Reply To: WinpkFilter static filters

Home Forums Discussions Support Portal WinpkFilter static filters Reply To: WinpkFilter static filters

#6639

Vadim Smirnov
Moderator

Ну как-то вот так:


//**************************************************************************************
// 1. Outgoing HTTP requests filter: PASS OUT TCP packets with destination IP 64.251.25.36 PORT 80 (http://www.ntkernel.com)
// Common values
pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_PASS;
pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND;

// Network layer filter
in_addr address;
in_addr mask;

// IP address 64.251.25.36
address.S_un.S_un_b.s_b1 = 64;
address.S_un.S_un_b.s_b2 = 251;
address.S_un.S_un_b.s_b3 = 25;
address.S_un.S_un_b.s_b4 = 36;

// Network mask 255.255.255.255
mask.S_un.S_un_b.s_b1 = 255;
mask.S_un.S_un_b.s_b2 = 255;
mask.S_un.S_un_b.s_b3 = 255;
mask.S_un.S_un_b.s_b4 = 255;

pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL | IP_V4_FILTER_DEST_ADDRESS;
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_AddressType = IP_SUBNET_V4_TYPE;
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_Ip = address.S_un.S_addr; // IP address
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_IpMask = mask.S_un.S_addr; // network mask
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_TCP;

// Transport layer filter
pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_DEST_PORT;
pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP
pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;

//******************************************************************************************
// 2. Incoming HTTP responses filter: PASS IN TCP packets with source IP 64.251.25.36 PORT 80 (http://www.ntkernel.com)
// Common values
pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
pFilters->m_StaticFilters[1].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_PASS;
pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;

pFilters->m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = IPV4;
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL | IP_V4_FILTER_SRC_ADDRESS;
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_SrcAddress.m_AddressType = IP_SUBNET_V4_TYPE;
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_SrcAddress.m_IpSubnet.m_Ip = address.S_un.S_addr; // IP address
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_SrcAddress.m_IpSubnet.m_IpMask = mask.S_un.S_addr; // network mask
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_TCP;

// Transport layer filter
pFilters->m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = TCPUDP;
pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP
pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80;

//***************************************************************************************
// 3. Drop all packets (skipped by previous filters) without processing in user mode
// Common values
pFilters->m_StaticFilters[2].m_Adapter.QuadPart = 0; // applied to all adapters
pFilters->m_StaticFilters[2].m_ValidFields = 0;
pFilters->m_StaticFilters[2].m_FilterAction = FILTER_PACKET_DROP;
pFilters->m_StaticFilters[2].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

Правда, при таком наборе фильтров, к ntkernel.com можно будет достучаться только по адресу http://64.251.25.36, потому что DNS пакеты буду блокироваться. Для того чтобы работала DNS нужно добавить правило разрешающее DNS пакеты. Роутер добавлять необязательно (если конечно он выполняет роль DNS сервера, то можно разрешить к нему полный доступ, и заморачиваться специфическими DNS правилами).