wfp过滤驱动程序阻塞数据包由某个端口和ip [英] wfp filter driver block packet by some port and ip

问题描述

大家

我注册了一个  wfp过滤器驱动程序中的标注

i register a  callout in wfp filter driver

通过FWPM_LAYER_ALE_AUTH_CONNECT_V4我在ALEConnectClassify中注册一个标注ALEConnectClassify

by FWPM_LAYER_ALE_AUTH_CONNECT_V4 i register a callout ALEConnectClassify

我想通过一些防火墙规则来阻止数据包

in ALEConnectClassify i want to block a packet by some rules of firewall

ALEConnectClassify（

   IN const FWPS_INCOMING_VALUES0 * inFixedValues，

   IN const FWPS_INCOMING_METADATA_VALUES0 * inMetaValues，

   IN OUT void * layerData，

   IN const FWPS_FILTER0 * filter，

   IN UINT64 flowContext，

   OUT FWPS_CLASSIFY_OUT0 * classifyOut

  ）

ALEConnectClassify(
   IN const FWPS_INCOMING_VALUES0* inFixedValues,
   IN const FWPS_INCOMING_METADATA_VALUES0* inMetaValues,
   IN OUT void* layerData,
   IN const FWPS_FILTER0* filter,
   IN UINT64 flowContext,
   OUT FWPS_CLASSIFY_OUT0* classifyOut
   )

{

       NTSTATUS状态;

       NTSTATUS status;

       if（matchrules（inMetaValues））

       if (matchrules(inMetaValues))

      {

      {

          classifyOut-> actionType = FWP_ACTION_BLOCK;

          classifyOut-> rights& = ~FWPS_RIGHT_ACTION_WRITE;

          classifyOut->actionType = FWP_ACTION_BLOCK;
          classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;

      }

      }

     否则

      else

     {

     {

           classifyOut-> actionType = FWP_ACTION_PERMIT;

           classifyOut->actionType = FWP_ACTION_PERMIT;

     }

     }

     返回;

      return;

}

规则是远程端口== 80 我将bock网络数据包

the rule is remote port == 80  i will bock the web packet

但它不会阻止网络数据包

but it not block the web packet

帮助一些帮助我不使用过滤条件

help some help and i not use filter condition

推荐答案

 如何将我的问题转移到wfp Windows过滤平台（WFP）？

  how can i move my question to wfp Windows Filtering Platform (WFP)?

这篇关于wfp过滤驱动程序阻塞数据包由某个端口和ip的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！