Log Blocked Inbound Packets

These rules log blocked inbound packets. The following table shows an example of how to create rules for logging. In this case, the firewall logs blocked inbound packets everyday, and logs all packets on Fridays.

dwFlags Action wDayOfWeek
FWF_LOG | FWF_INBOUND FWA_BLOCK  
FWF_LOG | FWF_INBOUND   FWD_FRIDAY
FWF_LOG | FWF_OUTBOUND   FWD_FRIDAY

Registry entries for the rule

The following registry example shows the registry entries for this rule.

[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogBlockedInbound]
    "Mask"=dword:40        ; FWM_ACTION
    "PrivateHost"=hex:02,00        ; AF_INET
    "Flags"=dword:0C        ; FWF_LOG | FWF_INBOUND
    "Action"=dword:01         ; FWA_BLOCK

[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogInboundFriday]
    "Mask"=dword:100        ; FWM_DAY_OF_WEEK
    "PrivateHost"=hex:02,00        ; AF_INET
    "Flags"=dword:0C        ; FWF_LOG | FWF_INBOUND
    "DayOfWeek"=dword:20         ; FWD_FRIDAY

[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogOutboundFriday]
    "Mask"=dword:100        ; FWM_DAY_OF_WEEK
    "PrivateHost"=hex:02,00        ; AF_INET
    "Flags"=dword:14        ; FWF_LOG | FWF_OUTBOUND
    "DayOfWeek"=dword:20         ; FWD_FRIDAY

Code example to create the rule

The following code example shows this rule.

    FW_RULE LogBlockedInbound;

    // The following fields must always be set.
    LogBlockedInbound.dwSize = sizeof(FW_RULE);
    LogBlockedInbound.dwFlags = FWF_LOG | FWF_INBOUND;
    LogBlockedInbound.dwMask = 0; //Initialize to zero
    LogBlockedInbound.PrivateHost.Family = AF_INET;
    LogBlockedInbound.wszDescription = L"Log blocked inbound packets everyday";
    
    // Action.
    LogBlockedInbound.dwMask |= FWM_ACTION;
    LogBlockedInbound.Action = FWA_BLOCK;

    // Create a persistent rule.
    FirewallCreateRule(&LogBlockedInbound, TRUE); 

    FW_RULE LogInboundFriday;
    
    // The following fields must always be set.
    LogInboundFriday.dwSize = sizeof(FW_RULE);
    LogInboundFriday.dwFlags = FWF_LOG | FWF_INBOUND;
    LogInboundFriday.dwMask = 0; //Initialize to zero
    LogInboundFriday.PrivateHost.Family = AF_INET;
    LogInboundFriday.wszDescription = L"Log inbound packets Fridays";
    
    // Day of week.
    LogInboundFriday.dwMask |= FWM_DAY_OF_WEEK;
    LogInboundFriday.wDayOfWeek = FWD_FRIDAY;

    // Create a persistent rule.
    FirewallCreateRule(&LogInboundFriday, TRUE); 

    FW_RULE LogOutboundFriday;
    
    // The following fields must always be set.
    LogOutboundFriday.dwSize = sizeof(FW_RULE);
    LogOutboundFriday.dwFlags = FWF_LOG | FWF_OUTBOUND;
    LogOutboundFriday.dwMask = 0; //Initialize to zero
    LogOutboundFriday.PrivateHost.Family = AF_INET;
    LogOutboundFriday.wszDescription = L"Log outbound packets Fridays";
    
    // Day of week.
    LogOutboundFriday.dwMask |= FWM_DAY_OF_WEEK;
    LogOutboundFriday.wDayOfWeek = FWD_FRIDAY;

    // Create a persistent rule.
    FirewallCreateRule(&LogOutboundFriday, TRUE); 

See Also

General Firewall Rule Examples | Default IP Firewall Rules | FW_RULE

 Last updated on Tuesday, May 18, 2004

© 1992-2003 Microsoft Corporation. All rights reserved.