Create Rules for an IPv6 Subnet

The following table shows an example of how to create rules for an IPv6 subnet. In this case, inbound traffic is received from a trusted subnet 3ffe:2900:/32.

Security Note   Use caution when creating a rule to receive traffic from a trusted subnet. This could expose a weakness in the firewall because IP addresses can be faked, or spoofed.

dwFlags PrivateHost PublicHost PublicHostPrefix
FWF_ALLOW | FWF_INBOUND AF_INET6 3ffe:2900 32

Registry entries for the rule

The following registry example shows the registry entries for this rule.

[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\TrafficFrom3ffe:2900]
    "Mask"=dword:1002        ; FWM_PUBLIC_HOST | FWM_PUBLIC_HOST_PREFIX
    "Flags"=dword:0A          ; FWF_ALLOW | FWF_INBOUND
    "PrivateHost"=hex:17,00         ; AF_INET6
    "PublicHost"=hex:17,00,00,00,3f,fe,29,00         ; 3ffe:2900
    "PublicHostPrefix"=dword:20         ; / 32

Code example to create the rule

The following code example shows this rule.

    FW_RULE TrafficFrom3ffe2900;
    SOCKADDR_STORAGE ssSaddr;
    int saddrsize=sizeof(ssSaddr);

    // The following fields must always be set.
    TrafficFrom3ffe2900.dwSize = sizeof(FW_RULE);
    TrafficFrom3ffe2900.dwFlags = FWF_ALLOW | FWF_INBOUND;
    TrafficFrom3ffe2900.dwMask = 0; // initialize mask to zero
    TrafficFrom3ffe2900.PrivateHost.Family = AF_INET6; 
    TrafficFrom3ffe2900.wszDescription = L"Allow inbound traffic from the trusted subnet 3ffe:2900::/32";

//Public IP.
    TrafficFrom3ffe2900 .dwMask |= FWM_PUBLIC_HOST;
    WSAStringToAddress(_T("3ffe:2900::"), AF_INET6, NULL, (PSOCKADDR) &ssSaddr, &saddrsize);
    TrafficFrom3ffe2900.PublicHost.AddressIPv6 = ((PSOCKADDR_IN6) &ssSaddr)->sin6_addr;
    TrafficFrom3ffe2900.dwMask |= FWM_PUBLIC_HOST_PREFIX;
    TrafficFrom3ffe2900.PublicHostPrefixLength = 32;
    
    // Create a persistent rule.
    FirewallCreateRule(&TrafficFrom3ffe2900, TRUE); 

See Also

General Firewall Rule Examples | Default IP Firewall Rules | FW_RULE

 Last updated on Tuesday, May 18, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.