IFWXIpFilter Interface
The IFWXIpFilter interface is the application filter interface that represents an IP filter, which specifies the ranges of IP addresses for which a connection or socket is allowed to function. Use this interface to ensure that secondary and emulated connections are secure.
Syntax
interface IFWXIpFilter : IUnknown
Methods
The IFWXIpFilter interface inherits the methods of the IUnknown interface.
In addition, IFWXIpFilter defines the following methods.
| Method | Description |
|---|---|
Includes a range of IP addresses in the IP filter. |
|
Excludes a range of IP addresses from the IP filter. |
|
Includes the ranges of IP addresses represented by an existing IP filter in the IP filter. |
|
Excludes the ranges of IP addresses represented by an existing IP filter from the IP filter. |
|
Checks if a particular IP address is included in the ranges of those allowed by the IP filter. |
|
Compares the IP ranges of two IP filters. |
|
Returns a copy of an IP filter. The copy will contain the same ranges of IP addresses as the original. |
Remarks
There are situations in which an application filter is responsible for limiting which IP addresses are allowed access, including:
- The case of a secondary inbound connection, as occurs in use of the FTP protocol. Use the IFWXIpFilter interface in the FTP scenario to restrict access to the inbound socket of the secondary connection. For example, an FTP application filter opens a secondary connection with a range that includes only the IP address of the FTP server. All IP packets with a source address that is not the IP address of the FTP server will be rejected by the packet filter driver if they are addressed to the socket that the FTP application filter created for the secondary connection.
- The case of a secondary or emulated connection in a publishing scenario.
For security purposes, the application filter should define an IP filter, which specifies the ranges of IP addresses for which a particular connection or socket is allowed. The IFWXIpFilter interface is where you specify those ranges of IP addresses.
Note If you set the ranges of IP addresses equal to NULL, all IP addresses will be allowed to connect.
Requirements
| Server | Requires Windows Server 2008 R2 or Windows Server 2008 x64 Edition with SP2. |
| Version | Requires Forefront Threat Management Gateway (TMG) 2010. |
| Header | Declared in Wspfwext.idl. |
See Also
Filter Interfaces
IFWXConnection
IFWXFirewall::CreateIpFilter
IFWXNetworkSocket
IFWXSession
Send comments about this topic to Microsoft
Build date: 6/30/2010