locked
FWP_E_DUPLICATE_CONDITION RRS feed

  • Question

  • I am trying to add a filter with the following conditions:

    Conditions[0]: FWP_MATCH_EQUAL IPv4 FWPM_CONDITION_IP_REMOTE_ADDRESS=0xC0A8F43C.
    Conditions[1]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_PROTOCOL=17.
    Conditions[2]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_LOCAL_PORT Low=0 and High=20.
    Conditions[3]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_REMOTE_PORT Low=0 and High=20.
    Conditions[4]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_LOCAL_PORT Low=22 and High=65535.
    Conditions[5]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_REMOTE_PORT Low=22 and High=65535.

    Based on previous postings I expected to be able to have the WFP OR the LOCAL_PORT/REMOTE_PORT conditions and AND the conditions for the other fields.  Do I need to order the conditions in the array so that for example the local port conditions are consecutive?  The intent of the filter is to prevent UDP port 21.  I have considered using FWP_MATCH_NOT_EQUAL but if I need to exclude more than one port I cannot combine FWP_MATCH_NOT_EQUAL conditions and putting the ports in different filters causes logic holes in which things get through that should not.

    Thanks!

    Wednesday, July 16, 2014 3:36 PM

Answers

  • I figured out my problem!  I had another filter at a higher weight that was interfering.  Thanks!
    Wednesday, July 16, 2014 5:36 PM

All replies

  • Since the last post I have changed order of the conditions to:

    Conditions[0]: FWP_MATCH_EQUAL IPv4 FWPM_CONDITION_IP_REMOTE_ADDRESS=0xC0A8F43C.
    Conditions[1]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_PROTOCOL=17.
    Conditions[2]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_LOCAL_PORT Low=0 and High=20.
    Conditions[3]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_LOCAL_PORT Low=22 and High=65535.          Conditions[4]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_REMOTE_PORT Low=0 and High=20.              Conditions[5]: FWP_MATCH_EQUAL FWPM_CONDITION_IP_REMOTE_PORT Low=22 and High=65535.

    This gets me passed the FWP_E_DUPLICATE_CONDTION error.  However, the filter does not appear to block UDP port 21 in all cases.  The action on this filter is FWP_ACTION_PERMIT and I have another filter at a lower weight that is used to callout all other traffic to my call out driver.  What I see is that UDP port 21 seems to get through to the application when it is the destination port but not when it is the source port, regardless of the direction of the data. 

    How do local port and remote port map to source port and destination port?  I have assumed that local port is destination port on input and source port on output while remote port is destination port on output and source port on input.  Is that correct?

    Wednesday, July 16, 2014 5:13 PM
  • I figured out my problem!  I had another filter at a higher weight that was interfering.  Thanks!
    Wednesday, July 16, 2014 5:36 PM