Filtering condition identifiers

  • Article

The Windows Filtering Platform (WFP) filtering condition identifiers are each represented by a GUID. The data type for the condition value for each filtering condition is specified as an FWP_DATA_TYPE. These identifiers and their data types are defined here.

The standard conditions are listed first, followed by the conditions specific to user mode. Conditions are grouped by supported operating system, so that you can easily tell which conditions are supported for a given OS.

Note

Each of the following filtering conditions is available only at a subset of the WFP filtering layers. For more information on each condition's availability at any given layer, see Filtering Conditions Available at Each Filtering Layer.

Condition Description
FWPM_CONDITION_ALE_PACKAGE_FAMILY_NAME The package family name of the app.
Data type: FWP_SECURITY_DESCRIPTOR_TYPE
FWPM_CONDITION_ALE_SECURITY_ATTRIBUTE_FQBN_VALUE The Fully Qualified Binary Name of the app.
Data type: FWP_BYTE_BLOB
FWPM_CONDITION_IPSEC_SECURITY_REALM_ID The ID of the IPSec security realm.
Data type: FWP_BYTE_BLOB
FWPM_CONDITION_ALE_EFFECTIVE_NAME The name of the server.
Data type: FWP_BYTE_BLOB
FWPM_CONDITION_RPC_OPNUM The RPC OpNum for an RPC call made to an RPC listener.
Data type: FWP_UINT16
FWPM_CONDITION_COMPARTMENT_ID The ID of the TCPIP compartment.
Data typetype: FWP_UINT32
FWPM_CONDITION_ALE_EFFECTIVE_NAME A buffer containing the server address.
Data type: FWP_BYTE_BLOB
FWPM_CONDITION_NET_EVENT_TYPE This 32-bit value is an FWPM_NET_EVENT_TYPE. You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_IP_PROTOCOL You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_IP_LOCAL_ADDRESS You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_IP_REMOTE_ADDRESS You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_IP_LOCAL_PORT You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_IP_REMOTE_PORT You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_SCOPE_ID You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_ALE_APP_ID You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
FWPM_CONDITION_ALE_USER_ID You can use this condition in a FWPM_NET_EVENT_ENUM_TEMPLATE0 structure, and thus also with FWPM_NET_EVENT_SUBSCRIPTION0.
Conditions available for Windows 8 and Windows Server 2012 Description
FWPM_CONDITION_INTERFACE_MAC_ADDRESS
 The MAC address of a particular local interface.
Data type: FWP_BYTE_ARRAY6_TYPE
FWPM_CONDITION_MAC_LOCAL_ADDRESS
 Destination address of an inbound frame, or source address of an outbound frame.
Data type: FWP_BYTE_ARRAY6_TYPE
FWPM_CONDITION_MAC_REMOTE_ADDRESS
 Source address of an inbound frame, or destination address of an outbound frame.
Data type: FWP_BYTE_ARRAY6_TYPE
FWPM_CONDITION_ETHER_TYPE
 The Ethernet V2 network payload data type. (See ETHERNET_TYPE_IPV4, etc. in netiodef.h.)
Data type: FWP_UINT16
FWPM_CONDITION_VLAN_ID
 The 16-bits of VLAN header including the VID, CFI, and Priority fields as per the 802.1q standard (see VLAN_TAG in netiodef.h for the positions of the bitfields).
Data type: FWP_UINT16
FWPM_CONDITION_VSWITCH_TENANT_NETWORK_ID
 Unique identifier for the vSwitch network. Cannot be used in conjunction with VLAN_IDs.
Data type: FWP_UINT16
FWPM_CONDITION_NDIS_PORT
 The port number of the NDIS port.
Data type: FWP_UINT32
FWPM_CONDITION_NDIS_MEDIA_TYPE
 The media type of the NDIS port.
Data type: FWP_UINT32
Possible values: Any of the NDIS_MEDIUM enumeration values. (See ntddndis.h.)
FWPM_CONDITION_NDIS_PHYSICAL_MEDIA_TYPE
 The physical media type of the NDIS port.
Data type: FWP_UINT32
Possible values: Any of the NDIS_PHYSICAL_MEDIUM enumeration values. (See ntddndis.h.)
FWPM_CONDITION_L2_FLAGS
 A bitwise OR of a combination of filtering condition flags.
Data type: FWP_UINT32
Possible values:
  • FWP_CONDITION_L2_IS_MOBILE_BROADBAND
  • FWP_CONDITION_L2_IS_NATIVE_ETHERNET
  • FWP_CONDITION_L2_IS_WIFI
  • FWP_CONDITION_L2_IS_WIFI_DIRECT_DATA
FWPM_CONDITION_MAC_LOCAL_ADDRESS_TYPE
 The address type of the physical local address.
Data type: FWP_UINT8
Possible values: Any of the following DL_ADDRESS_TYPE enumeration values.
  • DlUnicast
  • DlMulticast
  • DlBroadcast
FWPM_CONDITION_MAC_REMOTE_ADDRESS_TYPE
 The address type of the physical remote address.
Data type: FWP_UINT8
Possible values: Any of the following DL_ADDRESS_TYPE enumeration values.
  • DlUnicast
  • DlMulticast
  • DlBroadcast
FWPM_CONDITION_MAC_SOURCE_ADDRESS
 The physical source address of a frame.
Data type: FWP_BYTE_ARRAY6_TYPE
FWPM_CONDITION_MAC_DESTINATION_ADDRESS
 The physical destination address of a frame.
Data type: FWP_BYTE_ARRAY6_TYPE
FWPM_CONDITION_MAC_SOURCE_ADDRESS_TYPE
 The address type of the physical destination address.
Data type: FWP_UINT8
Possible values: Any of the following DL_ADDRESS_TYPE enumeration values.
  • DlUnicast
  • DlMulticast
  • DlBroadcast
FWPM_CONDITION_MAC_DESTINATION_ADDRESS_TYPE
 The address type of the physical destination address.
Data type: FWP_UINT8
Possible values: Any of the following DL_ADDRESS_TYPE enumeration values.
  • DlUnicast
  • DlMulticast
  • DlBroadcast
FWPM_CONDITION_IP_SOURCE_PORT
 The source port of the packet's transport.
Data type: FWP_UINT16
FWPM_CONDITION_VSWITCH_ICMP_TYPE
 The ICMP type field, as specified in RFC 792.
Data type: FWP_UINT16
FWPM_CONDITION_IP_DESTINATION_PORT
 The destination port of the packet's transport.
Data type: FWP_UINT16
FWPM_CONDITION_VSWITCH_ICMP_CODE
 The ICMP code field, as specified in RFC 792.
Data type: FWP_UINT16
FWPM_CONDITION_VSWITCH_ID
 Unique identifier of an vSwitch instance.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_VSWITCH_NETWORK_TYPE
 Specifies whether the vSwitch instance is part of an external, internal, or private virtual network.
Data type: FWP_UINT8
FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_ID
 Unique identifier of the source of the current packet. (The name of a VM-NIC, P-NIC, or V-NIC.)
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_VSWITCH_DESTINATION_INTERFACE_ID
 Unique identifier of the destination of the current packet. (The name of a VM-NIC, P-NIC, or V-NIC.)
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_VSWITCH_SOURCE_VM_ID
 Unique identifier of the vSwitch source virtual machine.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_VSWITCH_DESTINATION_VM_ID
 Unique identifier of the vSwitch destination virtual machine.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_VSWITCH_SOURCE_INTERFACE_TYPE
 Interface type of the source of the current packet.
Data type: FWP_UINT8
Possible values:
  • SwitchNicSyntheticNic (when interface type is VM-NIC)
  • SwitchNicEmulatedNic (when interface type is VM-NIC)
  • SwitchNicPhysicalNic (when interface type is P-NIC)
  • SwitchNicVNic (when interface type is V-NIC, connected to the host partition)
FWPM_CONDITION_VSWITCH_DESTINATION_INTERFACE_TYPE
 Interface type of the destination of the current packet.
Data type: FWP_UINT8
Possible values:
  • SwitchNicSyntheticNic (when interface type is VM-NIC)
  • SwitchNicEmulatedNic (when interface type is VM-NIC)
  • SwitchNicPhysicalNic (when interface type is P-NIC)
  • SwitchNicVNic (when interface type is V-NIC, connected to the host partition)
FWPM_CONDITION_INTERFACE
 The LUID for the network interface associated with the local IP address.
Data type: FWP_UINT64
FWPM_CONDITION_ALE_PACKAGE_ID
 The security identifier (SID) of an app container.
Data type: FWP_SID
FWPM_CONDITION_ALE_ORIGINAL_APP_ID
 The fully qualified lower-case device path of the application, such as "\device\hardiskvolume1\program files\application.exe". When a connection has been redirected, this will be the identifier of the originating app; otherwise this will be the same as FWPM_CONDITION_ALE_APP_ID.
Data type: FWP_BYTE_BLOB_TYPE
Conditions available for Windows 7, Windows Server 2008 R2, and later Description
FWPM_CONDITION_IP_NEXTHOP_ADDRESS
 The IP address of the next-hop interface.
Data type: FWP_V4_ADDR_MASK
FWPM_CONDITION_IP_NEXTHOP_INTERFACE
 The next-hop interface from which the packet will be departing.
Data type: FWP_UINT64
FWPM_CONDITION_NEXTHOP_INTERFACE_TYPE
 The interface type of the next-hop interface.
Data type: FWP_UINT32
FWPM_CONDITION_NEXTHOP_TUNNEL_TYPE
 The tunnel type of the next-hop interface.
Data type: FWP_UINT32
FWPM_CONDITION_NEXTHOP_INTERFACE_INDEX
 The interface index of the next-hop interface.
Data type: FWP_UINT32
FWPM_CONDITION_NEXTHOP_SUB_INTERFACE_INDEX
 The sub-interface index of the next-hop interface.
Data type: FWP_UINT32
FWPM_CONDITION_ORIGINAL_PROFILE_ID
 The network category of the arrival or next-hop interface through which the ALE flow (inbound or outbound) is created.
Data type: FWP_UINT32
FWPM_CONDITION_CURRENT_PROFILE_ID
 The network category of the arrival or next-hop interface through which the current packet (inbound or outbound) is created.
Data type: FWP_UINT32
FWPM_CONDITION_LOCAL_INTERFACE_PROFILE_ID
 The network category of the delivery interface.
Data type: FWP_UINT32
FWPM_CONDITION_ARRIVAL_INTERFACE_PROFILE_ID
 The network category of the arrival interface.
Data type: FWP_UINT32
FWPM_CONDITION_NEXTHOP_INTERFACE_PROFILE_ID
 The network category of the next-hop interface.
Data type: FWP_UINT32
FWPM_CONDITION_REAUTHORIZE_REASON
 The reason for reauthorizing a previously authorized connection.
Data type: FWP_UINT32
FWPM_CONDITION_ALE_REAUTH_REASON
 The reason for reauthorizing a previously authorized connection, such as FWP_CONDITION_REAUTHORIZE_REASON_POLICY_CHANGE (or one of the other values listed in Filtering Condition Flags).
Data type: FWP_UINT32
FWPM_CONDITION_ORIGINAL_ICMP_TYPE
 The ICMP type with which the flow was created.
Data type: FWP_UINT16
FWPM_CONDITION_IP_PHYSICAL_ARRIVAL_INTERFACE
 The LUID of the physical interface associated with the arrival IP address.
Data type: FWP_UINT64
FWPM_CONDITION_IP_PHYSICAL_NEXTHOP_INTERFACE
 The LUID of the physical interface of the next hop.
Data type: FWP_UINT64
FWPM_CONDITION_INTERFACE_QUARANTINE_EPOCH
 The epoch count associated with an interface. Reserved.
Data type: FWP_UINT64
FWPM_CONDITION_ALE_SIO_FIREWALL_SOCKET_PROPERTY
 Reserved for internal use.
Data type: FWP_UINT32
Constants available for Windows Vista with SP1, Windows Server 2008, and later Description
FWPM_CONDITION_IP_ARRIVAL_INTERFACE
 The LUID for the network interface associated with the arrival IP address.
Data type: FWP_UINT64
FWPM_CONDITION_ARRIVAL_INTERFACE_TYPE
 The type of the arrival network interface as defined by the Internet Assigned Names Authority (IANA). For more information, see https://www.iana.org/assignments/ianaiftype-mib.
Possible values: The interface type values listed in the Ipifcons.h header file.
Data type: FWP_UINT32
FWPM_CONDITION_ARRIVAL_TUNNEL_TYPE
 The encapsulation method used by a tunnel associated with the arrival network interface if the Type member is IF_TYPE_TUNNEL. The tunnel type is defined by the Internet Assigned Names Authority (IANA). For more information, see https://www.iana.org/assignments/ianaiftype-mib.
Possible values: The TUNNEL_TYPE enumeration type values listed in the Ifdef.h header file.
Data type: FWP_UINT32
FWPM_CONDITION_ARRIVAL_INTERFACE_INDEX
 The index of the arrival network interface, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_ARRIVAL_SUB_INTERFACE_INDEX
 The index of the arrival network interface, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_LOCAL_INTERFACE_INDEX
 The index of the network interface, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_LOCAL_INTERFACE_TYPE
 The interface type as defined by the Internet Assigned Names Authority (IANA). For more information, see https://www.iana.org/assignments/ianaiftype-mib.
Possible values: The interface type values listed in the Ipifcons.h header file.
Data type: FWP_UINT32
FWPM_CONDITION_LOCAL_TUNNEL_TYPE
 The encapsulation method used by a tunnel if the Type member is IF_TYPE_TUNNEL. The tunnel type is defined by the Internet Assigned Names Authority (IANA). For more information, see https://www.iana.org/assignments/ianaiftype-mib.
Possible values: The TUNNEL_TYPE enumeration type values listed in the Ifdef.h header file.
Data type: FWP_UINT32
Constants available for Windows Vista and later Description
FWPM_CONDITION_IP_LOCAL_ADDRESS
 The local IP address.
Data type: For an IPv4 address
  • FWP_V4_ADDR_MASK, or
  • FWP_UINT32

Data type: For an IPv6 address
  • FWP_V6_ADDR_MASK, or
  • FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_IP_REMOTE_ADDRESS
 The remote IP address.
Data type: For an IPv4 address
  • FWP_V4_ADDR_MASK, or
  • FWP_UINT32

Data type: For an IPv6 address
  • FWP_V6_ADDR_MASK, or
  • FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_IP_SOURCE_ADDRESS
 The source IP address for forwarded packets.
Data type: For an IPv4 address
  • FWP_V4_ADDR_MASK, or
  • FWP_UINT32

Data type: For an IPv6 address
  • FWP_V6_ADDR_MASK, or
  • FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_IP_DESTINATION_ADDRESS
 The destination IP address for forwarded packets.
Data type: For an IPv4 address
  • FWP_V4_ADDR_MASK, or
  • FWP_UINT32

Data type: For an IPv6 address
  • FWP_V6_ADDR_MASK, or
  • FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_IP_LOCAL_ADDRESS_TYPE
 The local IP address type.
Possible values: Any of the following NL_ADDRESS_TYPE enumeration values.
  • NlatUnspecified
  • NlatUnicast
  • NlatAnycast
  • NlatMulticast
  • NlatBroadcast

Data type: FWP_UINT8
FWPM_CONDITION_IP_DESTINATION_ADDRESS_TYPE
 The destination IP address type for forwarded packets.
Possible values: Any of the following NL_ADDRESS_TYPE enumeration values.
  • NlatUnspecified
  • NlatUnicast
  • NlatAnycast
  • NlatMulticast
  • NlatBroadcast

Data type: FWP_UINT8
FWPM_CONDITION_IP_LOCAL_INTERFACE
 The LUID for the network interface associated with the local IP address.
Data type: FWP_UINT64
FWPM_CONDITION_INTERFACE_TYPE
 The interface type as defined by the Internet Assigned Names Authority (IANA). For more information, see https://www.iana.org/assignments/ianaiftype-mib.
Possible values: The interface type values listed in the Ipifcons.h header file.
Data type: FWP_UINT32
FWPM_CONDITION_TUNNEL_TYPE
 The encapsulation method used by a tunnel if the Type member is IF_TYPE_TUNNEL. The tunnel type is defined by the Internet Assigned Names Authority (IANA). For more information, see https://www.iana.org/assignments/ianaiftype-mib.
Possible values: The TUNNEL_TYPE enumeration type values listed in the Ifdef.h header file.
Data type: FWP_UINT32
FWPM_CONDITION_IP_FORWARD_INTERFACE
 The LUID for the network interface on which the packet being forwarded is to be sent out.
Data type: FWP_UINT64
FWPM_CONDITION_IP_PROTOCOL
 The IP protocol number, as specified in RFC 1700.
Data type: FWP_UINT8
FWPM_CONDITION_IP_LOCAL_PORT
 The local transport protocol port number.
Data type: FWP_UINT16
FWPM_CONDITION_ICMP_TYPE
 The ICMP type field, as specified in RFC 792.
Data type: FWP_UINT16
FWPM_CONDITION_IP_REMOTE_PORT
 The remote transport protocol port number.
Data type: FWP_UINT16
FWPM_CONDITION_ICMP_CODE
 The ICMP code field, as specified in RFC 792.
Data type: FWP_UINT16
FWPM_CONDITION_EMBEDDED_LOCAL_ADDRESS_TYPE
 The local IP address type that is embedded in the ICMP packet.
Possible values: Any of the following NL_ADDRESS_TYPE enumeration values.
  • NlatUnspecified
  • NlatUnicast
  • NlatAnycast
  • NlatMulticast
  • NlatBroadcast

Data type: FWP_UINT8
FWPM_CONDITION_EMBEDDED_REMOTE_ADDRESS
 The remote IP address that is embedded in the ICMP packet.
Data type: For an IPv4 address
  • FWP_V4_ADDR_MASK, or
  • FWP_UINT32

Data type: For an IPv6 address
  • FWP_V6_ADDR_MASK, or
  • FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_EMBEDDED_PROTOCOL
 The IP protocol number that is embedded in the ICMP packet, as specified in RFC 1700.
Data type: FWP_UINT8
FWPM_CONDITION_EMBEDDED_LOCAL_PORT
 The local transport protocol port number that is embedded in the ICMP packet.
Data type: FWP_UINT16
FWPM_CONDITION_EMBEDDED_REMOTE_PORT
 The remote transport protocol port number that is embedded in the ICMP packet.
Data type: FWP_UINT16
FWPM_CONDITION_FLAGS
 A bitwise OR of a combination of filtering condition flags.
Possible values: See Filtering Condition Flags
Data type: FWP_UINT32
FWPM_CONDITION_DIRECTION
 The direction of the traffic or data flow.
Possible values:
  • FWP_DIRECTION_INBOUND
  • FWP_DIRECTION_OUTBOUND

For datagram layers (FWPM_LAYER_DATAGRAM_DATA_) and stream packet layers (FWPM_LAYER_STREAM_PACKET_), the value will be the same as the direction of the packet.
For stream layers (FWPM_LAYER_STREAM_) and flow established layers (FWPM_LAYER_ALE_FLOW_ESTABLISHED_), the value will be the same as direction of the connection. (For example, when a local application initiates the connection, an inbound packet has FWPM_CONDITION_DIRECTION set to FWP_DIRECTION_OUTBOUND.)
Data type: FWP_UINT32
FWPM_CONDITION_INTERFACE_INDEX
 The index of the network interface, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_SUB_INTERFACE_INDEX
 The index of the logical network interface, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_SOURCE_INTERFACE_INDEX
 The index of the source network interface for forwarded packets, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_SOURCE_SUB_INTERFACE_INDEX
 The index of the source logical network interface for forwarded packets, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_DESTINATION_INTERFACE_INDEX
 The index of the destination network interface for forwarded packets, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_DESTINATION_SUB_INTERFACE_INDEX
 The index of the destination logical network interface for forwarded packets, as enumerated by the network stack.
Data type: FWP_UINT32
FWPM_CONDITION_ALE_APP_ID
 The lower-case fully qualified device path of the application, as returned by the FwpmGetAppIdFromFileName0 function.
(For example, "\device\hardiskvolume1\program files\application.exe".)
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_ALE_USER_ID
 The identification of the local user.
Data type: FWP_SECURITY_DESCRIPTOR_TYPE
FWPM_CONDITION_ALE_REMOTE_USER_ID
 The identification of the remote user.
Data type: FWP_SECURITY_DESCRIPTOR_TYPE
FWPM_CONDITION_ALE_REMOTE_MACHINE_ID
 The identification of the remote machine.
Data type: FWP_SECURITY_DESCRIPTOR_TYPE
FWPM_CONDITION_ALE_PROMISCUOUS_MODE
 The raw socket mode that is allowed or denied.
Possible values:
  • SIO_RCVALL
  • SIO_RCVALL_IGMPMCAST
  • SIO_RCVALL_MCAST
For a description of these raw socket modes, see the WSAIoctl function.
Data type: FWP_UINT32
FWPM_CONDITION_ALE_SIO_FIREWALL_SYSTEM_PORT
 Reserved for internal use.
Data type: FWP_UINT32
FWPM_CONDITION_ALE_NAP_CONTEXT
 Reserved for internal use.
Data type: FWP_UINT32

The following constants are available for user mode only.

User-mode conditions available for Windows 8 and Windows Server 2012 Description
FWPM_CONDITION_QM_MODE
 The mode of the quick mode (QM) filter. See IPSEC_TRAFFIC_TYPE for possible values.
Data type: FWP_UINT32
User-mode conditions available for Windows 7, Windows Server 2008 R2, and later Description
FWPM_CONDITION_KM_AUTH_NAP_CONTEXT
 Reserved for internal use.
Data type: FWP_UINT32
FWPM_CONDITION_PEER_NAME
 The name of the peer. For example, the peer's DNS name.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_REMOTE_ID
 The identity of the remote authentication principal.
Data type: FWP_SECURITY_DESCRIPTOR_TYPE
FWPM_CONDITION_AUTHENTICATION_TYPE
 The type of IKE, IKEv2, or AuthIP authentication method.
Data type: IKEEXT_AUTHENTICATION_METHOD_TYPE
FWPM_CONDITION_KM_TYPE
 The type of keying module.
Data type: IKEEXT_KEY_MODULE_TYPE
FWPM_CONDITION_KM_MODE
 The IPsec mode in which a token can be obtained.
Data type: IPSEC_TOKEN_MODE
FWPM_CONDITION_IPSEC_POLICY_KEY
 The main mode (MM) or quick mode (QM) policy provider context key of the SA being authorized. Useful for restricting the scope of the authorization rule to SAs formed using a specified IPsec MM or QM policy key.
Data type: FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_AUTHENTICATION_TYPE
 The method used to authenticate the security association.
Note: Available only on Windows Server 2008 R2, Windows 7, and later.
Data type: FWP_UINT32
Constants available for Windows Vista and later Description
FWPM_CONDITION_REMOTE_USER_TOKEN
 The identification of the remote user.
Data type: FWP_SECURITY_DESCRIPTOR_TYPE
FWPM_CONDITION_RPC_IF_UUID
 The UUID of the RPC interface.
Data type: FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_RPC_IF_VERSION
 The version of the RPC interface.
Data type: FWP_UINT16
FWPM_CONDITION_RPC_IF_FLAG
 Reserved for internal use.
Data type: FWP_UINT32
FWPM_CONDITION_DCOM_APP_ID
 The identification of the COM application.
Data type: FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_IMAGE_NAME
 The name of the application.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_RPC_PROTOCOL
 The RPC protocol.
Possible values:
  • RPC_PROTSEQ_TCP
  • RPC_PROTSEQ_NMP
  • RPC_PROTSEQ_LRPC
  • RPC_PROTSEQ_HTTP

Data type: FWP_UINT8
FWPM_CONDITION_RPC_AUTH_TYPE
 The authentication service type. For more information about authentication service types, see Authentication-Service Constants.
Data type: FWP_UINT8
FWPM_CONDITION_RPC_AUTH_LEVEL
 The authentication service level. For more information about authentication service levels, see Authentication-Level Constants.
Data type: FWP_UINT8
FWPM_CONDITION_SEC_ENCRYPT_ALGORITHM
 The certificate based Security Service Provider Interface (SSPI) encryption algorithm.
Data type: FWP_UINT32
FWPM_CONDITION_SEC_KEY_SIZE
 The certificate based SSPI encryption key size.
Data type: FWP_UINT32
FWPM_CONDITION_IP_LOCAL_ADDRESS_V4
 The local IPv4 address.
Data type:
  • FWP_V4_ADDR_MASK, or
  • FWP_UINT32
FWPM_CONDITION_IP_LOCAL_ADDRESS_V6
 The local IPv6 address.
Data type:
  • FWP_V6_ADDR_MASK, or
  • FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_IP_REMOTE_ADDRESS_V4
 The remote IPv4 address.
Data type:
  • FWP_V4_ADDR_MASK, or
  • FWP_UINT32
FWPM_CONDITION_IP_REMOTE_ADDRESS_V6
 The remote IPv6 address.
Data type:
  • FWP_V6_ADDR_MASK, or
  • FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_PIPE
 The name of the remote named pipe.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_PROCESS_WITH_RPC_IF_UUID
 The UUID of the process with the RPC interface.
Data type: FWP_BYTE_ARRAY16_TYPE
FWPM_CONDITION_RPC_EP_VALUE
 Reserved for internal use.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_RPC_EP_FLAGS
 Reserved for internal use.
Data type: FWP_UINT32
FWPM_CONDITION_CLIENT_TOKEN
 The identification of the client when using RpcProxy.
Data type: FWP_SECURITY_DESCRIPTOR_TYPE
FWPM_CONDITION_RPC_SERVER_NAME
 The name of the RPC server when using RpcProxy.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_RPC_SERVER_PORT
 The port on the RPC server when using RpcProxy.
Data type: FWP_UINT16
FWPM_CONDITION_RPC_PROXY_AUTH_TYPE
 The RPC proxy authentication service type.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_CLIENT_CERT_KEY_LENGTH
 The Secure Socket Layer (SSL) key length in the client certificate.
Data type: FWP_UINT32
FWPM_CONDITION_CLIENT_CERT_OID
 The object identifier in the client certificate.
Data type: FWP_BYTE_BLOB_TYPE
FWPM_CONDITION_NET_EVENT_TYPE
 The type of net event.
Data type: FWP_UINT32

Remarks

When IP addresses are stored in FWP_UINT32 format or when an IP port is stored in FWP_UINT16 format, they are stored in host-order, not network-order.

Requirements

Requirement Value
Minimum supported client
 Windows Vista [desktop apps only]
Minimum supported server
 Windows Server 2008 [desktop apps only]
Header
Fwpmu.h