ( int ele=0; ele < checkedListBox1.Items.Count; ++ele )
  				checkedListBox1.SetItemChecked( ele, true );
			for ( int ele=0; ele < checkedListBox2.Items.Count; ++ele )
  				checkedListBox2.SetItemChecked( ele, true );
			for ( int ele=3; ele < 9  ; ++ele )
  				checkedListBox3.SetItemChecked( ele, true );
			
    

	} //fin ListIP
		
		
		void ComboBox1SelectedIndexChanged(object sender, EventArgs e)
		{
			//elegir nic
			comboBox2.Items.Clear();
			comboBox3.Items.Clear();
			comboBox4.Items.Clear();
			comboBox2.Text = "";
			comboBox3.Text = "";
			comboBox4.Text = "";
			textBox4.Text ="";
			textBox5.Text ="";
			string consulta="SELECT * FROM Win32_NetworkAdapterConfiguration WHERE IPEnabled = 'TRUE' And MACAddress = '"+
				comboBox1.SelectedItem.ToString()+"' And (SettingID != NULL)";
			//MessageBox.Show(consulta);
			ManagementObjectSearcher query = new ManagementObjectSearcher(consulta);
        	ManagementObjectCollection queryCollection = query.Get();
        	try
        	{ 
        	foreach( ManagementObject mo in queryCollection )
        	{
        		string[] direcciones = (string[])mo["IPAddress"];
        		if (direcciones != null) {
					foreach(string strIP in direcciones) {
        				comboBox2.Items.Add(strIP);
        				if (comboBox2.Text == "") comboBox2.Text = strIP;
					}
        		}
        		string[] mascaras = (string[])mo["IPSubnet"];
        		if (mascaras != null) {
					foreach(string strMascara in mascaras) {
        				comboBox3.Items.Add(strMascara);
        				if (comboBox3.Text == "") comboBox3.Text = strMascara;
					}
        		}
        		string[] puertaDeEnlace = (string[])mo["DefaultIPGateway"];
        		if (puertaDeEnlace != null) {
					foreach(string strGW in puertaDeEnlace) {
        				comboBox4.Items.Add(strGW);
        				if (comboBox4.Text == "") comboBox4.Text = strGW;
					}
        		}
        		string[] sdns = (string[])mo["DNSServerSearchOrder"];
        		if (sdns != null) {
					foreach(string strdns in sdns) {
        				if (textBox4.Text == "") textBox4.Text=strdns;
        				textBox5.Text = strdns;
					}
        		}
			}
        	}//try
        	catch(Exception ex) 
        	{ 
            	//MessageBox.Show("error : " + ex.Message);
        	}
        	if (comboBox1.Text=="Interfaz ppp/modem 3G/ ...") {
        		comboBox3.Text="255.255.255.255";
        		comboBox4.Text="0.0.0.0";
        		textBox4.Text="208.67.222.222";
        		textBox5.Text="208.67.220.220";
        	}
        	
		} //fin evento combobox
		
		void ComboBox2SelectedIndexChanged(object sender, EventArgs e)
		{
			try 
			{
				comboBox3.SelectedIndex = comboBox2.SelectedIndex;

			}
			catch(Exception ex) 
        	{ 
            	//MessageBox.Show("error : " + ex.Message);
        	}
		}//
		
		void ComboBox3SelectedIndexChanged(object sender, EventArgs e)
		{
			try 
			{
				comboBox2.SelectedIndex = comboBox3.SelectedIndex;
			}
			catch(Exception ex) 
        	{ 
            	//MessageBox.Show("error : " + ex.Message);
        	}
		}
		
		void CheckBox1CheckedChanged(object sender, EventArgs e)
		{
			if (checkBox1.Checked) {
				textBox6.Enabled = true;
				textBox7.Enabled = true;
				checkBox27.Checked = true;
			}
			else {
				textBox6.Enabled = false;
				textBox7.Enabled = false;
				checkBox27.Checked = false;
			}
		}
		
	
		
		void Button1Click(object sender, EventArgs e)
		{
			Process.Start("TailCsharp2.exe");
			/*
			 * Process p= new Process();
				p.StartInfo.WorkingDirectory = @"C:\whatever";
				p.StartInfo.FileName = @"C:\some.exe";
				p.StartInfo.CreateNoWindow = true;
				p.Start();
				p.WaitForExit();
			 */
		}
		
		
		
		void Button2Click(object sender, EventArgs e)
		{
			//si no existe fichero lo creamos
			if (!File.Exists("table1.txt")) {
				StreamWriter Sw1 = new StreamWriter("table1.txt");
				Sw1.WriteLine("adultpornoxxx.info");
				Sw1.WriteLine("0.0.0.0/8");
				Sw1.WriteLine("5.64.0.0/10");
				Sw1.WriteLine("5.128.0.0/9");
				Sw1.WriteLine("216.252.162.8");
				Sw1.Close();
			}
			Process.Start("table1.txt");
				
		}
		
		void Button3Click(object sender, EventArgs e)
		{
			Process.Start("http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt");
		}
		
		void Button4Click(object sender, EventArgs e)
		{
			Process.Start("http://www.joewein.net/dl/bl/dom-bl-base.txt");
		}
		
		void Button5Click(object sender, System.EventArgs e)
		{
			//si no existe fichero lo creamos
			if (!File.Exists("portsout.txt")) {
				StreamWriter Sw1 = new StreamWriter("portsout.txt");
				Sw1.WriteLine("# tcp ports out - puertos tcp a los que podrás conectarte");
				Sw1.WriteLine("# ftp");
				Sw1.WriteLine("20");
				Sw1.WriteLine("21");
				Sw1.WriteLine("# ssh");
				Sw1.WriteLine("22");
				Sw1.WriteLine("# telnet");
				Sw1.WriteLine("23");
				Sw1.WriteLine("# smtp");
				Sw1.WriteLine("25");
				Sw1.WriteLine("# http");
				Sw1.WriteLine("80");
				Sw1.WriteLine("# pop3");
				Sw1.WriteLine("110");
				Sw1.WriteLine("# https");
				Sw1.WriteLine("443");
				Sw1.WriteLine("# secureImap");
				Sw1.WriteLine("993");
				Sw1.WriteLine("# Terminal server - remote desktop");
				Sw1.WriteLine("3389");
				Sw1.Close();
				}
			Process.Start("portsout.txt");
		}
		
		void Button6Click(object sender, System.EventArgs e)
		{
			//si no existe fichero lo creamos
			if (!File.Exists("portsin.txt")) {
				StreamWriter Sw1 = new StreamWriter("portsin.txt");
				Sw1.WriteLine("# tcp ports in - puertos tuyos tcp a los que podrán conectarse");
				Sw1.WriteLine("# Terminal server o Remote desktop for win: tcp3389");
				Sw1.WriteLine("3389");
				Sw1.Close();
				}
			Process.Start("portsin.txt");
		}
		
		void CheckBox12CheckedChanged(object sender, EventArgs e)
		{
			if (checkBox12.Checked)
			{
			 //checkedListBox5.Enabled = true;
			 button6.Enabled = true;
			 }
			else
			{
			//checkedListBox5.Enabled = false;
			button6.Enabled = false;
			}
		}
		
		void Button7Click(object sender, EventArgs e)
		{
			fulldata();
		}
		
		void Button8Click(object sender, EventArgs e)
		{
			Process.Start("http://wipfw.sourceforge.net/");
		}
		
		
		
		void Button9Click(object sender, EventArgs e)
		{
			//si no existe fichero lo creamos
			if (!File.Exists("udpout.txt")) {
				StreamWriter Sw1 = new StreamWriter("udpout.txt");
				Sw1.WriteLine("#No udp Ports out");
				Sw1.WriteLine("# tftp udp69");
				Sw1.WriteLine("69");
				Sw1.Close();
				}
			Process.Start("udpout.txt");
		}
		
		void Button10Click(object sender, EventArgs e)
		{
			Process.Start("http://www.javcasta.com/2011/07/31/wipfw-un-firewall-freebsd-por-consola-para-windows/");
		}
		
		void Button11Click(object sender, EventArgs e)
		{
			Process.Start("http://www.javcasta.com/?s=wipfw");
		}
		
		
		void TabPage3GotFocus(object sender, EventArgs e)
		{
			//evento foco			
			richTextBox2.Select();
			richTextBox2.Text="@echo off\n";
			richTextBox2.Text+="@SETLOCAL ENABLEDELAYEDEXPANSION\n";
			richTextBox2.Text+="REM WipFW 0.5.5b Script Generator V1.Beta - By JavCasta - 2.011\n";
			richTextBox2.Text+="REM http://javcasta.com/\n";
			richTextBox2.Text+="set dns1="+textBox4.Text+"\n";
			richTextBox2.Text+="set dns2="+textBox5.Text+"\n";
			richTextBox2.Text+="set me="+comboBox2.Text+"\n";
			richTextBox2.Text+="set mask="+comboBox3.Text+"\n";
			richTextBox2.Text+="set gw="+comboBox4.Text+"\n";
			if (checkBox1.Checked) {
				if (textBox6.Text!="" && textBox7.Text!="") {
					richTextBox2.Text+="set proxy="+textBox6.Text+"\n";
					richTextBox2.Text+="set proxyport="+textBox7.Text+"\n";
				}
			}
			richTextBox2.Text+="echo Limpiamos (flush) reglas del firewall wipfw.\n";
			richTextBox2.Text+="ipfw -q -f flush\n";
			if (checkBox2.Checked) richTextBox2.Text+="REM count\n"+"ipfw -q add count "+comboBox6.Text+"ip from any to any\n";
			if (checkBox3.Checked) richTextBox2.Text+="REM loopback\n"+"ipfw -q add "+comboBox5.Text+"ip from any to any via lo*\n";
			if (checkBox4.Checked) richTextBox2.Text+="REM debegamos trafico entrante aleatorio con probabilidad >=5%\n"+
				"ipfw -q add prob 0.05 drop ip from any to any in\n";
			if (checkBox5.Checked) richTextBox2.Text+="REM denegamos localhost spoofing\n"+"ipfw -q add drop log ip from any to 127.0.0.0/8 in\n";
			if (checkBox6.Checked) richTextBox2.Text+="ipfw -q add drop log ip from 127.0.0.0/8 to any in\n";
			if (checkBox7.Checked) richTextBox2.Text+="REM denegamos trafico fragmentado\n"+"ipfw -q add drop log all from any to any frag\n";
			if (checkBox20.Checked) {
					richTextBox2.Text+="REM DHCP\n"+"ipfw -q add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out\n"+
						"ipfw -q add pass udp from any 67 to any 68 in\n"+
						"ipfw -q add pass udp from any 67 to 255.255.255.255 68 in\n";
				}
			if (checkBox10.Checked) richTextBox2.Text+="REM ICMP\n"+"ipfw -q add "+comboBox9.Text+"icmp from any to any\n";
			if (checkBox32.Checked) richTextBox2.Text+="REM IPv6\n"+"ipfw -q add "+comboBox29.Text+"ipv6 from any to any\n";
			if (checkBox22.Checked) richTextBox2.Text+="REM Check-State\n"+"ipfw -q add check-state\n";
			if (checkBox23.Checked) richTextBox2.Text+="REM DNS\n"+"ipfw -q add "+comboBox20.Text+"udp from any to %dns1%,%dns2% 53 keep-state\n";
			if (checkBox24.Checked) richTextBox2.Text+="ipfw -q add "+comboBox21.Text+"udp from %dns1%,%dns2% 53 to any keep-state\n";
			if (checkBox14.Checked) richTextBox2.Text+="REM Multicast / IGMP\n"+"ipfw -q add "+comboBox13.Text+"ip from any to 224.0.0.0/3\n";
			if (checkBox14.Checked) richTextBox2.Text+="ipfw -q add "+comboBox12.Text+"ip from 224.0.0.0/3 to any\n";
			if (checkBox16.Checked) richTextBox2.Text+="REM link-local\n"+"ipfw -q add "+comboBox15.Text+"ip from any to 169.254.0.0/16\n";
			if (checkBox15.Checked) richTextBox2.Text+="ipfw -q add "+comboBox14.Text+"ip from 169.254.0.0/16 to any\n";
			//redes privadas y bogon
			string poolnet1="";
			String poolnet2="";
			int countpool = 0;
			foreach(var item in checkedListBox3.CheckedItems){
				Regex ip = new Regex(@"\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\/\d{1,2}\b");
				MatchCollection result = ip.Matches(item.ToString());
				if (countpool < 4) poolnet1+=result[0]+",";
				if (countpool >= 4) poolnet2+=result[0]+",";
				countpool++;
			}
			poolnet1=poolnet1.TrimEnd(',');
			poolnet2=poolnet2.TrimEnd(',');
			//MessageBox.Show(poolnet1);
			if (checkBox18.Checked) {
				richTextBox2.Text+="REM redes privadas y bogon\n"+
					"ipfw -q add "+comboBox17.Text+"ip from any to "+poolnet1+"\n";
				richTextBox2.Text+="ipfw -q add "+comboBox17.Text+"ip from any to "+poolnet2+"\n";
			}
			if (checkBox29.Checked) {
				richTextBox2.Text+="ipfw -q add "+comboBox26.Text+"ip from "+poolnet1+" to any\n";
				richTextBox2.Text+="ipfw -q add "+comboBox26.Text+"ip from "+poolnet2+" to any\n";
			}
			richTextBox2.Text+="REM Lista Negra\n"+"ipfw -q table 1 flush\n";
			richTextBox2.Text+="if exist table1.txt FOR /F \"eol=#\" %%i IN (table1.txt) do ipfw -q table 1 add %%i\n";
			if (checkBox17.Checked) richTextBox2.Text+="if exist table1.txt ipfw -q add "+comboBox16.Text+"ip from \"table(1)\" to any\n";
			if (checkBox19.Checked) richTextBox2.Text+="if exist table1.txt ipfw -q add "+comboBox18.Text+"ip from any to \"table(1)\"\n";
			//no tcp ports out
			String vnoportsout="";
			if (checkBox30.Checked) {
				richTextBox2.Text+="REM denegamos puertos tcp out\n";
				//leemos noportsout.txt
				StreamReader ficheronpo = new StreamReader("noportsout.txt");
				int counternpo = 0;
				string linenpo="#";
				while((linenpo = ficheronpo.ReadLine()) != null){
					if (!linenpo.StartsWith("#")) {
						vnoportsout+=linenpo+",";
						counternpo++;
					}
    				
    				if (counternpo>4) {
    					vnoportsout=vnoportsout.TrimEnd(',');
    					if (vnoportsout!="") richTextBox2.Text+="ipfw -q add "+comboBox27.Text+"tcp from %me% to any "+vnoportsout+"\n";
    					counternpo=0;
    					vnoportsout="";
    				}
				}
				ficheronpo.Close();
				vnoportsout=vnoportsout.TrimEnd(',');
				if (vnoportsout!="") richTextBox2.Text+="ipfw -q add "+comboBox27.Text+"tcp from %me% to any "+vnoportsout+"\n";
			}
			//no tcp ports in
			String vnoportsin="";
			if (checkBox25.Checked) {
				richTextBox2.Text+="REM denegamos puertos tcp in\n";
				//leemos noportsin.txt
				StreamReader ficheronpi = new StreamReader("noportsin.txt");
				int counternpi = 0;
				string linenpi="#";
				while((linenpi = ficheronpi.ReadLine()) != null){
					if (!linenpi.StartsWith("#")) {
						vnoportsin+=linenpi+",";
						counternpi++;
					}
    				
    				if (counternpi>4) {
    					vnoportsin=vnoportsin.TrimEnd(',');
    					if (vnoportsin!="") richTextBox2.Text+="ipfw -q add "+comboBox22.Text+"tcp from any to %me% "+vnoportsin+"\n";
    					counternpi=0;
    					vnoportsin="";
    				}
				}
				ficheronpi.Close();
				vnoportsin=vnoportsin.TrimEnd(',');
				if (vnoportsin!="") richTextBox2.Text+="ipfw -q add "+comboBox22.Text+"tcp from any to %me% "+vnoportsin+"\n";
			}
			//no udp out
			String vnoudpout="";
			if (checkBox26.Checked) {
				richTextBox2.Text+="REM denegamos puertos udp out\n";
				//leemos noudpout.txt
				StreamReader ficheronuo = new StreamReader("noudpout.txt");
				int counternuo = 0;
				string linenuo="#";
				while((linenuo = ficheronuo.ReadLine()) != null){
					if (!linenuo.StartsWith("#")) {
						vnoudpout+=linenuo+",";
						counternuo++;
					}
    				
    				if (counternuo>4) {
    					vnoudpout=vnoudpout.TrimEnd(',');
    					if (vnoudpout!="") richTextBox2.Text+="ipfw -q add "+comboBox23.Text+"udp from %me% to any "+vnoudpout+"\n";
    					counternuo=0;
    					vnoudpout="";
    				}
				}
				ficheronuo.Close();
				vnoudpout=vnoudpout.TrimEnd(',');
				if (vnoudpout!="") richTextBox2.Text+="ipfw -q add "+comboBox23.Text+"udp from %me% to any "+vnoudpout+"\n";
			}
			//noudpin
			String vnoudpin="";
			if (checkBox28.Checked) {
				richTextBox2.Text+="REM denegamos puertos udp in\n";
				//leemos noudpin.txt
				StreamReader ficheronui = new StreamReader("noudpin.txt");
				int counternui = 0;
				string linenui="#";
				while((linenui = ficheronui.ReadLine()) != null){
					if (!linenui.StartsWith("#")) {
						vnoudpin+=linenui+",";
						counternui++;
					}
    				
    				if (counternui>4) {
    					vnoudpin=vnoudpin.TrimEnd(',');
    					if (vnoudpin!="") richTextBox2.Text+="ipfw -q add "+comboBox25.Text+"udp from any to %me% "+vnoudpin+"\n";
    					counternui=0;
    					vnoudpin="";
    				}
				}
				ficheronui.Close();
				vnoudpin=vnoudpin.TrimEnd(',');
				if (vnoudpin!="") richTextBox2.Text+="ipfw -q add "+comboBox25.Text+"udp from any to %me% "+vnoudpin+"\n";
			}
			richTextBox2.Text+="REM si trafico entre %me% y any saltamos a 50000\n";
			richTextBox2.Text+="ipfw -q add skipto 50000 ip from %me% to any\n";
			richTextBox2.Text+="ipfw -q add skipto 50000 ip from any to %me%\n";
			richTextBox2.Text+="REM lo permitido ya ha saltado a 50000, denegamos establecidas\n";
			richTextBox2.Text+="ipfw -q add drop log tcp from any to any established\n";
			richTextBox2.Text+="REM saltamos a 65534 - drop all from any to any\n";
			richTextBox2.Text+="ipfw -q add skipto 65534 ip from any to any\n";
			//established
			richTextBox2.Text+="REM Established y si tcp out\n"+"ipfw -q add 50000 allow tcp from %me% to any established out\n";
			richTextBox2.Text+="ipfw -q add allow tcp from any to %me% established in\n";
			//sitcpout
			string vportsout="";
			if (checkBox11.Checked) {
				//leemos portsout.txt
				StreamReader fichero = new StreamReader("portsout.txt");
				int counter = 0;
				string line="#";
				while((line = fichero.ReadLine()) != null){
					if (!line.StartsWith("#")) {
						vportsout+=line+",";
						counter++;
					}
    				
    				if (counter>4) {
    					vportsout=vportsout.TrimEnd(',');
    					if (vportsout!="") richTextBox2.Text+="ipfw -q add "+comboBox10.Text+"tcp from %me% to any "+vportsout+" setup keep-state\n";
    					counter=0;
    					vportsout="";
    				}
				}
				fichero.Close();
				vportsout=vportsout.TrimEnd(',');
				if (vportsout!="") richTextBox2.Text+="ipfw -q add "+comboBox10.Text+"tcp from %me% to any "+vportsout+" setup keep-state\n";
			}
			//proxy
			if (checkBox27.Checked) richTextBox2.Text+="if defined proxy if defined proxyport ipfw -q add "+comboBox24.Text+"tcp from %me% to %proxy% %proxyport% setup keep-state\n";
			//si tcp ports in
			String vsiportsin="";
			if (checkBox12.Checked) {
				richTextBox2.Text+="REM permitimos puertos tcp in - entrantes\n";
				//leemos portsin.txt
				StreamReader ficherospi = new StreamReader("portsin.txt");
				int counterspi = 0;
				string linespi="#";
				while((linespi = ficherospi.ReadLine()) != null){
					if (!linespi.StartsWith("#")) {
						vsiportsin+=linespi+",";
						counterspi++;
					}
    				
    				if (counterspi>4) {
    					vsiportsin=vsiportsin.TrimEnd(',');
    					if (vsiportsin!="") richTextBox2.Text+="ipfw -q add "+comboBox11.Text+"tcp from any to %me% "+vsiportsin+" setup keep-state\n";
    					counterspi=0;
    					vsiportsin="";
    				}
				}
				ficherospi.Close();
				vsiportsin=vsiportsin.TrimEnd(',');
				if (vsiportsin!="") richTextBox2.Text+="ipfw -q add "+comboBox11.Text+"tcp from any to %me% "+vsiportsin+" setup keep-state\n";
			}
			//si udp in
			String vudpin="";
			if (checkBox31.Checked) {
				richTextBox2.Text+="REM denegamos puertos udp in\n";
				//leemos udpin.txt
				StreamReader ficherosui = new StreamReader("udpin.txt");
				int counterui = 0;
				string linenui="#";
				while((linenui = ficherosui.ReadLine()) != null){
					if (!linenui.StartsWith("#")) {
						vudpin+=linenui+",";
						counterui++;
					}
    				
    				if (counterui>4) {
    					vudpin=vudpin.TrimEnd(',');
    					if (vudpin!="") richTextBox2.Text+="ipfw -q add "+comboBox18.Text+"udp from any to %me% "+vudpin+"\n";
    					counterui=0;
    					vudpin="";
    				}
				}
				ficherosui.Close();
				vudpin=vudpin.TrimEnd(',');
				if (vudpin!="") richTextBox2.Text+="ipfw -q add "+comboBox18.Text+"udp from any to %me% "+vudpin+"\n";
			}
			//si udp out
			String vudpout="";
			if (checkBox21.Checked) {
				richTextBox2.Text+="REM permitimos puertos udp out\n";
				//leemos udpout.txt
				StreamReader ficherosuo = new StreamReader("udpout.txt");
				int counteruo = 0;
				string linenuo="#";
				while((linenuo = ficherosuo.ReadLine()) != null){
					if (!linenuo.StartsWith("#")) {
						vudpout+=linenuo+",";
						counteruo++;
					}
    				
    				if (counteruo>4) {
    					vudpout=vudpout.TrimEnd(',');
    					if (vudpout!="") richTextBox2.Text+="ipfw -q add "+comboBox19.Text+"udp from %me% to %any% "+vudpout+" keep-state\n";
    					counteruo=0;
    					vudpout="";
    				}
				}
				ficherosuo.Close();
				vudpout=vudpout.TrimEnd(',');
				if (vudpout!="") richTextBox2.Text+="ipfw -q add "+comboBox19.Text+"udp from %me% to any "+vudpout+" keep-state\n";
			}
			richTextBox2.Text+="ipfw -q add 65534 drop log all from any to any\n";
			richTextBox2.Text+="pause";
			
		}
		
		
		
		
		
		void Button15Click(object sender, EventArgs e)
		{
			Process.Start("https://secure.wikimedia.org/wikipedia/en/wiki/List_of_IP_protocol_numbers");
		}
		
		
		
		void Button14Click(object sender, EventArgs e)
		{
			//si no existe fichero lo creamos
			if (!File.Exists("noportsout.txt")) {
				StreamWriter Sw1 = new StreamWriter("noportsout.txt");
				Sw1.WriteLine("#No tcp Ports out");
				Sw1.WriteLine("#vnc tcp5800, tcp5900");
				Sw1.WriteLine("5800");
				Sw1.WriteLine("5900");
				Sw1.Close();
				}
			Process.Start("noportsout.txt");
		}
		
		void Button16Click(object sender, EventArgs e)
		{
			richTextBox2.SelectAll();
			richTextBox2.Copy();
		}
		
		void Button17Click(object sender, EventArgs e)
		{
			if (!File.Exists("noportsin.txt")) {
				StreamWriter Sw1 = new StreamWriter("noportsin.txt");
				Sw1.WriteLine("# No tcp Ports in - Puertos tuyos tcp a los que no se podran conectar");
				Sw1.WriteLine("21");
				Sw1.WriteLine("23");
				Sw1.WriteLine("25");
				Sw1.WriteLine("80");
				Sw1.WriteLine("443");
				Sw1.WriteLine("162");
				Sw1.WriteLine("169");
				Sw1.Close();
				}
			Process.Start("noportsin.txt");
		}
		
		void Button12Click(object sender, EventArgs e)
		{
			//ejecutar
			StreamWriter defaultScript = new StreamWriter("MyWipFWScript.cmd");
			defaultScript.Write(richTextBox2.Text);
			defaultScript.Close();
			//string pass = "";
			var pass = new System.Security.SecureString();
			foreach (Char c in maskedTextBox1.Text.ToCharArray()){
				pass.AppendChar(c);
			}
			try {
				Process.Start("MyWipFWScript.cmd",textBox1.Text, pass, "");
			}
			catch(Exception ex) { 
				MessageBox.Show("error : " + ex.Message + "\n Revisa en la pestaña anterior, las credenciales de "+textBox1.Text);
			}
			/*
			var psi = new ProcessStartInfo
			{
    			FileName = "MyWipFWScript.cmd",
    			UserName = "administrador",
    			Domain = "",
    			Password = pass,
    			UseShellExecute = false,
    			RedirectStandardOutput = true,
    			RedirectStandardError = true
			};
			Process.Start(psi);
			*/
		}
		
		void Button13Click(object sender, EventArgs e)
		{
			//guardar MyWipFWScript
			string ahora = DateTime.Now.Day.ToString()+"-"+DateTime.Now.Month.ToString()+"-"+
				DateTime.Now.Year.ToString()+"-"+DateTime.Now.Hour.ToString()+"-"+DateTime.Now.Minute.ToString();
			string script = "MyWipFWScript"+"-"+ahora+".cmd";
			//creamos fichero
			StreamWriter myscript = new StreamWriter(script);
			myscript.Write(richTextBox2.Text);
			myscript.Close();
			MessageBox.Show("Se ha guardado "+script);
			
		}
		
		void Button18Click(object sender, EventArgs e)
		{
			//no udp out
			if (!File.Exists("noudpout.txt")) {
				StreamWriter Sw1 = new StreamWriter("noudpout.txt");
				Sw1.WriteLine("# No udp ports out");
				Sw1.WriteLine("161");
				Sw1.Close();
				}
			Process.Start("noudpout.txt");
		}
		
		void Button20Click(object sender, EventArgs e)
		{
			//si udp in
			if (!File.Exists("udpin.txt")) {
				StreamWriter Sw1 = new StreamWriter("udpin.txt");
				Sw1.WriteLine("# udp ports in");
				Sw1.WriteLine("# tftp69");
				Sw1.WriteLine("#69");
				Sw1.Close();
				}
			Process.Start("udpin.txt");
		}
		
		void Button19Click(object sender, EventArgs e)
		{
			//no udp in
			if (!File.Exists("noudpin.txt")) {
				StreamWriter Sw1 = new StreamWriter("noudpin.txt");
				Sw1.WriteLine("# no udp ports in");
				Sw1.WriteLine("69");
				Sw1.Close();
				}
			Process.Start("noudpin.txt");
		}
		
		void Button21Click(object sender, EventArgs e)
		{
			//FAQ
			Process.Start("http://www.javcasta.com/2011/11/29/wipfw-script-generator-v1-beta/");
		}
	}
}

Share
Clika en el altavoz para oir el postAltavoz


4 Responses to “WipFW Script Generator V1 Beta”

  1. on 28 Dec 2011 at 19:28Yomisma77 (167 comments)

    ‎.˛.°★。˛ °.★** *★* *˛.
    ˛ °_██_*。*./ \ .˛* .˛.*.★*¡¡¡Feliz año 2012 Javier!!!*★ 。*
    ˛. (´• ̮•)*˛°*/.♫.♫\*˛.* ˛_Π_____. * ˛*
    . °( . • . ) ˛°./• ‘♫ ‘ •\.˛*./______/~\*. ˛*.。˛* ˛. *。
    * (…’•’.. ) *˛╬╬╬╬╬˛°.|田田 |門|╬╬╬╬ .
    ¯˜”*°••°*”˜¯`´¯˜”*°••°*”˜¯`¬´¯˜”*°´¯˜”*°••°*”˜¯`´¯˜”*°•~´¯˜”*°´¯˜”*°••°*”˜¯`´¯˜”*°

    Con muuuuucho cariño
    Pili :-)

  2. on 29 Dec 2011 at 16:57javcasta (632 comments)

    Igualmente Pili. Feliz 2012. :-)
    Pedazo de ascii art! :-)

  3. on 29 Dec 2011 at 17:25Yomisma77 (167 comments)

    Ups!! Debí poner una posdata en la que aclarar que no lo hice yo, que me lo enviaron por el facebook y me gustó tanto que lo modifiqué para usarlo como felicitación.

    Ojalá se me diera a mi tan bien ese arte :-) pero no es el caso

    Un besote enoooooooooooooorme!!! :-)

  4. on 01 Jan 2012 at 13:57javcasta (632 comments)

    Sigue siendo un “peazo” de ascci art :-)
    365 Besotes para ti para este año, q a pesar de que prometa malos tiempos, estoy seguro q para ti y loos tuyos seran excelentes

    Abrazos

Leave a Reply

Los enlaces en los comentarios pueden encontrarse libres de nofollow.

?>