Reply To: WinpkFilter static filters

Home Forums Discussions Support WinpkFilter static filters Reply To: WinpkFilter static filters

June 9, 2008 at 8:43 am #6639
Vadim Smirnov
Keymaster

    Ну как-то вот так:


    
//**************************************************************************************
    
// 1. Outgoing HTTP requests filter: PASS OUT TCP packets with destination IP 64.251.25.36 PORT 80 (http://www.ntkernel.com)
    
// Common values
    
pFilters->m_StaticFilters[0].m_Adapter.QuadPart = 0; // applied to all adapters
    
pFilters->m_StaticFilters[0].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
    
pFilters->m_StaticFilters[0].m_FilterAction = FILTER_PACKET_PASS;
    
pFilters->m_StaticFilters[0].m_dwDirectionFlags = PACKET_FLAG_ON_SEND;
    

    
// Network layer filter
    
in_addr address;
    
in_addr mask;
    

    
// IP address 64.251.25.36
    
address.S_un.S_un_b.s_b1 = 64;
    
address.S_un.S_un_b.s_b2 = 251;
    
address.S_un.S_un_b.s_b3 = 25;
    
address.S_un.S_un_b.s_b4 = 36;
    

    
// Network mask 255.255.255.255
    
mask.S_un.S_un_b.s_b1 = 255;
    
mask.S_un.S_un_b.s_b2 = 255;
    
mask.S_un.S_un_b.s_b3 = 255;
    
mask.S_un.S_un_b.s_b4 = 255;
    

    
pFilters->m_StaticFilters[0].m_NetworkFilter.m_dwUnionSelector = IPV4;
    
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL | IP_V4_FILTER_DEST_ADDRESS;
    
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_AddressType = IP_SUBNET_V4_TYPE;
    
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_Ip = address.S_un.S_addr; // IP address
    
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_DestAddress.m_IpSubnet.m_IpMask = mask.S_un.S_addr; // network mask
    
pFilters->m_StaticFilters[0].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_TCP;
    

    
// Transport layer filter
    
pFilters->m_StaticFilters[0].m_TransportFilter.m_dwUnionSelector = TCPUDP;
    
pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_DEST_PORT;
    
pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80; // HTTP
    
pFilters->m_StaticFilters[0].m_TransportFilter.m_TcpUdp.m_DestPort.m_EndRange = 80;
    

    
//******************************************************************************************
    
// 2. Incoming HTTP responses filter: PASS IN TCP packets with source IP 64.251.25.36 PORT 80 (http://www.ntkernel.com)
    
// Common values
    
pFilters->m_StaticFilters[1].m_Adapter.QuadPart = 0; // applied to all adapters
    
pFilters->m_StaticFilters[1].m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;
    
pFilters->m_StaticFilters[1].m_FilterAction = FILTER_PACKET_PASS;
    
pFilters->m_StaticFilters[1].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;
    

    
pFilters->m_StaticFilters[1].m_NetworkFilter.m_dwUnionSelector = IPV4;
    
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL | IP_V4_FILTER_SRC_ADDRESS;
    
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_SrcAddress.m_AddressType = IP_SUBNET_V4_TYPE;
    
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_SrcAddress.m_IpSubnet.m_Ip = address.S_un.S_addr; // IP address
    
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_SrcAddress.m_IpSubnet.m_IpMask = mask.S_un.S_addr; // network mask
    
pFilters->m_StaticFilters[1].m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_TCP;
    

    
// Transport layer filter
    
pFilters->m_StaticFilters[1].m_TransportFilter.m_dwUnionSelector = TCPUDP;
    
pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;
    
pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 80; // HTTP
    
pFilters->m_StaticFilters[1].m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 80;
    

    
//***************************************************************************************
    
// 3. Drop all packets (skipped by previous filters) without processing in user mode
    
// Common values
    
pFilters->m_StaticFilters[2].m_Adapter.QuadPart = 0; // applied to all adapters
    
pFilters->m_StaticFilters[2].m_ValidFields = 0;
    
pFilters->m_StaticFilters[2].m_FilterAction = FILTER_PACKET_DROP;
    
pFilters->m_StaticFilters[2].m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE | PACKET_FLAG_ON_SEND;

    Правда, при таком наборе фильтров, к ntkernel.com можно будет достучаться только по адресу http://64.251.25.36, потому что DNS пакеты буду блокироваться. Для того чтобы работала DNS нужно добавить правило разрешающее DNS пакеты. Роутер добавлять необязательно (если конечно он выполняет роль DNS сервера, то можно разрешить к нему полный доступ, и заморачиваться специфическими DNS правилами).