Allow to block only IPv4 or IPv6

Author: Kevin Gut

AnyBlock/CIDR.cs

@@ -1,8 +1,33 @@
 using System;
 using System.Net;
+using System.Net.Sockets;
 
 namespace WinAPI.NET
 {
+    /// <summary>
+    /// IP version specifier
+    /// </summary>
+    [Flags]
+    public enum IPVersion : int
+    {
+        /// <summary>
+        /// No or invalid value
+        /// </summary>
+        None = 0,
+        /// <summary>
+        /// IPv4
+        /// </summary>
+        V4 = 1,
+        /// <summary>
+        /// IPv6
+        /// </summary>
+        V6 = 2,
+        /// <summary>
+        /// IPv4 or IPv6
+        /// </summary>
+        Any = V4 | V6
+    }
+
     /// <summary>
     /// Handles CIDR notation of IPv4 and IPv6 addresses
     /// </summary>
@@ -60,6 +85,17 @@ public IPAddress MaskIP
         public bool FixAddress
         { get; set; }
 
+        /// <summary>
+        /// Gets the Type of address in use
+        /// </summary>
+        public IPVersion Type
+        {
+            get
+            {
+                return Address.AddressFamily == AddressFamily.InterNetwork ? IPVersion.V4 : IPVersion.V6;
+            }
+        }
+
         /// <summary>
         /// Initializes a new Range in CIDR Notation
         /// </summary>
@@ -86,10 +122,14 @@ public CIDR(string combinedNotation, bool fixAddress)
             {
                 throw new FormatException("CombinedNotation doesn't has a valid IP Address");
             }
+            if (tempAddr.AddressFamily != AddressFamily.InterNetwork && tempAddr.AddressFamily != AddressFamily.InterNetworkV6)
+            {
+                throw new FormatException("Supplied address is not IPv4 or IPv6");
+            }
             //If no CIDR delimiter is provided, assume fully closed mask
             if (Parts.Length == 1)
             {
-                tempMask = tempAddr.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 ? 128 : 32;
+                tempMask = tempAddr.AddressFamily == AddressFamily.InterNetworkV6 ? 128 : 32;
             }
             else
             {
@@ -104,7 +144,7 @@ public CIDR(string combinedNotation, bool fixAddress)
                     throw new ArgumentOutOfRangeException(nameof(combinedNotation), "CIDR Mask is outside of Bounds");
                 }
                 //Mask must not be bigger than IPv4=32 or IPv6=128
-                if (tempMask > (tempAddr.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 ? 128 : 32))
+                if (tempMask > (tempAddr.AddressFamily == AddressFamily.InterNetworkV6 ? 128 : 32))
                 {
                     throw new ArgumentOutOfRangeException(nameof(combinedNotation), "CIDR Mask is outside of Bounds");
                 }
@@ -124,7 +164,7 @@ public void SetMask(int cidrMask)
                 throw new ArgumentOutOfRangeException(nameof(cidrMask), "CIDR Mask is outside of Bounds");
             }
             //Mask must not be bigger than IPv4=32 or IPv6=128
-            if (cidrMask > (Address.AddressFamily == System.Net.Sockets.AddressFamily.InterNetworkV6 ? 128 : 32))
+            if (cidrMask > (Address.AddressFamily == AddressFamily.InterNetworkV6 ? 128 : 32))
             {
                 throw new ArgumentOutOfRangeException(nameof(cidrMask), "CIDR Mask is outside of Bounds");
             }
@@ -253,7 +293,7 @@ private void ComputeMask(IPAddress ipAddr, int cidrMask)
             MaskBits = bitmask;
             Mask = cidrMask;
             //Set addresses and keep scope if applicable
-            if (ipAddr.AddressFamily == System.Net.Sockets.AddressFamily.InterNetwork)
+            if (ipAddr.AddressFamily == AddressFamily.InterNetwork)
             {
                 Address = new IPAddress(bytes);
                 AddressLow = new IPAddress(low);

AnyBlock/Firewall.cs

@@ -58,7 +58,7 @@ private static INetFwPolicy2 GetPolicy()
         /// <summary>
         /// Removes all rules with the current prefix
         /// </summary>
-        public static void ClearRules()
+        public static int ClearRules()
         {
             var Policy = GetPolicy();
             var Rules = Policy.Rules
@@ -70,6 +70,7 @@ public static void ClearRules()
             {
                 Policy.Rules.Remove(Rule);
             }
+            return Rules.Length;
         }
 
         /// <summary>

AnyBlock/Program.cs

@@ -93,7 +93,7 @@ static int Main(string[] args)
                     switch (args[0].ToLower())
                     {
                         case "/apply":
-                            return ApplyRules();
+                            return ApplyRules(IPVersion.Any);
                         case "/clear":
                             return ClearRules();
                         case "/config":
@@ -106,6 +106,9 @@ static int Main(string[] args)
                 {
                     switch (args[0].ToLower())
                     {
+                        case "/apply":
+                            IPVersion v = ParseIPVersion(args.Skip(1).FirstOrDefault());
+                            return ApplyRules(v);
                         case "/remove":
                             return RemoveCacheItem(args.Skip(1));
                         case "/add":
@@ -119,6 +122,32 @@ static int Main(string[] args)
             return ERR.ARGS;
         }
 
+        /// <summary>
+        /// Parses the string "v4" or "v6" into an <see cref="IPVersion"/>
+        /// </summary>
+        /// <param name="Arg">IP version string</param>
+        /// <returns>
+        /// <see cref="IPVersion"/> value.
+        /// <see cref="IPVersion.Any"/> if no argument supplied or empty.
+        /// <see cref="IPVersion.None"/> if argument supplied and invalid.
+        /// </returns>
+        private static IPVersion ParseIPVersion(string Arg)
+        {
+            if (string.IsNullOrEmpty(Arg))
+            {
+                return IPVersion.Any;
+            }
+            if (Arg.ToLower() == "v4")
+            {
+                return IPVersion.V4;
+            }
+            if (Arg.ToLower() == "v6")
+            {
+                return IPVersion.V6;
+            }
+            return IPVersion.None;
+        }
+
         /// <summary>
         /// Clears firewall rules
         /// </summary>
@@ -133,7 +162,7 @@ private static int ClearRules()
         /// <summary>
         /// Applies firewall rules
         /// </summary>
-        private static int ApplyRules()
+        private static int ApplyRules(IPVersion Version)
         {
             Log("Applying firewall Rules...");
             try
@@ -142,14 +171,19 @@ private static int ApplyRules()
                     .Select(m => new RangeSet()
                     {
                         Direction = m.Direction,
-                        Ranges = Cache.GetAddresses(m).Select(n => new CIDR(n, true)).ToArray()
+                        Ranges = Cache
+                            .GetAddresses(m)
+                            .Select(n => new CIDR(n, true))
+                            .Where(n => Version.HasFlag(n.Type))
+                            .ToArray()
                     })
+                    .Where(m => m.Ranges.Length > 0)
                     .ToArray();
                 Debug("Clearing existing firewall rules...");
-                Firewall.ClearRules();
+                Debug("Removed {0} rules...", Firewall.ClearRules());
                 Debug("Adding new rules...");
                 Firewall.BlockRanges(FWRanges);
-                Log("Blocked {0} ranges", FWRanges.SelectMany(m => m.Ranges).Count());
+                Log("Blocked {0} ranges in {1} rules", FWRanges.SelectMany(m => m.Ranges).Count(), FWRanges.Length);
             }
             catch (Exception ex)
             {
@@ -382,7 +416,7 @@ private static bool GetCache()
 
         private static void ShowHelp()
         {
-            Console.Error.WriteLine(@"AnyBlock.exe [/v] [/clear | /config | /add dir name | /remove name | /apply | /list | /export <format>]
+            Console.Error.WriteLine(@"AnyBlock.exe [/v] [/clear | /config | /add dir name | /remove name | /apply [v{4|6}]| /list | /export <format>]
 Blocks IP ranges in the Windows firewall
 
 Shows a graphical configuration window if no arguments are specified.
@@ -424,11 +458,14 @@ To remove TOR exit nodes you would use the arguments /remove tor tor Exit
 You can only remove one entry at a time.
 To remove all entries, simply delete the 'settings.json' file
 
-/apply
+/apply [v{4|6}]
 Applying the List will remove all blocked IPs that are no longer in the
 current list of addresses.
 To get most out of this command, schedule this as a task to be run every
 24 hours.
+You can optionally specify to only add IPv4 or IPv6 addresses.
+This will reduce the number of rules drastically
+if you're only reachable via one protocol.
 
 /clear
 Removes all rules from the firewall without deleting them from the settings.

AnyBlock/Properties/AssemblyInfo.cs

@@ -31,5 +31,5 @@
 // You can specify all the values or you can default the Build and Revision Numbers 
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.1.0.0")]
-[assembly: AssemblyFileVersion("2.1.0.0")]
+[assembly: AssemblyVersion("2.2.0.0")]
+[assembly: AssemblyFileVersion("2.2.0.0")]