locked
Windows Filtering Platform Firewall Database RRS feed

  • Question

  • Is there anyway to have WFP search a databse to see if an IP is allowed.  I want to grab the IP from an incoming packet and compare that IP to an allowed list on a database.

     

    Tuesday, July 19, 2011 8:30 PM

Answers

  • This is something you could do via a callout, but it kind of defeats the purpose.  Rather than maintain a database of addresses, why not simply add the filters for allowing them?

    For searching the database, you will need to have a callout @ INBOUND / OUTBOUND IPPACKET which parses the IPHeader (either from the packet itself, or pull it from the FWPS_INCOMING VALUES).  You would then need to perform your database lookup and return BLOCK or PERMIT based off what you find.

    OR you simply add a low weight block all filter, and for every address in your database, you create a permit filter (all the parsing is done for you and no kernel code required...

     

    Hope this helps,

     


    Dusty Harper [MSFT]
    Microsoft Corporation
    ------------------------------------------------------------
    This posting is provided "AS IS", with NO warranties and confers NO rights
    ------------------------------------------------------------

    Tuesday, July 19, 2011 11:21 PM
    Moderator