Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- using System;
- namespace WFP
- {
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct SID_IDENTIFIER_AUTHORITY
- {
- /// BYTE[6]
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 6, ArraySubType = System.Runtime.InteropServices.UnmanagedType.I1)]
- public byte[] Value;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct SID
- {
- /// BYTE->unsigned char
- public byte Revision;
- /// BYTE->unsigned char
- public byte SubAuthorityCount;
- /// SID_IDENTIFIER_AUTHORITY->_SID_IDENTIFIER_AUTHORITY
- public SID_IDENTIFIER_AUTHORITY IdentifierAuthority;
- /// DWORD[1]
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValArray, SizeConst = 1, ArraySubType = System.Runtime.InteropServices.UnmanagedType.U4)]
- public uint[] SubAuthority;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct SEC_WINNT_AUTH_IDENTITY_W
- {
- /// unsigned short*
- public System.IntPtr User;
- /// unsigned int
- public uint UserLength;
- /// unsigned short*
- public System.IntPtr Domain;
- /// unsigned int
- public uint DomainLength;
- /// unsigned short*
- public System.IntPtr Password;
- /// unsigned int
- public uint PasswordLength;
- /// unsigned int
- public uint Flags;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWP_BYTE_BLOB_
- {
- /// UINT32->unsigned int
- public uint size;
- /// UINT8*
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPStr)]
- public string data;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWPM_DISPLAY_DATA0_
- {
- /// wchar_t*
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
- public string name;
- /// wchar_t*
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
- public string description;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWPM_SESSION0_
- {
- /// GUID->_GUID
- public Guid sessionKey;
- /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
- public FWPM_DISPLAY_DATA0_ displayData;
- /// UINT32->unsigned int
- public uint flags;
- /// UINT32->unsigned int
- public uint txnWaitTimeoutInMSec;
- /// DWORD->unsigned int
- public uint processId;
- /// SID*
- public System.IntPtr sid;
- /// wchar_t*
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)]
- public string username;
- /// BOOL->int
- public int kernelMode;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWPM_SUBLAYER0_
- {
- /// GUID->_GUID
- //public GUID subLayerKey;
- public Guid subLayerKey;
- /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
- public FWPM_DISPLAY_DATA0_ displayData;
- /// UINT16->unsigned short
- public ushort flags;
- /// GUID*
- public System.IntPtr providerKey;
- /// FWP_BYTE_BLOB->FWP_BYTE_BLOB_
- public FWP_BYTE_BLOB_ providerData;
- /// UINT16->unsigned short
- public ushort weight;
- }
- public enum FWP_DATA_TYPE_
- {
- /// FWP_EMPTY -> 0
- FWP_EMPTY = 0,
- FWP_UINT8 = (FWP_EMPTY + 1),
- FWP_UINT16 = (FWP_UINT8 + 1),
- FWP_UINT32 = (FWP_UINT16 + 1),
- FWP_UINT64 = (FWP_UINT32 + 1),
- FWP_INT8 = (FWP_UINT64 + 1),
- FWP_INT16 = (FWP_INT8 + 1),
- FWP_INT32 = (FWP_INT16 + 1),
- FWP_INT64 = (FWP_INT32 + 1),
- FWP_FLOAT = (FWP_INT64 + 1),
- FWP_DOUBLE = (FWP_FLOAT + 1),
- FWP_BYTE_ARRAY16_TYPE = (FWP_DOUBLE + 1),
- FWP_BYTE_BLOB_TYPE = (FWP_BYTE_ARRAY16_TYPE + 1),
- FWP_SID = (FWP_BYTE_BLOB_TYPE + 1),
- FWP_SECURITY_DESCRIPTOR_TYPE = (FWP_SID + 1),
- FWP_TOKEN_INFORMATION_TYPE = (FWP_SECURITY_DESCRIPTOR_TYPE + 1),
- FWP_TOKEN_ACCESS_INFORMATION_TYPE = (FWP_TOKEN_INFORMATION_TYPE + 1),
- FWP_UNICODE_STRING_TYPE = (FWP_TOKEN_ACCESS_INFORMATION_TYPE + 1),
- FWP_BYTE_ARRAY6_TYPE = (FWP_UNICODE_STRING_TYPE + 1),
- FWP_SINGLE_DATA_TYPE_MAX = 0xff,
- FWP_V4_ADDR_MASK = (FWP_SINGLE_DATA_TYPE_MAX + 1),
- FWP_V6_ADDR_MASK = (FWP_V4_ADDR_MASK + 1),
- FWP_RANGE_TYPE = (FWP_V6_ADDR_MASK + 1),
- FWP_DATA_TYPE_MAX = (FWP_RANGE_TYPE + 1)
- }
- public enum FWP_MATCH_TYPE_
- {
- FWP_MATCH_EQUAL = 0,
- FWP_MATCH_GREATER = (FWP_MATCH_EQUAL + 1),
- FWP_MATCH_LESS = (FWP_MATCH_GREATER + 1),
- FWP_MATCH_GREATER_OR_EQUAL = (FWP_MATCH_LESS + 1),
- FWP_MATCH_LESS_OR_EQUAL = (FWP_MATCH_GREATER_OR_EQUAL + 1),
- FWP_MATCH_RANGE = (FWP_MATCH_LESS_OR_EQUAL + 1),
- FWP_MATCH_FLAGS_ALL_SET = (FWP_MATCH_RANGE + 1),
- FWP_MATCH_FLAGS_ANY_SET = (FWP_MATCH_FLAGS_ALL_SET + 1),
- FWP_MATCH_FLAGS_NONE_SET = (FWP_MATCH_FLAGS_ANY_SET + 1),
- FWP_MATCH_EQUAL_CASE_INSENSITIVE = (FWP_MATCH_FLAGS_NONE_SET + 1),
- FWP_MATCH_NOT_EQUAL = (FWP_MATCH_EQUAL_CASE_INSENSITIVE + 1),
- FWP_MATCH_TYPE_MAX = (FWP_MATCH_NOT_EQUAL + 1)
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)]
- public struct FWP_BYTE_ARRAY16_
- {
- /// UINT8[16]
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = 16)]
- public string byteArray16;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct SID_AND_ATTRIBUTES
- {
- /// PSID->PVOID->void*
- public System.IntPtr Sid;
- /// DWORD->unsigned int
- public uint Attributes;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWP_TOKEN_INFORMATION
- {
- /// ULONG->unsigned int
- public uint sidCount;
- /// PSID_AND_ATTRIBUTES->_SID_AND_ATTRIBUTES*
- public System.IntPtr sids;
- /// ULONG->unsigned int
- public uint restrictedSidCount;
- /// PSID_AND_ATTRIBUTES->_SID_AND_ATTRIBUTES*
- public System.IntPtr restrictedSids;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)]
- public struct FWP_BYTE_ARRAY6_
- {
- /// UINT8[6]
- [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = 6)]
- public string byteArray6;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWP_V4_ADDR_AND_MASK_
- {
- /// UINT32->unsigned int
- public uint addr;
- /// UINT32->unsigned int
- public uint mask;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential, CharSet = System.Runtime.InteropServices.CharSet.Ansi)]
- public struct FWP_V6_ADDR_AND_MASK_
- {
- /// UINT8[]
- //[System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.ByValTStr, SizeConst = -1)]
- public string addr;
- /// UINT8->unsigned char
- public byte prefixLength;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWP_RANGE0_
- {
- /// FWP_VALUE0->FWP_VALUE0_
- public FWP_VALUE0_ valueLow;
- /// FWP_VALUE0->FWP_VALUE0_
- public FWP_VALUE0_ valueHigh;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWP_VALUE0_
- {
- /// FWP_DATA_TYPE->FWP_DATA_TYPE_
- public FWP_DATA_TYPE_ type;
- /// Anonymous_f2ca3d24_487b_42ae_9460_d9780fa4b512
- /// UINT8->unsigned char
- public byte uint8;
- /// UINT16->unsigned short
- public ushort uint16;
- /// UINT32->unsigned int
- public uint uint32;
- /// UINT64*
- public System.IntPtr uint64;
- /// INT8->char
- public byte int8;
- /// INT16->short
- public short int16;
- /// INT32->int
- public int int32;
- /// INT64*
- public System.IntPtr int64;
- /// float
- public float float32;
- /// double*
- public System.IntPtr double64;
- /// FWP_BYTE_ARRAY16*
- public System.IntPtr byteArray16;
- /// FWP_BYTE_BLOB*
- public System.IntPtr byteBlob;
- /// SID*
- public System.IntPtr sid;
- /// FWP_BYTE_BLOB*
- public System.IntPtr sd;
- /// FWP_TOKEN_INFORMATION*
- public System.IntPtr tokenInformation;
- /// FWP_BYTE_BLOB*
- public System.IntPtr tokenAccessInformation;
- /// LPWSTR->WCHAR*
- public System.IntPtr unicodeString;
- /// FWP_BYTE_ARRAY6*
- public System.IntPtr byteArray6;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWP_CONDITION_VALUE0_
- {
- /// FWP_DATA_TYPE->FWP_DATA_TYPE_
- public FWP_DATA_TYPE_ type;
- /// Anonymous_996a93aa_94af_41d2_b6f5_471cbd2cf098
- /// UINT8->unsigned char
- public byte uint8;
- /// UINT16->unsigned short
- public ushort uint16;
- /// UINT32->unsigned int
- public uint uint32;
- /// UINT64*
- public System.IntPtr uint64;
- /// INT8->char
- public byte int8;
- /// INT16->short
- public short int16;
- /// INT32->int
- public int int32;
- /// INT64*
- public System.IntPtr int64;
- /// float
- public float float32;
- /// double*
- public System.IntPtr double64;
- /// FWP_BYTE_ARRAY16*
- public System.IntPtr byteArray16;
- /// FWP_BYTE_BLOB*
- public System.IntPtr byteBlob;
- /// SID*
- public System.IntPtr sid;
- /// FWP_BYTE_BLOB*
- public System.IntPtr sd;
- /// FWP_TOKEN_INFORMATION*
- public System.IntPtr tokenInformation;
- /// FWP_BYTE_BLOB*
- public System.IntPtr tokenAccessInformation;
- /// LPWSTR->WCHAR*
- public System.IntPtr unicodeString;
- /// FWP_BYTE_ARRAY6*
- public System.IntPtr byteArray6;
- /// FWP_V4_ADDR_AND_MASK*
- public System.IntPtr v4AddrMask;
- /// FWP_V6_ADDR_AND_MASK*
- public System.IntPtr v6AddrMask;
- /// FWP_RANGE0*
- public System.IntPtr rangeValue;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWPM_FILTER_CONDITION0_
- {
- /// GUID->_GUID
- //public GUID fieldKey;
- public Guid fieldKey;
- /// FWP_MATCH_TYPE->FWP_MATCH_TYPE_
- public FWP_MATCH_TYPE_ matchType;
- /// FWP_CONDITION_VALUE0_
- public FWP_CONDITION_VALUE0_ conditionValue;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWPM_ACTION0_
- {
- /// FWP_ACTION_TYPE
- public uint type;
- /// Anonymous_2997c82f_b552_43d7_a71b_526008c4825c
- public Guid filterType;
- /// GUID->_GUID
- public Guid calloutKey;
- }
- [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
- public struct FWPM_FILTER0_
- {
- /// GUID->_GUID
- //public GUID filterKey;
- public Guid filterKey;
- /// FWPM_DISPLAY_DATA0->FWPM_DISPLAY_DATA0_
- public FWPM_DISPLAY_DATA0_ displayData;
- /// UINT32->unsigned int
- public uint flags;
- /// GUID*
- public System.IntPtr providerKey;
- /// FWP_BYTE_BLOB->FWP_BYTE_BLOB_
- public FWP_BYTE_BLOB_ providerData;
- /// GUID->_GUID
- //public GUID layerKey;
- public Guid layerKey;
- /// GUID->_GUID
- //public GUID subLayerKey;
- public Guid subLayerKey;
- /// FWP_VALUE0->FWP_VALUE0_
- public FWP_VALUE0_ weight;
- /// UINT32->unsigned int
- public uint numFilterConditions;
- /// FWPM_FILTER_CONDITION0*
- public System.IntPtr filterCondition;
- /// FWPM_ACTION0->FWPM_ACTION0_
- public FWPM_ACTION0_ action;
- /// Anonymous_9e7af134_1c75_45df_ba40_12e91eb0542c
- /// UINT64->unsigned __int64
- public ulong rawContext;
- /// GUID->_GUID
- public Guid providerContextKey;
- /// GUID*
- public System.IntPtr reserved;
- /// UINT64->unsigned __int64
- public ulong filterId;
- //public IntPtr filterId;
- /// FWP_VALUE0->FWP_VALUE0_
- public FWP_VALUE0_ effectiveWeight;
- }
- public partial class NativeConstants
- {
- /// FWPM_CALLOUT_FLAG_PERSISTENT -> (0x00010000)
- public const int FWPM_CALLOUT_FLAG_PERSISTENT = 65536;
- /// FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT -> (0x00020000)
- public const int FWPM_CALLOUT_FLAG_USES_PROVIDER_CONTEXT = 131072;
- /// FWPM_CALLOUT_FLAG_REGISTERED -> (0x00040000)
- public const int FWPM_CALLOUT_FLAG_REGISTERED = 262144;
- /// FWP_ACTION_FLAG_TERMINATING -> (0x00001000)
- public const int FWP_ACTION_FLAG_TERMINATING = 4096;
- /// FWP_ACTION_FLAG_NON_TERMINATING -> (0x00002000)
- public const int FWP_ACTION_FLAG_NON_TERMINATING = 8192;
- /// FWP_ACTION_FLAG_CALLOUT -> (0x00004000)
- public const int FWP_ACTION_FLAG_CALLOUT = 16384;
- /// FWP_ACTION_BLOCK -> (0x00000001 | FWP_ACTION_FLAG_TERMINATING)
- public const int FWP_ACTION_BLOCK = (1 | NativeConstants.FWP_ACTION_FLAG_TERMINATING);
- /// FWP_ACTION_PERMIT -> (0x00000002 | FWP_ACTION_FLAG_TERMINATING)
- public const int FWP_ACTION_PERMIT = (2 | NativeConstants.FWP_ACTION_FLAG_TERMINATING);
- /// FWP_ACTION_CALLOUT_TERMINATING -> (0x00000003 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_TERMINATING)
- public const int FWP_ACTION_CALLOUT_TERMINATING = (3 | (NativeConstants.FWP_ACTION_FLAG_CALLOUT | NativeConstants.FWP_ACTION_FLAG_TERMINATING));
- /// FWP_ACTION_CALLOUT_INSPECTION -> (0x00000004 | FWP_ACTION_FLAG_CALLOUT | FWP_ACTION_FLAG_NON_TERMINATING)
- public const int FWP_ACTION_CALLOUT_INSPECTION = (4 | (NativeConstants.FWP_ACTION_FLAG_CALLOUT | NativeConstants.FWP_ACTION_FLAG_NON_TERMINATING));
- /// FWP_ACTION_CALLOUT_UNKNOWN -> (0x00000005 | FWP_ACTION_FLAG_CALLOUT)
- public const int FWP_ACTION_CALLOUT_UNKNOWN = (5 | NativeConstants.FWP_ACTION_FLAG_CALLOUT);
- /// FWP_ACTION_CONTINUE -> (0x00000006 | FWP_ACTION_FLAG_NON_TERMINATING)
- public const int FWP_ACTION_CONTINUE = (6 | NativeConstants.FWP_ACTION_FLAG_NON_TERMINATING);
- /// FWP_ACTION_NONE -> (0x00000007)
- public const int FWP_ACTION_NONE = 7;
- /// FWP_ACTION_NONE_NO_MATCH -> (0x00000008)
- public const int FWP_ACTION_NONE_NO_MATCH = 8;
- /// FWPM_FILTER_FLAG_NONE -> (0x00000000)
- public const int FWPM_FILTER_FLAG_NONE = 0;
- /// FWPM_FILTER_FLAG_PERSISTENT -> (0x00000001)
- public const int FWPM_FILTER_FLAG_PERSISTENT = 1;
- /// FWPM_FILTER_FLAG_BOOTTIME -> (0x00000002)
- public const int FWPM_FILTER_FLAG_BOOTTIME = 2;
- /// FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT -> (0x00000004)
- public const int FWPM_FILTER_FLAG_HAS_PROVIDER_CONTEXT = 4;
- /// FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT -> (0x00000008)
- public const int FWPM_FILTER_FLAG_CLEAR_ACTION_RIGHT = 8;
- /// FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED -> (0x00000010)
- public const int FWPM_FILTER_FLAG_PERMIT_IF_CALLOUT_UNREGISTERED = 16;
- /// FWPM_FILTER_FLAG_DISABLED -> (0x00000020)
- public const int FWPM_FILTER_FLAG_DISABLED = 32;
- /// FWPM_FILTER_FLAG_INDEXED -> (0x00000040)
- public const int FWPM_FILTER_FLAG_INDEXED = 64;
- }
- public partial class NativeMethods
- {
- /// Return Type: DWORD->unsigned int
- ///serverName: wchar_t*
- ///authnService: UINT32->unsigned int
- ///authIdentity: SEC_WINNT_AUTH_IDENTITY_W*
- ///session: FWPM_SESSION0*
- ///engineHandle: HANDLE*
- [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmEngineOpen0")]
- public static extern uint FwpmEngineOpen0([System.Runtime.InteropServices.InAttribute()] [System.Runtime.InteropServices.MarshalAsAttribute(System.Runtime.InteropServices.UnmanagedType.LPWStr)] string serverName, uint authnService, [System.Runtime.InteropServices.InAttribute()] System.IntPtr authIdentity, [System.Runtime.InteropServices.InAttribute()] System.IntPtr session, ref System.IntPtr engineHandle);
- /// Return Type: DWORD->unsigned int
- ///serverName: wchar_t*
- ///authnService: UINT32->unsigned int
- ///authIdentity: SEC_WINNT_AUTH_IDENTITY_W*
- ///session: FWPM_SESSION0*
- ///engineHandle: HANDLE*
- [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmEngineClose0")]
- public static extern uint FwpmEngineClose0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle);
- /// Return Type: DWORD->unsigned int
- ///engineHandle: HANDLE->void*
- ///filter: FWPM_FILTER0*
- ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
- ///id: UINT64*
- [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmFilterAdd0")]
- public static extern uint FwpmFilterAdd0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, [System.Runtime.InteropServices.InAttribute()] ref FWPM_FILTER0_ filter, [System.Runtime.InteropServices.InAttribute()] System.IntPtr sd, ref ulong id);
- /// Return Type: DWORD->unsigned int
- ///engineHandle: HANDLE->void*
- ///id: UINT64->unsigned __int64
- [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmFilterDeleteById0")]
- public static extern uint FwpmFilterDeleteById0(System.IntPtr engineHandle, ref ulong id);
- /// Return Type: DWORD->unsigned int
- ///engineHandle: HANDLE->void*
- ///subLayer: FWPM_SUBLAYER0*
- ///sd: PSECURITY_DESCRIPTOR->PVOID->void*
- [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmSubLayerAdd0")]
- public static extern uint FwpmSubLayerAdd0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, [System.Runtime.InteropServices.InAttribute()] ref FWPM_SUBLAYER0_ subLayer, [System.Runtime.InteropServices.InAttribute()] System.IntPtr sd);
- /// Return Type: DWORD->unsigned int
- ///engineHandle: HANDLE->void*
- ///key: GUID*
- [System.Runtime.InteropServices.DllImportAttribute("FWPUClnt.dll", EntryPoint = "FwpmSubLayerDeleteByKey0")]
- public static extern uint FwpmSubLayerDeleteByKey0([System.Runtime.InteropServices.InAttribute()] System.IntPtr engineHandle, ref Guid key);
- }
- internal static class Extensions
- {
- public static FWP_V4_ADDR_AND_MASK_[] ToFwpV4AddrAndMask(this IPHostEntry obj)
- {
- var ret = new List<FWP_V4_ADDR_AND_MASK_>();
- foreach (var ipAddress in obj.AddressList)
- {
- if (ipAddress.AddressFamily == AddressFamily.InterNetwork)
- {
- var addr = BitConverter.ToUInt32(ipAddress.GetAddressBytes().Reverse().ToArray(), 0);
- if (ret.All(x => x.addr != addr))
- {
- ret.Add(new FWP_V4_ADDR_AND_MASK_
- {
- addr = addr,
- mask = 0xFFFFFFFF
- });
- }
- }
- }
- return ret.ToArray();
- }
- public static IntPtr ToIntPtr(this object obj)
- {
- var handle = GCHandle.Alloc(obj);
- return GCHandle.ToIntPtr(handle);
- }
- }
- class Program
- {
- #region Authentication Service Constants
- const uint RPC_C_AUTHN_NONE = 0;
- const uint RPC_C_AUTHN_DCE_PRIVATE = 1;
- const uint RPC_C_AUTHN_DCE_PUBLIC = 2;
- const uint RPC_C_AUTHN_DEC_PUBLIC = 4;
- const uint RPC_C_AUTHN_GSS_NEGOTIATE = 9;
- const uint RPC_C_AUTHN_WINNT = 10;
- const uint RPC_C_AUTHN_GSS_SCHANNEL = 14;
- const uint RPC_C_AUTHN_GSS_KERBEROS = 16;
- const uint RPC_C_AUTHN_DPA = 17;
- const uint RPC_C_AUTHN_MSN = 18;
- const uint RPC_C_AUTHN_DIGEST = 21;
- const uint RPC_C_AUTHN_NEGO_EXTENDER = 30;
- const uint RPC_C_AUTHN_MQ = 100;
- const uint RPC_C_AUTHN_DEFAULT = 0xffffffff;
- #endregion
- #region Filter Keys
- private static Guid FWPM_CONDITION_FLAGS = new Guid("{632ce23b-5167-435c-86d7-e903684aa80c}");
- private static Guid FWPM_CONDITION_INTERFACE_INDEX = new Guid("{667fd755-d695-434a-8af5-d3835a1259bc}");
- private static Guid FWPM_CONDITION_INTERFACE_TYPE = new Guid("{daf8cd14-e09e-4c93-a5ae-c5c13b73ffca}");
- private static Guid FWPM_CONDITION_IP_LOCAL_ADDRESS = new Guid("{d9ee00de-c1ef-4617-bfe3-ffd8f5a08957}");
- private static Guid FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE = new Guid("{6ec7f6c4-376b-45d7-9e9c-d337cedcd237}");
- private static Guid FWPM_CONDITION_IP_LOCAL_INTERFACE = new Guid("{4cd62a49-59c3-4969-b7f3-bda5d32890a4}");
- private static Guid FWPM_CONDITION_IP_LOCAL_PORT = new Guid("{0c1ba1af-5765-453f-af22-a8f791ac775b}");
- private static Guid FWPM_CONDITION_IP_PROTOCOL = new Guid("{3971ef2b-623e-4f9a-8cb1-6e79b806b9a7}");
- private static Guid FWPM_CONDITION_IP_REMOTE_ADDRESS = new Guid("{b235ae9a-1d64-49b8-a44c-5ff3d9095045}");
- private static Guid FWPM_CONDITION_IP_REMOTE_PORT = new Guid("{c35a604d-d22b-4e1a-91b4-68f674ee674b}");
- private static Guid FWPM_CONDITION_SUB_INTERFACE_INDEX = new Guid("{0cd42473-d621-4be3-ae8c-72a348d283e1}");
- private static Guid FWPM_CONDITION_TUNNEL_TYPE = new Guid("{77a40437-8779-4868-a261-f5a902f1c0cd}");
- #endregion
- #region Layer Keys
- private static Guid FWPM_LAYER_INBOUND_IPPACKET_V4 = new Guid("{c86fd1bf-21cd-497e-a0bb-17425c885c58}");
- private static Guid FWPM_LAYER_OUTBOUND_IPPACKET_V4 = new Guid("{1e5c9fae-8a84-4135-a331-950b54229ecd}");
- private static Guid FWPM_LAYER_INBOUND_TRANSPORT_V4 = new Guid("{5926dfc8-e3cf-4426-a283-dc393f5d0f9d}");
- #endregion
- private static readonly List<FWP_V4_ADDR_AND_MASK_> SitesList = new List<FWP_V4_ADDR_AND_MASK_>();
- private static IntPtr _engineHandle;
- private static Guid _subLayerGuid;
- private static readonly List<FWPM_FILTER0_> Filters = new List<FWPM_FILTER0_>();
- static void Main(string[] args)
- {
- // Get a list of FWP_V4_ADDR_MASK
- SitesList.AddRange(Dns.GetHostEntry("facebook.com").ToFwpV4AddrAndMask());
- SitesList.AddRange(Dns.GetHostEntry("www.facebook.com").ToFwpV4AddrAndMask());
- // Create Guid for sublayer
- _subLayerGuid = Guid.NewGuid();
- // Create sublayer
- var subLayer = new FWPM_SUBLAYER0_
- {
- displayData = new FWPM_DISPLAY_DATA0_
- {
- name = "MyFirewall",
- description = "MyFirewall"
- },
- subLayerKey = _subLayerGuid
- };
- // Create a filter condition for each FWP_V4_ADDR_MASK
- var filterConditions = new List<FWPM_FILTER_CONDITION0_>();
- foreach (var site in SitesList)
- {
- filterConditions.Add(new FWPM_FILTER_CONDITION0_
- {
- fieldKey = FWPM_CONDITION_IP_REMOTE_ADDRESS,
- matchType = FWP_MATCH_TYPE_.FWP_MATCH_EQUAL,
- conditionValue = new FWP_CONDITION_VALUE0_
- {
- type = FWP_DATA_TYPE_.FWP_V4_ADDR_MASK,
- v4AddrMask = site.ToIntPtr()
- }
- });
- }
- // Create a filter with the condition list above
- var filterIn = new FWPM_FILTER0_
- {
- subLayerKey = _subLayerGuid,
- layerKey = FWPM_LAYER_INBOUND_IPPACKET_V4,
- displayData = new FWPM_DISPLAY_DATA0_
- {
- name = "Filter to block inbound ipv4 traffic to sites given as argument"
- },
- action = new FWPM_ACTION0_
- {
- type = NativeConstants.FWP_ACTION_BLOCK
- },
- filterCondition = filterConditions.ToIntPtr(),
- numFilterConditions = (uint)filterConditions.Count,
- weight = new FWP_VALUE0_
- {
- type = FWP_DATA_TYPE_.FWP_UINT8,
- uint8 = 0x00
- }
- };
- // Open engine
- var hr = NativeMethods.FwpmEngineOpen0(null, RPC_C_AUTHN_WINNT, IntPtr.Zero, IntPtr.Zero, ref _engineHandle);
- Marshal.ThrowExceptionForHR((int)hr);
- // Add sublayer
- hr = NativeMethods.FwpmSubLayerAdd0(_engineHandle, ref subLayer, IntPtr.Zero);
- Marshal.ThrowExceptionForHR((int)hr);
- // Add filter
- hr = NativeMethods.FwpmFilterAdd0(_engineHandle, ref filterIn, IntPtr.Zero, ref filterIn.filterId);
- Marshal.ThrowExceptionForHR((int)hr);
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement