Windows Firewall APIs & IPSecAPI

NTDEV
1

Hi All,

I’m trying to find how I can do export/import of rules programmatically, using WFP Apis. In the past, it used to be executing cmd shell’s ( netsh … ). Since I’m trying to come up with a combo of ( UM and KM) firewall using WFP API, I see there are some not-so-clear-to-me areas that were used in old ( Net IPsec type api s). The forum ( usually run by Mr.Dusty Harper) is now closed !

Also there are Domain, Private, Public network categorizations and related APIs in the old API set, but does not seem to have those in Fwpm*(…).

Most any features will be in UM, except some few areas where KM is needed to muck with pkt payload.

Is anyone out here playing with those APIs from Windows Firewall API lately, so I can get some help to proceed.

Thanks in Advance,

~Pro

2

To programmatically manage firewall rules using WFP in UM, you typically use the “Fwpm*” functions provided by the WFP User-Mode API. On the other hand, for KM, you can use the “ClassifyFn” callback in the WFP Kernel-Mode API to inspect and manipulate packet payloads.

Regarding the export/import of rules, using WFP APIs directly does not offer built-in functions for rule export/import. However, you can implement your custom logic to achieve this functionality.

Here’s a general outline of how you can approach rule export/import:

Rule Export:
a. Enumerate all the firewall rules using FwpmFilterEnum0.
b. Serialize the rule data (including filter conditions, actions, etc.) into a file format of your choice (e.g., XML, JSON).
c. Save the serialized data to a file.

Rule Import:
a. Read the serialized data from the exported file.
b. Deserialize the data to recreate the firewall rules’ settings.
c. Use FwpmFilterAdd0 to add the rules back to the system.

Regarding the Domain, Private, Public network categorizations, these categories are generally used in Windows Firewall rules, and they help in specifying different sets of rules based on the network location type. However, when using the lower-level WFP API, you’ll work more with filters and conditions directly rather than network location types.