Filtering ICMP By Type & Code

Question

I am interested whether it is possible to filter ICMP packets by ICMP type and code without using a callout. I see that there are built in filter condition IDs for ICMP type and code in the ICMP error layers, but not in any others. I'm interested in all ICMP packets, not just ICMP error packets.

In other words, can I build filter conditions for ICMP type and code? 

Thanks.

Answer 1

Yes.  At FWPM_LAYER_{IN | OUT}BOUND_TRANSPORT_V{4 | 6}, and other layers which use the FWPM_CONDITION_LOCAL_PORT and FWPM_CONDITION_REMOTE_PORT, you can filter by the ICMP Type and ICMP Code.  These condition GUIDs are aliased.

#define FWPM_CONDITION_ICMP_TYPE FWPM_CONDITION_IP_LOCAL_PORT
#define FWPM_CONDITION_ICMP_CODE FWPM_CONDITION_IP_REMOTE_PORT

Hope this helps,

---

Dusty Harper [MSFT]
Microsoft Corporation
------------------------------------------------------------
This posting is provided "AS IS", with NO warranties and confers NO rights
------------------------------------------------------------

Answer 2

Fantastic. Thanks!