Windows Filtering Platform - How can I block incoming connections based on local port?

时光毁灭记忆、已成空白 提交于 2019-12-04 15:24:53

You should be able to create that filter on any of the INBOUND or RECV layers that support the FWPM_CONDITION_IP_LOCAL_PORT condition, the resource to search for that is:

http://msdn.microsoft.com/en-us/library/windows/hardware/ff549939%28v=vs.85%29.aspx

However, not all traffic passes through every layer, I am by no means an expert but one approach is to add a filter like that to every applicable layer (a half dozen or so filers) and see if that works. If so you then remove the filters one at a time till you find the set that was actually needed. There were 4 layers I needed on a recent project to stop all the traffic I was interested in.

One big caveat that may be worth noting is that traffic on localhost may not go through any WFP layers (or perhaps it was only inbound layers it skipped, I don't remember). So you can use WFP to prevent a remote connection to the port, but a local connection may still go through.

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!