Introduction
Windows Vista contains a completely new and improved packet filtering engine called Windows Filtering Platform (WFP). Till now, Windows 2000/XP/2003 gave us the packet filtering APIs for implementing simple firewalls or packet filtering applications. However, these packet filtering APIs are discontinued in Vista in favor of WFP. So, here’s an article which shows how to use WFP APIs to write a firewall!
Windows Filtering Platform APIs
These are some of the WFP APIs that we will be using to write our firewall:
FwpmEngineOpen0
- This API is used to create a session with the Windows packet filtering engine.FwpmSubLayerAdd0
- This API adds a new sub-layer to the packet filtering engine.FwpmFilterAdd0
- This API adds filters (rules) to a sub-layer. This is analogous to PfAddFiltersToInterface
API.FwpmFilterDeleteById0
- This API removes existing filters from a sub-layer.FwpmSubLayerDeleteByKey0
- This API deletes the sub-layer which was added by FwpmSubLayerAdd0
.FwpmEngineClose0
- This API closes the session opened by FwpmEngineOpen0
.
Here are the steps to write a firewall using the above mentioned APIs:
- Create a session using
FwpmEngineOpen0
. - Add a sub-layer using
FwpmSubLayerAdd0
. - Now, add filters using
FwpmFilterAdd0
. If you have "n
" filters, then this API needs to be called "n
" times.
That's it! Now, check whether you are able to access the blocked IP address via the Web browser.
Using the Code
This article contains a sample class (PacketFilter
class) which encapsulates the WFP APIs. The class declaration is as shown below:
class PacketFilter
{
private:
HANDLE m_hEngineHandle;
GUID m_subLayerGUID;
IPFILTERINFOLIST m_lstFilters;
bool ParseIPAddrString( char* szIpAddr, UINT nStrLen,
BYTE* pbHostOrdr, UINT nByteLen, ULONG& uHexAddr );
DWORD CreateDeleteInterface( bool bCreate );
DWORD BindUnbindInterface( bool bBind );
DWORD AddRemoveFilter( bool bAdd );
public:
PacketFilter();
~PacketFilter();
void AddToBlockList( char* szIpAddrToBlock );
BOOL StartFirewall();
BOOL StopFirewall();
};
Follow these steps to use the PacketFilter
class in your application:
- Instantiate an object of
PacketFilter
class. - Add IP addresses to be blocked using the
public
method PacketFilter::AddToBlockList
. - Start the firewall using
PacketFilter::StartFirewall public
method. - Finally, terminate the firewall by calling
PacketFilter::Stopfirewall public
method.
Points to Note
You need Windows SDK 2008 (available here) to develop applications using Windows Filtering Platform.
Visual C++ 6.0 is incompatible with Windows SDK 2008.
History
- 31st August, 2008: Initial post