[selim_ro]

So I’ve remade the static filters, there seemed to be a problem with the way I configured the static filter that should have been blocking the local port 80, for now it seems to be working fine. However, the original problem is persisting, I have to add a special rule for allowing DNS traffic coming towards my machine. Even though there is no rule blocking it.

[selim_ro]

so… the new filters are:

filter1: the same as in the previous post

filter2:

STATIC_FILTER result = {0};

result.m_Adapter.QuadPart = deviceHandle;

result.m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;

result.m_FilterAction = FILTER_PACKET_DROP;

result.m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;



result.m_NetworkFilter.m_dwUnionSelector = IPV4;

result.m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;

result.m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_TCP;



result.m_TransportFilter.m_dwUnionSelector = TCPUDP;

result.m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_DEST_PORT;

result.m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80;

result.m_TransportFilter.m_TcpUdp.m_DestPort.m_StartRange = 80;

filter3:

STATIC_FILTER result = {0};

result.m_Adapter.QuadPart = 0;

result.m_ValidFields = NETWORK_LAYER_VALID | TRANSPORT_LAYER_VALID;

result.m_FilterAction = FILTER_PACKET_PASS;

result.m_dwDirectionFlags = PACKET_FLAG_ON_RECEIVE;



result.m_NetworkFilter.m_dwUnionSelector = IPV4;

result.m_NetworkFilter.m_IPv4.m_ValidFields = IP_V4_FILTER_PROTOCOL;

result.m_NetworkFilter.m_IPv4.m_Protocol = IPPROTO_UDP;



result.m_TransportFilter.m_dwUnionSelector = TCPUDP;

result.m_TransportFilter.m_TcpUdp.m_ValidFields = TCPUDP_SRC_PORT;

result.m_TransportFilter.m_TcpUdp.m_SourcePort.m_StartRange = 53;

result.m_TransportFilter.m_TcpUdp.m_SourcePort.m_EndRange = 53;

filter4: is the default filter, everything passes, the problem now is that the normal http traffic going through port 80 is not blocked

[Author]

Posts