locked
Add/delete filter at specific time of day RRS feed

  • Question

  • Hi everyone,

    I want  to create a filter packet, my goal is what way to add/delete filter (FwpmFilterAdd0/FwpmFilterDeleteById0) at specific time of day. Is there any API for this goal. If no, can you recommend a idea to do?

    Sorry if this question was appearend in advance.

    Thanks \m/

    Thursday, July 3, 2014 3:28 AM

Answers

  • Use a triggered task to enable and disable the filter using either the Win32 or .Net firewall APIs. Triggered tasks are discussed here

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    • Proposed as answer by Brian Catlin Thursday, July 3, 2014 6:09 PM
    • Marked as answer by reallinga Friday, July 4, 2014 3:29 AM
    Thursday, July 3, 2014 6:09 PM

All replies

  • From where I see it, You shall need a daemon service running to keep track of time and trigger an event when its time to add the filter. The service part should be manageable. Get a gist of User/Kernel mode communication to get this going, assuming you are concerned with the kernel mode.

    Good Luck


    ___________ Regards Umar Yaqoob ___________

    Thursday, July 3, 2014 4:29 PM
  • Use a triggered task to enable and disable the filter using either the Win32 or .Net firewall APIs. Triggered tasks are discussed here

     -Brian


    Azius Developer Training www.azius.com Windows device driver, internals, security, & forensics training and consulting. Blog at www.azius.com/blog

    • Proposed as answer by Brian Catlin Thursday, July 3, 2014 6:09 PM
    • Marked as answer by reallinga Friday, July 4, 2014 3:29 AM
    Thursday, July 3, 2014 6:09 PM