Share via


Logging Blocked Inbound Packets (Windows Embedded CE 6.0)

1/6/2010

These rules log blocked inbound packets. The following table shows an example of how to create rules for logging. In this case, the firewall logs blocked inbound packets everyday, and logs all packets on Fridays.

dwFlags Action wDayOfWeek

FWF_LOG | FWF_INBOUND

FWA_BLOCK

 

FWF_LOG | FWF_INBOUND

 

FWD_FRIDAY

FWF_LOG | FWF_OUTBOUND

 

FWD_FRIDAY

Registry entries for the rule

The following registry example shows the registry entries for this rule.

[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogBlockedInbound]
    "Mask"=dword:40        ; FWM_ACTION
    "PrivateHost"=hex:02,00        ; AF_INET
    "Flags"=dword:0C        ; FWF_LOG | FWF_INBOUND
    "Action"=dword:01         ; FWA_BLOCK

[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogInboundFriday]
    "Mask"=dword:100        ; FWM_DAY_OF_WEEK
    "PrivateHost"=hex:02,00        ; AF_INET
    "Flags"=dword:0C        ; FWF_LOG | FWF_INBOUND
    "DayOfWeek"=dword:20         ; FWD_FRIDAY

[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogOutboundFriday]
    "Mask"=dword:100        ; FWM_DAY_OF_WEEK
    "PrivateHost"=hex:02,00        ; AF_INET
    "Flags"=dword:14        ; FWF_LOG | FWF_OUTBOUND
    "DayOfWeek"=dword:20         ; FWD_FRIDAY

Code example to create the rule

The following code example shows this rule.

    FW_RULE LogBlockedInbound;

    // The following fields must always be set.
    LogBlockedInbound.dwSize = sizeof(FW_RULE);
    LogBlockedInbound.dwFlags = FWF_LOG | FWF_INBOUND;
    LogBlockedInbound.dwMask = 0; //Initialize to zero
    LogBlockedInbound.PrivateHost.Family = AF_INET;
    LogBlockedInbound.wszDescription = L"Log blocked inbound packets everyday";
    
    // Action.
    LogBlockedInbound.dwMask |= FWM_ACTION;
    LogBlockedInbound.Action = FWA_BLOCK;

    // Create a persistent rule.
    FirewallCreateRule(&LogBlockedInbound, TRUE); 

    FW_RULE LogInboundFriday;
    
    // The following fields must always be set.
    LogInboundFriday.dwSize = sizeof(FW_RULE);
    LogInboundFriday.dwFlags = FWF_LOG | FWF_INBOUND;
    LogInboundFriday.dwMask = 0; //Initialize to zero
    LogInboundFriday.PrivateHost.Family = AF_INET;
    LogInboundFriday.wszDescription = L"Log inbound packets Fridays";
    
    // Day of week.
    LogInboundFriday.dwMask |= FWM_DAY_OF_WEEK;
    LogInboundFriday.wDayOfWeek = FWD_FRIDAY;

    // Create a persistent rule.
    FirewallCreateRule(&LogInboundFriday, TRUE); 

    FW_RULE LogOutboundFriday;
    
    // The following fields must always be set.
    LogOutboundFriday.dwSize = sizeof(FW_RULE);
    LogOutboundFriday.dwFlags = FWF_LOG | FWF_OUTBOUND;
    LogOutboundFriday.dwMask = 0; //Initialize to zero
    LogOutboundFriday.PrivateHost.Family = AF_INET;
    LogOutboundFriday.wszDescription = L"Log outbound packets Fridays";
    
    // Day of week.
    LogOutboundFriday.dwMask |= FWM_DAY_OF_WEEK;
    LogOutboundFriday.wDayOfWeek = FWD_FRIDAY;

    // Create a persistent rule.
    FirewallCreateRule(&LogOutboundFriday, TRUE); 

See Also

Reference

FW_RULE

Concepts

Default IP Firewall Rules

Other Resources

General Firewall Rule Examples