tags:

views:

413

answers:

3
+1  Q: 

blocking the URL on windows vista

Dear All,

I wanted to allow only one URL and block rest of the URLs

But I am not able to do so,

I have referred to the below link

http://social.msdn.microsoft.com/Forums/en-US/wfp/thread/61349463-516a-4c41-bda3-fa2993d06a0e

but its blocking all the url, including the one exception URL.

Its very urgent,

Please somebody help me in this regard

Below is my code snippet.

HANDLE block_engineHandle = 0 ;

HANDLE allow_engineHandle = 0 ;

FWPM_SUBLAYER0 block_subLayer ;

FWPM_SUBLAYER0 allow_subLayer ;

FWPM_FILTER0 blockAllFilter ;

FWPM_FILTER0 AllowFilter ;

void main()

{

BlockAllFilterNew(true) ;
AddRemoveFilterNew(true) ;
RemoveAllFilter() ;
//Add() ;

}

void AddRemoveFilterNew( bool bAdd )

{

UINT32                 status       = ERROR_SUCCESS ;

FWPM_FILTER_CONDITION0 filterCondition ;

FWP_V4_ADDR_AND_MASK   intranetAddrAndMask ;

ZeroMemory(&allow_subLayer,sizeof(FWPM_SUBLAYER0)) ;

ZeroMemory(&AllowFilter,sizeof(FWPM_FILTER0)) ;

ZeroMemory(&filterCondition,sizeof(FWPM_FILTER_CONDITION0)) ;

ZeroMemory(&intranetAddrAndMask,sizeof(FWP_V4_ADDR_AND_MASK)) ;

status = UuidCreate(&(allow_subLayer.subLayerKey)) ;

allow_subLayer.displayData.name        = L"Predaking";

allow_subLayer.displayData.description = L"Predaking's Sublayer";

intranetAddrAndMask.addr = 0x4CA2A571 ; //www.techendeavour.com

intranetAddrAndMask.mask = 0xFFFFFFFF ;

filterCondition.fieldKey                  = FWPM_CONDITION_IP_REMOTE_ADDRESS ;

filterCondition.matchType                 = FWP_MATCH_EQUAL ;

filterCondition.conditionValue.type       = FWP_V4_ADDR_MASK ;

filterCondition.conditionValue.v4AddrMask = &intranetAddrAndMask ;

AllowFilter.subLayerKey         = allow_subLayer.subLayerKey ;

AllowFilter.displayData.name    = L"to permit TechEndeavour id" ;

AllowFilter.layerKey            = FWPM_LAYER_ALE_AUTH_CONNECT_V4 ;

AllowFilter.action.type         = FWP_ACTION_PERMIT ;

AllowFilter.filterCondition     = &filterCondition ;

AllowFilter.numFilterConditions = 1 ;

AllowFilter.weight.type         = FWP_UINT8 ;

AllowFilter.weight.uint8        = 0x0F ;

status = FwpmEngineOpen0(0, RPC_C_AUTHN_WINNT, 0,0,&allow_engineHandle) ;

status = FwpmSubLayerAdd0(allow_engineHandle,&allow_subLayer,0) ;

status = FwpmFilterAdd0(allow_engineHandle,&AllowFilter,0,&(AllowFilter.filterId)) ;

}

void BlockAllFilterNew( bool bAdd )

{

UINT32 status = ERROR_SUCCESS ;

FWPM_FILTER0           permitIntranetFilter ;

FWPM_FILTER_CONDITION0 filterCondition ;

FWP_V4_ADDR_AND_MASK   intranetAddrAndMask ;

ZeroMemory(&block_subLayer, sizeof(FWPM_SUBLAYER0)) ;

ZeroMemory(&blockAllFilter,  sizeof(FWPM_FILTER0)) ;

ZeroMemory(&filterCondition,  sizeof(FWPM_FILTER_CONDITION0)) ;

ZeroMemory(&intranetAddrAndMask,  sizeof(FWP_V4_ADDR_AND_MASK)) ;

status = UuidCreate(&(block_subLayer.subLayerKey)) ;

block_subLayer.displayData.name        = L"test" ;

block_subLayer.displayData.description = L"test's Sublayer" ;

blockAllFilter.subLayerKey         = block_subLayer.subLayerKey ;

blockAllFilter.displayData.name    = L"block all" ;

blockAllFilter.layerKey            = FWPM_LAYER_ALE_AUTH_CONNECT_V4 ;

blockAllFilter.action.type         = FWP_ACTION_BLOCK ;

blockAllFilter.filterCondition     = 0 ;

blockAllFilter.numFilterConditions = 0 ;

blockAllFilter.weight.type         = FWP_UINT8 ;

blockAllFilter.weight.uint8        = 0x00 ;

status = FwpmEngineOpen0(0, RPC_C_AUTHN_WINNT, 0,0,&block_engineHandle) ;

status = FwpmSubLayerAdd0(block_engineHandle,&block_subLayer,0) ;

 status = FwpmFilterAdd0(block_engineHandle,&blockAllFilter,0,&(blockAllFilter.filterId));

}

void RemoveAllFilter()

{

UINT32    status = ERROR_SUCCESS ;

getch() ;

status = FwpmFilterDeleteById0(block_engineHandle, blockAllFilter.filterId);

status = FwpmSubLayerDeleteByKey0(block_engineHandle,&(block_subLayer.subLayerKey));

status = FwpmEngineClose0(block_engineHandle);

block_engineHandle = 0;

status = FwpmFilterDeleteById0(allow_engineHandle, AllowFilter.filterId);

status = FwpmSubLayerDeleteByKey0(allow_engineHandle,&(allow_subLayer.subLayerKey));

status = FwpmEngineClose0(allow_engineHandle);

allow_engineHandle = 0;

}

with regards,

Vinayaka Karjigi

A: 

Hi Vinayaka,

I read the code very quickly and it looks like there are Filter arbitration issues. Read through the following link for more details:

http://msdn.microsoft.com/en-us/library/aa364008%28VS.85%29.aspx

Your filter weights are only effective per sublayer.

With respect to your sublayers, you don't need 2 sublayers. 2 filters should do the trick!

kema  2009-10-02 21:38:08
A: 

Hi Kema

I have changed the code now and also read the link sent by you. It was very much useful in understanding how filter works But it didnt solved my problem

I understood that block always overrides permit Please help me in solving the problem Now i have made single sublayer and below is code snippet

#include "stdafx.h"
#include <conio.h>
#include <ctype.h>
#include "initguid.h"
#include "Fwpmtypes.h"
#include "Fwpmu.h"


void MSBlockPermitFilter ();
void RemoveFilter();

HANDLE                 engineHandle = 0;
FWPM_SUBLAYER0         subLayer;
FWPM_FILTER0           blockAllFilter;
FWPM_FILTER0           permitIntranetFilter;
FWPM_FILTER_CONDITION0 filterCondition;
FWP_V4_ADDR_AND_MASK   intranetAddrAndMask;

int _tmain(int argc, _TCHAR* argv[])
{

    MSBlockPermitFilter();
    getch() ;
    RemoveFilter() ;
    return 0;
}

void MSBlockPermitFilter ()
{
   UINT32                 status       = ERROR_SUCCESS;

   ZeroMemory(&subLayer,sizeof(FWPM_SUBLAYER0));

   ZeroMemory(&blockAllFilter, sizeof(FWPM_FILTER0));

   ZeroMemory(&permitIntranetFilter, sizeof(FWPM_FILTER0));

   ZeroMemory(&filterCondition, sizeof(FWPM_FILTER_CONDITION0));

   ZeroMemory(&intranetAddrAndMask,sizeof(FWP_V4_ADDR_AND_MASK));

   status = UuidCreate(&(subLayer.subLayerKey));

   subLayer.displayData.name        = L"Predaking";
   subLayer.displayData.description = L"Predaking's Sublayer";

   blockAllFilter.subLayerKey         = subLayer.subLayerKey;
   blockAllFilter.displayData.name    = L"Default filter to block all outbound connect attempts";
   blockAllFilter.layerKey            = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
   blockAllFilter.action.type         = FWP_ACTION_BLOCK;
   blockAllFilter.filterCondition     = 0;
   blockAllFilter.numFilterConditions = 0;
   blockAllFilter.weight.type         = FWP_UINT8;
   blockAllFilter.weight.uint8        = 0x00;

   //intranetAddrAndMask.addr = 0xC0A80000; /// 192.168.0.0
   //intranetAddrAndMask.mask = 0xFFFF0000; /// 255.255.0.0

   intranetAddrAndMask.addr = 0x4CA2A571 ; //www.techendeavour.com - 76.162.165.113
   intranetAddrAndMask.mask = 0xFFFFFFFF; /// 255.255.255.255

   filterCondition.fieldKey                  = FWPM_CONDITION_IP_REMOTE_ADDRESS;
   filterCondition.matchType                 = FWP_MATCH_EQUAL;
   filterCondition.conditionValue.type       = FWP_V4_ADDR_MASK;
   filterCondition.conditionValue.v4AddrMask = &intranetAddrAndMask;

   permitIntranetFilter.subLayerKey         = subLayer.subLayerKey;
   permitIntranetFilter.displayData.name    = L"Filter to permit outbound connect attempts to the local intranet";
   permitIntranetFilter.layerKey            = FWPM_LAYER_OUTBOUND_IPPACKET_V4;
   permitIntranetFilter.action.type         = FWP_ACTION_PERMIT;
   permitIntranetFilter.filterCondition     = &filterCondition;
   permitIntranetFilter.numFilterConditions = 1;
   permitIntranetFilter.weight.type         = FWP_UINT8;
   permitIntranetFilter.weight.uint8        = 0x0F;

   status = FwpmEngineOpen0(0,RPC_C_AUTHN_WINNT,0,0,&engineHandle);

   status = FwpmSubLayerAdd0(engineHandle,&subLayer,0);

   status = FwpmFilterAdd0(engineHandle,&blockAllFilter,0,&(blockAllFilter.filterId));

   status = FwpmFilterAdd0(engineHandle,&permitIntranetFilter,0,&(permitIntranetFilter.filterId));
}

void RemoveFilter()
{
    UINT32  status       = ERROR_SUCCESS;

    status = FwpmFilterDeleteById0(engineHandle, permitIntranetFilter.filterId);

    status = FwpmFilterDeleteById0(engineHandle, blockAllFilter.filterId);

    status = FwpmSubLayerDeleteByKey0(engineHandle,&(subLayer.subLayerKey));

    status = FwpmEngineClose0(engineHandle);
    engineHandle = 0 ;
}
Vinayaka Karjigi  2009-10-19 11:54:11
A: 
kema  2009-10-29 01:24:17

related questions

Any restrictions on development in Vista
How to add a dll to gac in vista
Tablet PC SDK (1.7) Merge Module + VS2008 + Windows Vista?
Vista BEX error
Mute Specific Application in Vista
Vista Console App?
Windows Vista Virtual PC-image for Visual Studio-development minimized
Vista speech recognition in multiple languages
How can I disable DLL Caching in Windows Vista via CMD?
Getting started with SideShow Devices
Windows Home Server versus Vista Backup and Restore Center
Why does Vista complain about a dead process when I use Cygwin X11 ssh and how do I get it to shut up?
Windows Vista: Unable to load DLL 'x.dll': Invalid access to memory location. (DllNotFoundException)
Vista and VS2008 strangenesses
What is your best list of 'must have' development tools?
What are the main differences between programming for windows XP and for Vista?
Why go 64 bit OS?
Which Vista edition is the best for developer machine?
Request Windows Vista UAC elevation if path is protected?
Anyone know of a good NFS client for Vista?
Why are my auto-run applications acting weird on Vista?
EFS encryption key pop up
How do I stop IIS7 dropping my cookies?
Vista or XP for Dev Machine
How do I configure a Vista Ultimate (64bit) account so it can access a SMB share on OSX?