- This topic has 7 replies, 2 voices, and was last updated 6 years, 6 months ago by
.
-
Posts
-
Hi,
Is there a way to use your firewall app to allow only certain type of udp packets and block the rest on kernel level?Sure, it is possible using built-in WinpkFilter filter engine if the criteria for the packets is not too complex (UDP packets with particular IP/port information). If you need something more complex you can redirect UDP packets for the processing in the application and block the rest in the kernel.
I wanted to ask if we can create rules for udp like accept only packets containing a string lets say for example it contains string hi and i want to allow only it while blocking the rest and/or hex byte 2e on byte 30 or using u32 Binary for example 28=0xffffffff – which will block all packets containing /xff/xff/xff/xff after byte 28
Also, If its possible to add alot of ips in a single rule in it to block packets from those ips.
If firewall cant do high level filtering, do you provide any app which allows it?
I want only specified udp packets which match the rules to be allowed through kernel and block all other trash packets.Also, i was trying to add multiple ips in a single rule in firewall, it only allows me to add one (or a range) i have a list of 8500 Ip addresses which i want to block using kernel filtering. Thanks.
You could use WinpkFilter library to redirect UDP packets for processing in user mode and pass everything else. In your application you can implement any sort of analyses for redirected UDP (including sub string search and etc. ) packets and decide to block/pass or even modify them.
That’s the problem, We’re receiving a ddos attack and i wanted to filter them on kernel level like in linux, or block the list of ip addresses which is ddosing us.
- You must be logged in to reply to this topic.