Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Windows Firewall APIs & IPSecAPI

Prokash_SinhaProkash_Sinha Member - All Emails Posts: 230

Hi All,

I'm trying to find how I can do export/import of rules programmatically, using WFP Apis. In the past, it used to be executing cmd shell's ( netsh .... ). Since I'm trying to come up with a combo of ( UM and KM) firewall using WFP API, I see there are some not-so-clear-to-me areas that were used in old ( Net IPsec type api s). The forum ( usually run by Mr.Dusty Harper) is now closed !

Also there are Domain, Private, Public network categorizations and related APIs in the old API set, but does not seem to have those in Fwpm*(...).

Most any features will be in UM, except some few areas where KM is needed to muck with pkt payload.

Is anyone out here playing with those APIs from Windows Firewall API lately, so I can get some help to proceed.

Thanks in Advance,

~Pro

Comments

  • MnylityseMnylityse Member Posts: 1

    To programmatically manage firewall rules using WFP in UM, you typically use the "Fwpm*" functions provided by the WFP User-Mode API. On the other hand, for KM, you can use the "ClassifyFn" callback in the WFP Kernel-Mode API to inspect and manipulate packet payloads.

    Regarding the export/import of rules, using WFP APIs directly does not offer built-in functions for rule export/import. However, you can implement your custom logic to achieve this functionality.

    Here's a general outline of how you can approach rule export/import:

    Rule Export:
    a. Enumerate all the firewall rules using FwpmFilterEnum0.
    b. Serialize the rule data (including filter conditions, actions, etc.) into a file format of your choice (e.g., XML, JSON).
    c. Save the serialized data to a file.

    Rule Import:
    a. Read the serialized data from the exported file.
    b. Deserialize the data to recreate the firewall rules' settings.
    c. Use FwpmFilterAdd0 to add the rules back to the system.

    Regarding the Domain, Private, Public network categorizations, these categories are generally used in Windows Firewall rules, and they help in specifying different sets of rules based on the network location type. However, when using the lower-level WFP API, you'll work more with filters and conditions directly rather than network location types.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 20-24 May 2024 Live, Online