毕设中的一个小部分就是白名单防火墙,NDIS觉得太复杂了就没去深入了解,最终确定了用Win API去完成这个功能,眼看毕设的提交时间就要到,才发现白名单功能好像实现不了,很郁闷,希望大家可以帮帮忙!万分感谢。
引MSDN:PfCreateInterface
The PfCreateInterface function creates a new filter interface. Use this interface to control the adding and deleting of filters to and from adapters. PfCreateInterface(
DWORD dwName,
PFFORWARD_ACTION inAction,
PFFORWARD_ACTION outAction,
BOOL bUseLog,
BOOL bMustBeUnique,
INTERFACE_HANDLE *ppInterface
);
这之前所想的是把inAction与OutAction都设为PF_ACTION_DROP,然后添加填充结构体,添加规则就可以达到我的目的,现在目的不可达成。---------------------------- 结构体 -------------------------------
typedef struct _PF_FILTER_DESCRIPTOR {
DWORD dwFilterFlags; // see below
DWORD dwRule; // copied into the log when appropriate
PFADDRESSTYPE pfatType;
PBYTE SrcAddr;
PBYTE SrcMask;
PBYTE DstAddr;
PBYTE DstMask;
DWORD dwProtocol;
DWORD fLateBound;
WORD wSrcPort;
WORD wDstPort;
WORD wSrcPortHighRange;
WORD wDstPortHighRange;
} PF_FILTER_DESCRIPTOR, *PPF_FILTER_DESCRIPTOR;
---------------------------------------------------------------------------我的测试是内网的两台机子互PING,假如我把IN/OUTAction都设为PF_ACTION_FORWARD,IP地址填上俩机的地址,端口设为0,俩掩码都设为255.255.255.255,那么黑名单规则实现。但是想用相同的方法来实现白名单功能就不行了,也不知道是哪里出的问题,望指教!在网上搜到一个同样内核的防火墙,我进行相关设置也达不到相同的目的,不知道是不是设置的问题?该开源防火墙的地址:http://sourceforge.net/projects/firewallpapi/
希望高人能指教指教,好让完成毕业设计。谢谢!
引MSDN:PfCreateInterface
The PfCreateInterface function creates a new filter interface. Use this interface to control the adding and deleting of filters to and from adapters. PfCreateInterface(
DWORD dwName,
PFFORWARD_ACTION inAction,
PFFORWARD_ACTION outAction,
BOOL bUseLog,
BOOL bMustBeUnique,
INTERFACE_HANDLE *ppInterface
);
这之前所想的是把inAction与OutAction都设为PF_ACTION_DROP,然后添加填充结构体,添加规则就可以达到我的目的,现在目的不可达成。---------------------------- 结构体 -------------------------------
typedef struct _PF_FILTER_DESCRIPTOR {
DWORD dwFilterFlags; // see below
DWORD dwRule; // copied into the log when appropriate
PFADDRESSTYPE pfatType;
PBYTE SrcAddr;
PBYTE SrcMask;
PBYTE DstAddr;
PBYTE DstMask;
DWORD dwProtocol;
DWORD fLateBound;
WORD wSrcPort;
WORD wDstPort;
WORD wSrcPortHighRange;
WORD wDstPortHighRange;
} PF_FILTER_DESCRIPTOR, *PPF_FILTER_DESCRIPTOR;
---------------------------------------------------------------------------我的测试是内网的两台机子互PING,假如我把IN/OUTAction都设为PF_ACTION_FORWARD,IP地址填上俩机的地址,端口设为0,俩掩码都设为255.255.255.255,那么黑名单规则实现。但是想用相同的方法来实现白名单功能就不行了,也不知道是哪里出的问题,望指教!在网上搜到一个同样内核的防火墙,我进行相关设置也达不到相同的目的,不知道是不是设置的问题?该开源防火墙的地址:http://sourceforge.net/projects/firewallpapi/
希望高人能指教指教,好让完成毕业设计。谢谢!
rule 0 permit ip vpn-instance vpn-bh source 1.1.1.1 0
rule 1 permit tcp vpn-instance vpn-bh established
rule 2 permit icmp vpn-instance vpn-bh
rule 4 permit tcp vpn-instance vpn-bh destination-port range 8090 9000
rule 5 deny ip vpn-instance vpn-bh
CISCO的ACL
access-list 101 permit ip any 10.37.112.0 0.0.0.255
access-list 101 permit ip any 10.141.189.0 0.0.0.255
access-list 101 deny ip any any是这种思路吗? 本来想给你天融信和方正的控制策略表,结果都在公司的机器上,不过思路是一样的