From 6151c51531c56269323b5559381dab6a91fbaacc Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 4 Apr 2018 15:16:22 +0200 Subject: [PATCH 1/6] BlockHostByIP() use GetAddressIP instead ResolvDNSName to retrieve IP with hostname --- cleanW10.ps1 | 11 ++++++----- modules.d/FW_BlockIP/telemetry.txt | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/cleanW10.ps1 b/cleanW10.ps1 index 9717fe9..8397c05 100755 --- a/cleanW10.ps1 +++ b/cleanW10.ps1 @@ -63,14 +63,15 @@ function BlockHostByIP { param( [string]$hostname ) - $resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | select Address,Type | Where { $_.type -match "^A{1,4}$" } + $resolv = [system.net.Dns]::GetHostAddresses($hostname) | Select IPAddressToString + #$resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | select Address,Type | Where { $_.type -match "^A{1,4}$" } $resolv | Foreach { - Write-Host -NoNewLine "`t`t" - if ($_.Address -match $IP4_REGEX ) { Write-Debug "Found a valid IPv4 $($_.Address)" } - $ip = $_.Address + Write-Host -NoNewLine "`t" + $ip = $_.IPAddressToString + Write-Debug "Found a valid IP $($_.IPAddressToString)" $rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } | Get-NetFirewallRule if ( $rule ) { - write-host -NoNewLine "FW Rule exist : " + write-host -NoNewLine "`tFW Rule exist : " write-host -ForegroundColor yellow $rule.name } else { diff --git a/modules.d/FW_BlockIP/telemetry.txt b/modules.d/FW_BlockIP/telemetry.txt index b35786f..b4c2ce2 100644 --- a/modules.d/FW_BlockIP/telemetry.txt +++ b/modules.d/FW_BlockIP/telemetry.txt @@ -349,7 +349,7 @@ 195.138.255.0-195.138.255.255 213.199.179.0-213.199.179.255 191.232.139.2-191.232.139.255 -=23.55.155.27 +23.55.155.27 23.214.171.90 64.4.11.25 65.52.100.46 @@ -363,4 +363,4 @@ 221.221.112.129 221.221.112.145 221.221.112.160 -221.221.112.203 +221.221.112.203 \ No newline at end of file From 97b826a91548cb8c5122699fe6d418434aa84719 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 4 Apr 2018 22:12:48 +0200 Subject: [PATCH 2/6] Revert to Resolve-DnsName in BlockHostByIP(), File in BlockHost() can use comment --- cleanW10.ps1 | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/cleanW10.ps1 b/cleanW10.ps1 index 8397c05..8ee4f23 100755 --- a/cleanW10.ps1 +++ b/cleanW10.ps1 @@ -26,7 +26,7 @@ function BlockHost { [object]$params ) if ( $params.ContainsKey('file') ) { - Foreach ($line in Get-Content $params.file ){ BlockHost -params @{host=$line;firewall=$params.firewall} } + Get-Content $params.file | where { $_ -notmatch "^#.*$|^$" } | Foreach{ BlockHost -params @{host=$_;firewall=$params.firewall} } } elseif ( $params.ContainsKey('host') -and $params.host -ne "" ) { Write-Host "`n`tBlock host $($params.host) : " @@ -63,12 +63,12 @@ function BlockHostByIP { param( [string]$hostname ) - $resolv = [system.net.Dns]::GetHostAddresses($hostname) | Select IPAddressToString - #$resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | select Address,Type | Where { $_.type -match "^A{1,4}$" } + #$resolv = [system.net.Dns]::GetHostAddresses($hostname) | Select IPAddressToString + $resolv = Resolve-DnsName $hostname -ErrorAction SilentlyContinue | Where { $_.type -match "^A{1,4}$" } | select Address $resolv | Foreach { Write-Host -NoNewLine "`t" - $ip = $_.IPAddressToString - Write-Debug "Found a valid IP $($_.IPAddressToString)" + $ip = $_.Address + Write-Debug "Found a valid IP $ip" $rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $ip } | Get-NetFirewallRule if ( $rule ) { write-host -NoNewLine "`tFW Rule exist : " @@ -107,10 +107,11 @@ function FwBlockOutputIP { else { $name = $FW_RULE_NAME_PREFIX + "_IP_" + $params.name + "-" + $params.ip } - Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : " - if ( Get-NetFirewallRule -Name $name -ErrorAction SilentlyContinue) { - Write-Host -ForegroundColor Yellow "already exist" - return + Write-Host -NoNewline "`tAdd FW IP rule $name ($($params.ip)) : " + $rule = Get-NetFirewallAddressFilter | Where-Object { $_.RemoteAddress -eq $params.ip } | Get-NetFirewallRule + if ( $rule ) { + write-host -NoNewLine " exist : " + write-host -ForegroundColor yellow $rule.name } else { Try { From 915ba84aa1202fc4abd1605186e782a1552a2fcf Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 4 Apr 2018 22:13:31 +0200 Subject: [PATCH 3/6] Modify IPs --- modules.d/FW_BlockIP/skype-msn.txt | 8 +------- modules.d/FW_BlockIP/telemetry.txt | 5 ----- 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/modules.d/FW_BlockIP/skype-msn.txt b/modules.d/FW_BlockIP/skype-msn.txt index d7e518d..a15ccf7 100644 --- a/modules.d/FW_BlockIP/skype-msn.txt +++ b/modules.d/FW_BlockIP/skype-msn.txt @@ -26,10 +26,4 @@ 157.56.109.8 157.56.123.82 157.56.114.104 -157.56.194.24 -207.46.11.252 -207.46.194.8 -207.46.194.10 -207.46.194.14 -207.46.194.25 -207.46.194.33 \ No newline at end of file +157.56.194.24 \ No newline at end of file diff --git a/modules.d/FW_BlockIP/telemetry.txt b/modules.d/FW_BlockIP/telemetry.txt index b4c2ce2..75cac75 100644 --- a/modules.d/FW_BlockIP/telemetry.txt +++ b/modules.d/FW_BlockIP/telemetry.txt @@ -325,11 +325,6 @@ 204.79.197.213 207.123.34.126 207.123.56.252 -207.46.7.252 -207.46.101.29 -207.46.114.58 -207.46.114.61 -207.46.223.94 207.68.166.254 212.30.134.204 212.30.134.205 From 335ba9b5484a1175f35ff0190e474b6b47e07100 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 4 Apr 2018 22:43:35 +0200 Subject: [PATCH 4/6] Error if .firewall was null for file in BlockHost() --- cleanW10.ps1 | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cleanW10.ps1 b/cleanW10.ps1 index 8ee4f23..eea54de 100755 --- a/cleanW10.ps1 +++ b/cleanW10.ps1 @@ -26,6 +26,9 @@ function BlockHost { [object]$params ) if ( $params.ContainsKey('file') ) { + if ( -not $params.ContainsKey('firewall') -or $params.firewall -eq "" ) { + $params.firewall = $false + } Get-Content $params.file | where { $_ -notmatch "^#.*$|^$" } | Foreach{ BlockHost -params @{host=$_;firewall=$params.firewall} } } elseif ( $params.ContainsKey('host') -and $params.host -ne "" ) { From 4c4ec03375e993de6af2d9bdd285c01d1958513e Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 4 Apr 2018 22:44:38 +0200 Subject: [PATCH 5/6] Reworked FW_Hosts module and files --- modules.d/{BlockHosts.conf => FW_Hosts.conf} | 2 +- modules.d/{BlockHosts => FW_Hosts}/base.txt | 10 +++++----- modules.d/{BlockHosts => FW_Hosts}/mcafee.txt | 0 .../{BlockHosts => FW_Hosts}/ms-skype-messenger.txt | 3 +-- 4 files changed, 7 insertions(+), 8 deletions(-) rename modules.d/{BlockHosts.conf => FW_Hosts.conf} (85%) rename modules.d/{BlockHosts => FW_Hosts}/base.txt (97%) rename modules.d/{BlockHosts => FW_Hosts}/mcafee.txt (100%) rename modules.d/{BlockHosts => FW_Hosts}/ms-skype-messenger.txt (93%) diff --git a/modules.d/BlockHosts.conf b/modules.d/FW_Hosts.conf similarity index 85% rename from modules.d/BlockHosts.conf rename to modules.d/FW_Hosts.conf index 195bd0f..f65f46a 100644 --- a/modules.d/BlockHosts.conf +++ b/modules.d/FW_Hosts.conf @@ -10,7 +10,7 @@ }, { "action" : "BlockHost", - "file" : "ms-skype-messeger.txt" + "file" : "ms-skype-messenger.txt" } ] } diff --git a/modules.d/BlockHosts/base.txt b/modules.d/FW_Hosts/base.txt similarity index 97% rename from modules.d/BlockHosts/base.txt rename to modules.d/FW_Hosts/base.txt index 7480605..451d401 100644 --- a/modules.d/BlockHosts/base.txt +++ b/modules.d/FW_Hosts/base.txt @@ -29,7 +29,6 @@ a23-67-60-97.deploy.static.akamaitechnologies.com a23-9-123-27.deploy.static.akamaitechnologies.com a569.g.akamai.net activity.windows.com -ad.doubleclick.net ads.msn.com ads.msn.com.nsatc.net ads1.msads.net @@ -66,7 +65,10 @@ e2236.g.akamaiedge.net e7173.g.akamaiedge.net e8011.g.akamaiedge.net fe1.update.microsoft.com.akadns.net -fe2.update.microsoft.com.akadns.net + +#Problem with windows update +#fe2.update.microsoft.com.akadns.net + fe3.delivery.dsp.mp.microsoft.com.nsatc.net feedback.microsoft-hohm.com feedback.search.microsoft.com @@ -138,13 +140,11 @@ survey.watson.microsoft.com t.urs.microsoft.com.nsatc.net telecommand.telemetry.microsoft.com telemetry.appex.bing.net -telemetry.appex.bing.net:443 telemetry.appex.search.prod.ms.akadns.net telemetry.microsoft.com telemetry.urs.microsoft.com tunnel.cfw.trustedsource.org uci.officeapps.live.com -updatekeepalive.mcafee.com urs.smartscreen.microsoft.com v10.vortex-win.data.microsoft.com vortex-sandbox.data.glbdns2.microsoft.com @@ -158,4 +158,4 @@ watson.telemetry.microsoft.com wes.df.telemetry.microsoft.com win10.ipv6.microsoft.com www.msftconnecttest.com -www.msftncsi.com +www.msftncsi.com \ No newline at end of file diff --git a/modules.d/BlockHosts/mcafee.txt b/modules.d/FW_Hosts/mcafee.txt similarity index 100% rename from modules.d/BlockHosts/mcafee.txt rename to modules.d/FW_Hosts/mcafee.txt diff --git a/modules.d/BlockHosts/ms-skype-messenger.txt b/modules.d/FW_Hosts/ms-skype-messenger.txt similarity index 93% rename from modules.d/BlockHosts/ms-skype-messenger.txt rename to modules.d/FW_Hosts/ms-skype-messenger.txt index 9acce47..2cd994b 100644 --- a/modules.d/BlockHosts/ms-skype-messenger.txt +++ b/modules.d/FW_Hosts/ms-skype-messenger.txt @@ -17,10 +17,9 @@ live.rads.msn.com m.hotmail.com mscrl.microsoft.com msnbot-65-55-108-23.search.msn.com -preview.msn.com rad.live.com rad.msn.com rpt.msn.com s.gateway.messenger.live.com otf.msn.com -ui.skype.com +ui.skype.com \ No newline at end of file From a4df335b4924e2e408f043cc2291a982ade8ce20 Mon Sep 17 00:00:00 2001 From: Yorick Barbanneau Date: Wed, 4 Apr 2018 22:48:14 +0200 Subject: [PATCH 6/6] Remove Mc Afee host textfile in FW_Hosts module --- modules.d/FW_Hosts/mcafee.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 modules.d/FW_Hosts/mcafee.txt diff --git a/modules.d/FW_Hosts/mcafee.txt b/modules.d/FW_Hosts/mcafee.txt deleted file mode 100644 index 631f973..0000000 --- a/modules.d/FW_Hosts/mcafee.txt +++ /dev/null @@ -1,2 +0,0 @@ -su3.mcafee.com -sm.mcafee.com