From f605bfa437bd7e2bd2677f0fb978fbea2f4afc31 Mon Sep 17 00:00:00 2001
From: ChsBuffer <33744752+chsbuffer@users.noreply.github.com>
Date: Wed, 8 Jul 2020 23:01:15 +0800
Subject: [PATCH] =?UTF-8?q?Netch=20=E8=87=AA=E5=8A=A8=E5=8A=A0=E5=85=A5?=
 =?UTF-8?q?=E9=98=B2=E7=81=AB=E5=A2=99=E8=A7=84=E5=88=99?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Netch/Forms/MainForm.Control.cs |   2 +
 Netch/Netch.csproj              |   8 ++
 Netch/Utils/Firewall.cs         | 128 ++++++++++++++++++++++++++++++++
 3 files changed, 138 insertions(+)
 create mode 100644 Netch/Utils/Firewall.cs

diff --git a/Netch/Forms/MainForm.Control.cs b/Netch/Forms/MainForm.Control.cs
index 619dfece..6389d78c 100644
--- a/Netch/Forms/MainForm.Control.cs
+++ b/Netch/Forms/MainForm.Control.cs
@@ -36,6 +36,8 @@ namespace Netch.Forms
                 //MenuStrip.Enabled = ConfigurationGroupBox.Enabled = ControlButton.Enabled = SettingsButton.Enabled = false;
 
                 UpdateStatus(State.Starting);
+                
+                Firewall.AddNetchFwRules();
 
                 Task.Run(() =>
                 {
diff --git a/Netch/Netch.csproj b/Netch/Netch.csproj
index 5689d44c..d8de9087 100644
--- a/Netch/Netch.csproj
+++ b/Netch/Netch.csproj
@@ -46,6 +46,14 @@
             <Isolated>false</Isolated>
             <EmbedInteropTypes>false</EmbedInteropTypes>
         </COMReference>
+        <COMReference Include="NetFwTypeLib.dll">
+          <Guid>58fbcf7c-e7a9-467c-80b3-fc65e8fcca08</Guid>
+          <VersionMajor>1</VersionMajor>
+          <VersionMinor>0</VersionMinor>
+          <Lcid>0</Lcid>
+          <WrapperTool>tlbimp</WrapperTool>
+          <Isolated>false</Isolated>
+        </COMReference>
     </ItemGroup>
 
     <ItemGroup>
diff --git a/Netch/Utils/Firewall.cs b/Netch/Utils/Firewall.cs
new file mode 100644
index 00000000..33adfd18
--- /dev/null
+++ b/Netch/Utils/Firewall.cs
@@ -0,0 +1,128 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+using System.Diagnostics;
+using System.IO;
+using System.Linq;
+using NetFwTypeLib;
+
+namespace Netch.Utils
+{
+    public class Firewall
+    {
+        private static readonly string[] ProgramPath =
+        {
+            "bin/NTT.exe",
+            "bin/Privoxy.exe",
+            "bin/Redirector.exe",
+            "bin/Shadowsocks.exe",
+            "bin/ShadowsocksR.exe",
+            "bin/Trojan.exe",
+            "bin/tun2socks.exe",
+            "bin/unbound.exe",
+            "bin/v2ray.exe",
+            "Netch.exe"
+        };
+
+        private const string _netch = "Netch";
+        private const string _netchAutoRule = "NetchAutoRule";
+
+        /// <summary>
+        /// 添加防火墙规则 (非 Netch 自带程序)
+        /// </summary>
+        /// <param name="exeFullPath"></param>
+        public static void AddFwRule(string exeFullPath)
+        {
+            AddFwRule(_netchAutoRule, exeFullPath);
+        }
+
+        /// <summary>
+        /// 清除防火墙规则 (非 Netch 自带程序)
+        /// </summary>
+        public static void RemoveFwRules()
+        {
+            RemoveFwRules(_netchAutoRule);
+        }
+
+        /// <summary>
+        /// Netch 自带程序添加防火墙
+        /// </summary>
+        public static void AddNetchFwRules()
+        {
+            if (GetFwRulePath(_netch).StartsWith(AppDomain.CurrentDomain.BaseDirectory) && GetFwRulesNumber(_netch) >= ProgramPath.Length) return;
+            RemoveNetchFwRules();
+            foreach (var p in ProgramPath)
+            {
+                var path = Path.GetFullPath(p);
+                if (File.Exists(path))
+                {
+                    AddFwRule("Netch", path);
+                }
+            }
+        }
+
+        /// <summary>
+        /// 清除防火墙规则 (Netch 自带程序)
+        /// </summary>
+        public static void RemoveNetchFwRules()
+        {
+            RemoveFwRules(_netch);
+        }
+
+        #region 封装
+
+        private static readonly INetFwPolicy2 FwPolicy = (INetFwPolicy2) Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
+
+        private static void AddFwRule(string ruleName, string exeFullPath)
+        {
+            var rule = NewFwRule();
+
+            rule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
+            // ApplicationName 大小不敏感
+            rule.ApplicationName = exeFullPath;
+            // rule.Description = "Used to block all internet access.";
+            rule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN;
+            rule.Enabled = true;
+            rule.InterfaceTypes = "All";
+            rule.Name = ruleName;
+
+            FwPolicy.Rules.Add(rule);
+        }
+
+        private static void RemoveFwRules(string ruleName)
+        {
+            var c = GetFwRulesNumber(ruleName);
+            foreach (var _ in new bool[c])
+            {
+                FwPolicy.Rules.Remove(ruleName);
+            }
+        }
+
+        private static INetFwRule NewFwRule()
+        {
+            return (INetFwRule) Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
+        }
+
+
+        private static string GetFwRulePath(string ruleName)
+        {
+            try
+            {
+                var rule = (INetFwRule2)FwPolicy.Rules.Item(ruleName);
+            return rule.ApplicationName;
+            }
+            catch (Exception e)
+            {
+                return "";
+            }
+        }
+
+        private static int GetFwRulesNumber(string ruleName)
+        {
+            // https://stackoverflow.com/a/53601691
+            return FwPolicy.Rules.Cast<INetFwRule>().Count(rule => rule.Name == ruleName);
+        }
+
+        #endregion
+    }
+}
\ No newline at end of file