问题描述
大家
我注册了一个 wfp过滤器驱动程序中的标注
i register a callout in wfp filter driver
通过FWPM_LAYER_ALE_AUTH_CONNECT_V4我在ALEConnectClassify中注册一个标注ALEConnectClassify
by FWPM_LAYER_ALE_AUTH_CONNECT_V4 i register a callout ALEConnectClassify
我想通过一些防火墙规则来阻止数据包
in ALEConnectClassify i want to block a packet by some rules of firewall
ALEConnectClassify(
IN const FWPS_INCOMING_VALUES0 * inFixedValues,
IN const FWPS_INCOMING_METADATA_VALUES0 * inMetaValues,
IN OUT void * layerData,
IN const FWPS_FILTER0 * filter,
IN UINT64 flowContext,
OUT FWPS_CLASSIFY_OUT0 * classifyOut
)
ALEConnectClassify(
IN const FWPS_INCOMING_VALUES0* inFixedValues,
IN const FWPS_INCOMING_METADATA_VALUES0* inMetaValues,
IN OUT void* layerData,
IN const FWPS_FILTER0* filter,
IN UINT64 flowContext,
OUT FWPS_CLASSIFY_OUT0* classifyOut
)
{
       NTSTATUS状态;
NTSTATUS status;
if(matchrules(inMetaValues))
if (matchrules(inMetaValues))
{
{
classifyOut-> actionType = FWP_ACTION_BLOCK;
classifyOut-> rights& = ~FWPS_RIGHT_ACTION_WRITE;
classifyOut->actionType = FWP_ACTION_BLOCK;
classifyOut->rights &= ~FWPS_RIGHT_ACTION_WRITE;
}
}
否则
else
{
{
classifyOut-> actionType = FWP_ACTION_PERMIT;
classifyOut->actionType = FWP_ACTION_PERMIT;
}
}
返回;
return;
}
规则是远程端口== 80 我将bock网络数据包
the rule is remote port == 80 i will bock the web packet
但它不会阻止网络数据包
but it not block the web packet
帮助一些帮助我不使用过滤条件
help some help and i not use filter condition
推荐答案
这篇关于wfp过滤驱动程序阻塞数据包由某个端口和ip的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!