使用WFP过滤器允许一对端口和ip

Question

我希望有防火墙来隔离我的设备与网络，除了少数端口/ip对，我希望允许。

例如，为了允许某些端口(对于所有ip地址)，我使用以下筛选器：

FWPM_FILTER_CONDITION0 conditions2；

conditions[0].fieldKey = FWPM_CONDITION_IP_REMOTE_PORT;
conditions[0].conditionValue.type = FWP_UINT16;
conditions[0].conditionValue.uint16 = port;

conditions[1].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conditions[1].conditionValue.type = FWP_UINT8;
conditions[1].conditionValue.uint32 = 0;
conditions[1].matchType = FWP_MATCH_GREATER_OR_EQUAL;

Filter.subLayerKey = myGUID;
Filter.displayData.name = L"myFirewall";
Filter.action.type = FWP_ACTION_PERMIT;
Filter.weight.type = FWP_UINT64;

uint64 weightvalue = 0x102;

Filter.weight.uint64 = &weightvalue;
Filter.flags = FWPM_FILTER_FLAG_PERSISTENT;
Filter.filterCondition = conditions;
Filter.layerKey = FWPM_LAYER_OUTBOUND_TRANSPORT_V4
Filter.numFilterConditions = 2;

此过滤器允许具有单个最大端口的数据包，而不考虑其ip。如何向筛选条件中添加特定的ip？

谢谢

Answer 1

匹配远程IP地址的筛选条件。

conditions[1].fieldKey = FWPM_CONDITION_IP_PROTOCOL;
conditions[1].conditionValue.type = FWP_V4_ADDR_MASK;
conditions[1].conditionValue.v4AddrMask = new FWP_V4_ADDR_AND_MASK;
conditions[1].conditionValue.v4AddrMask->addr = ip;
conditions[1].conditionValue.v4AddrMask->mask = VISTA_SUBNET_MASK;
conditions[1].matchType = FWP_MATCH_EQUAL;