Firewall using Vista's Windows Filtering Platform APIs

MaheshSatya

3.32/5 (19 votes)

2 Sep 2008CPOL2 min read

7.3K

An article on using Windows Filtering Platform of Vista to write a simple firewall

Introduction

Windows Vista contains a completely new and improved packet filtering engine called Windows Filtering Platform (WFP). Till now, Windows 2000/XP/2003 gave us the packet filtering APIs for implementing simple firewalls or packet filtering applications. However, these packet filtering APIs are discontinued in Vista in favor of WFP. So, here’s an article which shows how to use WFP APIs to write a firewall!

Windows Filtering Platform APIs

These are some of the WFP APIs that we will be using to write our firewall:

FwpmEngineOpen0 - This API is used to create a session with the Windows packet filtering engine.
FwpmSubLayerAdd0 - This API adds a new sub-layer to the packet filtering engine.
FwpmFilterAdd0 - This API adds filters (rules) to a sub-layer. This is analogous to PfAddFiltersToInterface API.
FwpmFilterDeleteById0 - This API removes existing filters from a sub-layer.
FwpmSubLayerDeleteByKey0 - This API deletes the sub-layer which was added by FwpmSubLayerAdd0.
FwpmEngineClose0 - This API closes the session opened by FwpmEngineOpen0.

Here are the steps to write a firewall using the above mentioned APIs:

Create a session using FwpmEngineOpen0.
Add a sub-layer using FwpmSubLayerAdd0.
Now, add filters using FwpmFilterAdd0. If you have "n" filters, then this API needs to be called "n" times.

That's it! Now, check whether you are able to access the blocked IP address via the Web browser.

Using the Code

This article contains a sample class (PacketFilter class) which encapsulates the WFP APIs. The class declaration is as shown below:

class PacketFilter
{
private:
    // Firewall engine handle.
    HANDLE m_hEngineHandle;

    // Firewall sublayer GUID.
    GUID m_subLayerGUID;

    // List of filters.
    IPFILTERINFOLIST m_lstFilters;

    // Method to get byte array format and hex format IP address from string format.
    bool ParseIPAddrString( char* szIpAddr, UINT nStrLen, 
        BYTE* pbHostOrdr, UINT nByteLen, ULONG& uHexAddr );

    // Method to create/delete packet filter interface.
    DWORD CreateDeleteInterface( bool bCreate );

    // Method to bind/unbind to/from packet filter interface.
    DWORD BindUnbindInterface( bool bBind );

    // Method to add/remove filter.
    DWORD AddRemoveFilter( bool bAdd );

public:
    // Constructor.
    PacketFilter();

    // Destructor.
    ~PacketFilter();

    // Method to add IP addresses to m_lstFilters list.
    void AddToBlockList( char* szIpAddrToBlock );

    // Method to start packet filter.
    BOOL StartFirewall();

    // Method to stop packet filter.
    BOOL StopFirewall();
};

Follow these steps to use the PacketFilter class in your application:

Instantiate an object of PacketFilter class.
Add IP addresses to be blocked using the public method PacketFilter::AddToBlockList.
Start the firewall using PacketFilter::StartFirewall public method.
Finally, terminate the firewall by calling PacketFilter::Stopfirewall public method.

Points to Note

You need Windows SDK 2008 (available here) to develop applications using Windows Filtering Platform.
Visual C++ 6.0 is incompatible with Windows SDK 2008.

History

31^st August, 2008: Initial post

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)