Click here to Skip to main content
15,923,083 members
Please Sign up or sign in to vote.
2.33/5 (3 votes)
Hi.
I have this code for filtering in firewall, but doesn't show any action on packets!!
Help me please
Following is the code:
C#
class IpPacketFilter
{
    [DllImport("iphlpapi.dll", EntryPoint = "PfBindInterfaceToIPAddress")]
    public static extern int PfBindInterfaceToIPAddress(IntPtr Interface_handle, PFADDRESSTYPE pfatType, ref int ip_address);
      [DllImport("iphlpapi.dll", EntryPoint = "PfCreateInterface")]
    public static extern int PfCreateInterface(int dwName, PFFORWARD_ACTION inAction, PFFORWARD_ACTION outAction, bool UseLog, bool MustBeUnique, ref IntPtr ppInterface);
    //////    ////
    [DllImport("iphlpapi.dll", EntryPoint = "PfAddFiltersToInterface")]
    public static extern int PfAddFiltersToInterface(
        IntPtr interface_handle,
        int cInFilters,
        [MarshalAsAttribute(UnmanagedType.Struct)]
        ref PPF_FILTER_DESCRIPTOR pfiltIn,
        int cOutFilters,
        [MarshalAsAttribute(UnmanagedType.Struct)]
        ref PPF_FILTER_DESCRIPTOR pfiltOut,
        [MarshalAsAttribute(UnmanagedType.Struct)]
        ref PPF_FILTER_DESCRIPTOR pfHandle
        );
}
public unsafe struct PPF_FILTER_DESCRIPTOR
{
    public FILTER_FLAGS dwFilterFlags;
    public int dwRule;
    public PFADDRESSTYPE pfatType;
    public int* SrcAddr;
    public int* SrcMask;
    public int* DstAddr;
    public int* DstMask;
    public PROTOCOL dwProtocol;
    public int fLateBound;
    public int wSrcPort;
    public int wDstPort;
    public int wSrcPortHighRange;
    public int wDstPortHighRange;
}
public enum PFFORWARD_ACTION : int
{
    PF_ACTION_FORWARD = 0,
    PF_ACTION_DROP
}
public enum PFADDRESSTYPE : int
{
    PF_IPV4,
    PF_IPV6
}
public  enum PROTOCOL : int
{
    ANY = 0x00,
    ICMP = 0x01,
    TCP = 0x06,
    UDP = 0x11
}
public  enum FILTER_FLAGS : int
{
    FD_FLAGS = 0x1
}
}

C#
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Runtime.InteropServices;
using System.Net;
 
namespace ConsoleApplication1
{
    
    class Program
    {
        internal const int FALSE = 0;
        internal const int TRUE = 1;
        static void Main(string[] args)
        {
            string[] hostsToBlock = new string[2]; 
            hostsToBlock[0] = "192.168.0.2,255.255.255.0,0";  
            //blocks all traffic on any port to/from 67.77.87.97   
            hostsToBlock[1] = "0.0.0.0,0.0.0.0,29000";   
            //blocks all traffic on port 29000, in and out   
            StartPacketFilter(hostsToBlock);
            Console.ReadLine();
           
         }
        internal static int lIpFromString(string sIpAddress) 
        { 
            int lIp = 0;
            try 
            {
                string[] octets = sIpAddress.Split(new string[] { "." }, StringSplitOptions.None);
                if (octets.Length != 4)   
                    return 0;
                for (int i = 0; i < 4; i++)   
                    lIp |= (int.Parse(octets[i]) << (i * 8));
            } 
            catch 
            { 
            }
            return lIp;
        }
        internal static string[] GetLocalIpAddresses()
        {
            IPHostEntry host = Dns.GetHostEntry(Dns.GetHostName());
            string[] localIpAddresses = new string[host.AddressList.Length];
            for (int i = 0; i < host.AddressList.Length; i++) 
            { 
                localIpAddresses[i] = host.AddressList[i].ToString();
            }
                 return localIpAddresses; 
        }
        internal static bool StartPacketFilter(string[] hosts)
        {  
            string[] localIpAddresses = GetLocalIpAddresses();
            //Console.WriteLine(localIpAddresses);
            if (localIpAddresses == null)
                return false; 
            foreach (string localAddress in localIpAddresses)
            {
               
                int result; 
                IntPtr interfaceHandle = new IntPtr();   
                //convert the string IP to an unsigned int for p/invoke
                int lLocalIp = lIpFromString(localAddress);
                 //create a filter interface in the tcp/ip stack 
                result = IpPacketFilter.PfCreateInterface(0, PFFORWARD_ACTION.PF_ACTION_FORWARD, PFFORWARD_ACTION.PF_ACTION_FORWARD, false, true, ref interfaceHandle);
                if (result != 0)
                    return false; 
                //bind interface to an ip address 
                result = IpPacketFilter.PfBindInterfaceToIPAddress(interfaceHandle, PFADDRESSTYPE.PF_IPV4, ref lLocalIp);    
                if (result != 0)
                    return false; 
                foreach (string targetHost in hosts)   
                {        
                    ////IntPtr filterHandle = new IntPtr();  
                    string[] hostDetail = targetHost.Split(new string[] { "," }, StringSplitOptions.None);
                   
                    if (hostDetail != null && hostDetail.Length == 3)  
                    {       
                        //build the filter structure  
                        PPF_FILTER_DESCRIPTOR filter = new PPF_FILTER_DESCRIPTOR();   
                        filter.dwFilterFlags = FILTER_FLAGS.FD_FLAGS; 
                        filter.dwRule = FALSE;             
                        filter.pfatType = PFADDRESSTYPE.PF_IPV4;     
                        filter.dwProtocol = PROTOCOL.TCP;        
                        int iSrcAddr = lLocalIp;              
                        int iSrcMask = lIpFromString("255.255.255.0");
                        filter.wSrcPort = 0;  
                        filter.wSrcPortHighRange = 0;         
                        int iDstAddr = lIpFromString(hostDetail[0]);    
                        int iDstMask = lIpFromString(hostDetail[1]); 
                        filter.wDstPort = int.Parse(hostDetail[2]);       
                        filter.wDstPortHighRange = int.Parse(hostDetail[2]); 
 
                        unsafe          
                        {         
                            filter.SrcAddr = &iSrcAddr;   
                            filter.DstAddr = &iDstAddr;    
                            filter.SrcMask = &iSrcMask; 
                            filter.DstMask = &iDstMask;  
                        }             
                        // add filter to interface (both inbound and outbound)   
                        result = IpPacketFilter.PfAddFiltersToInterface(interfaceHandle, 1, ref filter, 1, ref filter, ref filter);
                        
                        if (result != 0) 
                            return false;
                        
                    }
                  
                }
                
            }
           
            return true;
        }
    }
}
Posted
Updated 26-Aug-11 1:08am
v2
Comments
Sergey Alexandrovich Kryukov 6-Aug-11 15:23pm    
OK, this is a code dump. Where is the description of your problem?
--SA
#realJSOP 26-Aug-11 7:37am    
It "doesn't show any packets!!" - whatever the hell that means.
elham65_tansa 26-Aug-11 7:44am    
"doesn't show any action on packets" means : The firewall should be the IP we will DROP but this does not happen and packets are forwarded
elham65_tansa 6-Aug-11 15:32pm    
For example, a packet filter that comes with the IP 192.168.0.2, but let that pass.
It also does not have any error. Only when it passed to the default action is drop. Trace it to run it in visual studio.
I need this code please help me.
elham65_tansa 20-Aug-11 4:46am    
please help me , i need this code!!!!!!

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900