From 5db809b884203d3a805919c32c567ca667b52d27 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Tue, 3 Apr 2018 22:24:07 +0200 Subject: [PATCH] Reworked BlockHost() BlockHostByIP() --- cleanW10.ps1 | 86 ++++++++++++++++++++++++++++------------------------ 1 file changed, 47 insertions(+), 39 deletions(-) diff --git a/cleanW10.ps1 b/cleanW10.ps1 index 16bd400..9717fe9 100755 --- a/cleanW10.ps1 +++ b/cleanW10.ps1 @@ -1,7 +1,8 @@ param ( [cmdletbinding()] [string]$dir="modules.d", - [string]$module + [string]$module, + [switch]$debug = $false ) #requires -RunAsAdministrator @@ -11,8 +12,7 @@ Set-StrictMode -Version 2 $HOST_FILE = "$env:windir\System32\drivers\etc\hosts" $HOST_IP = "0.0.0.0" $FW_RULE_NAME_PREFIX = "CleanW10" - -$ErrorActionPreference = "Stop" +$IP4_REGEX = "((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$" $ProgressPreference = "SilentlyContinue" #Thanks to https://gist.github.com/markembling/173887 @@ -26,62 +26,68 @@ function BlockHost { [object]$params ) if ( $params.ContainsKey('file') ) { - Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line} } + Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line;firewall=$params.firewall} } } - if ( $params.ContainsKey('host') -and $params.host -ne "" ) { - Write-Host -NoNewline "`t$($params.host) : " + elseif ( $params.ContainsKey('host') -and $params.host -ne "" ) { + Write-Host "`n`tBlock host $($params.host) : " try { - if ( ! $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){ - $HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE + if ( $(IsHostAlreadyBlocked $HOST_FILE $params.host) ){ + #If host is inhosts.conf, verify that ip is blocked in FW + if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) { + $tmp = Get-Content $HOST_FILE | Where { $_ -ne "$HOST_IP`t`t$($params.host)" } + Set-Content $HOST_FILE $tmp + BlockHostByIP $params.host + $HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE + } + Write-Host -ForegroundColor Yellow "`t`tHost Already blocked" } else { - Write-Host -ForegroundColor Yellow "already blocked " - return + if ( $params.ContainsKey('firewall') -and $params.firewall -eq $true ) { + BlockHostByIP $params.host + } + $HOST_IP + "`t`t" + $params.host | Out-File -encoding ASCII -append $HOST_FILE + Write-Host -ForegroundColor Green "`t`tHost blocked" } - Write-Host -ForegroundColor Green "done" } catch { - Write-Host -NoNewline -ForegroundColor Red "error`n`t" - Write-Host -ForegroundColor DarkRed $Error[0].Exeption.Message - return - } - if ( $params.ContainsKey('firewall') -and $params.firewall ) { - BlockHostByIP $params.host + Write-Host -NoNewline -ForegroundColor Red "`t`terror`n`t`t" + Write-Host -ForegroundColor DarkRed $Error[0].Exception.Message } } else { Write-Host -ForegroundColor Red "`tError : No name or file for action $($MyInvocation.MyCommand.Name)" } - } function BlockHostByIP { param( [string]$hostname ) - $ip = [system.net.Dns]::GetHostAddresses($hostname) - $rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } -ErrorAction SilentlyContinue | Get-NetFirewallRule - if ( $rule ) { - write-host -ForegroundColor yellow "`t`tFW Rule exist : ($($rule.name))" - } - else { - write-host -NoNewline -Foregroundcolor Green "`t`tFW block host.`n`t`t" - FwBlockOutputIP @{ - ip=$ip, - name=$hostname + $resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | select Address,Type | Where { $_.type -match "^A{1,4}$" } + $resolv | Foreach { + Write-Host -NoNewLine "`t`t" + if ($_.Address -match $IP4_REGEX ) { Write-Debug "Found a valid IPv4 $($_.Address)" } + $ip = $_.Address + $rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } | Get-NetFirewallRule + if ( $rule ) { + write-host -NoNewLine "FW Rule exist : " + write-host -ForegroundColor yellow $rule.name + } + else { + FwBlockOutputIP @{ + ip=$ip; + name=$hostname + } } } } function IsHostAlreadyBlocked { param([string]$filename, [string]$hostname) - $c = Get-Content $filename - - foreach ($line in $c) { - $bits = [regex]::Split($line, "\t+") - if ($bits[1] -eq $hostname) { - return $true - } + $c = Get-Content $filename | where { $_ -eq "$HOST_IP`t`t$hostname" } + Write-Debug "`tMatch hostname on host file : $c" + if ( $c ) { + return $true } return $false } @@ -98,7 +104,7 @@ function FwBlockOutputIP { $name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.ip } else { - $name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name + $name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name + "-" + $params.ip } Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : " if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) { @@ -107,7 +113,7 @@ function FwBlockOutputIP { } else { Try { - New-NetFirewallRule -Name $name -DisplayName "$name (blacklist $($params.ip))" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null + New-NetFirewallRule -Name "$name" -DisplayName "$name" -Direction Outbound -Protocol any -Enabled True -Profile Any -RemoteAddress $params.ip -Action Block | Out-Null } Catch { Write-Host -ForegroundColor Red "error" @@ -685,7 +691,7 @@ $script:users | foreach { } catch { Write-Host -ForegroundColor Red "Error`n`t" - Write-host $Error[0].Exeption.Message + Write-host $Error[0].Exception.Message } } else { @@ -694,7 +700,9 @@ $script:users | foreach { } } Write-Host "Folder to process : $module" - +if ( $debug ) { + $DebugPreference = "Continue" +} if ( $module -and $( Test-Path $module ) ) { $module | ProcessModuleFile }