Log Blocked Inbound Packets
These rules log blocked inbound packets. The following table shows an example of how to create rules for logging. In this case, the firewall logs blocked inbound packets everyday, and logs all packets on Fridays.
dwFlags | Action | wDayOfWeek |
---|---|---|
FWF_LOG | FWF_INBOUND | FWA_BLOCK | |
FWF_LOG | FWF_INBOUND | FWD_FRIDAY | |
FWF_LOG | FWF_OUTBOUND | FWD_FRIDAY |
Registry entries for the rule
The following registry example shows the registry entries for this rule.
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogBlockedInbound]
"Mask"=dword:40 ; FWM_ACTION
"PrivateHost"=hex:02,00 ; AF_INET
"Flags"=dword:0C ; FWF_LOG | FWF_INBOUND
"Action"=dword:01 ; FWA_BLOCK
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogInboundFriday]
"Mask"=dword:100 ; FWM_DAY_OF_WEEK
"PrivateHost"=hex:02,00 ; AF_INET
"Flags"=dword:0C ; FWF_LOG | FWF_INBOUND
"DayOfWeek"=dword:20 ; FWD_FRIDAY
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogOutboundFriday]
"Mask"=dword:100 ; FWM_DAY_OF_WEEK
"PrivateHost"=hex:02,00 ; AF_INET
"Flags"=dword:14 ; FWF_LOG | FWF_OUTBOUND
"DayOfWeek"=dword:20 ; FWD_FRIDAY
Code example to create the rule
The following code example shows this rule.
FW_RULE LogBlockedInbound;
// The following fields must always be set.
LogBlockedInbound.dwSize = sizeof(FW_RULE);
LogBlockedInbound.dwFlags = FWF_LOG | FWF_INBOUND;
LogBlockedInbound.dwMask = 0; //Initialize to zero
LogBlockedInbound.PrivateHost.Family = AF_INET;
LogBlockedInbound.wszDescription = L"Log blocked inbound packets everyday";
// Action.
LogBlockedInbound.dwMask |= FWM_ACTION;
LogBlockedInbound.Action = FWA_BLOCK;
// Create a persistent rule.
FirewallCreateRule(&LogBlockedInbound, TRUE);
FW_RULE LogInboundFriday;
// The following fields must always be set.
LogInboundFriday.dwSize = sizeof(FW_RULE);
LogInboundFriday.dwFlags = FWF_LOG | FWF_INBOUND;
LogInboundFriday.dwMask = 0; //Initialize to zero
LogInboundFriday.PrivateHost.Family = AF_INET;
LogInboundFriday.wszDescription = L"Log inbound packets Fridays";
// Day of week.
LogInboundFriday.dwMask |= FWM_DAY_OF_WEEK;
LogInboundFriday.wDayOfWeek = FWD_FRIDAY;
// Create a persistent rule.
FirewallCreateRule(&LogInboundFriday, TRUE);
FW_RULE LogOutboundFriday;
// The following fields must always be set.
LogOutboundFriday.dwSize = sizeof(FW_RULE);
LogOutboundFriday.dwFlags = FWF_LOG | FWF_OUTBOUND;
LogOutboundFriday.dwMask = 0; //Initialize to zero
LogOutboundFriday.PrivateHost.Family = AF_INET;
LogOutboundFriday.wszDescription = L"Log outbound packets Fridays";
// Day of week.
LogOutboundFriday.dwMask |= FWM_DAY_OF_WEEK;
LogOutboundFriday.wDayOfWeek = FWD_FRIDAY;
// Create a persistent rule.
FirewallCreateRule(&LogOutboundFriday, TRUE);
See Also
General Firewall Rule Examples | Default IP Firewall Rules | FW_RULE
Last updated on Tuesday, May 18, 2004
© 1992-2003 Microsoft Corporation. All rights reserved.