Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The FwpmEngineSetOption0 function changes the filter engine settings.
Syntax
NTSTATUS FwpmEngineSetOption0(
[in] HANDLE engineHandle,
[in] FWPM_ENGINE_OPTION option,
[in] const FWP_VALUE0 *newValue
);
Parameters
[in] engineHandle
Handle for an open session to the filter engine. Call FwpmEngineOpen0 to open a session to the filter engine.
[in] option
The option to be set.
[in] newValue
The new option value. The data type contained in the newValue parameter should be FWP_UINT32.
When option is FWPM_ENGINE_COLLECT_NET_EVENTS, newValue should be one of the following.
| Value | Meaning |
|---|---|
| 0 | Do not collect network events. |
| 1 | Collect network events. This is the default setting. |
When option is FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDS, newValue should be either 0 (zero) or a bitwise combination of the following values.
Note
If newValue is 0 the collection of inbound multicast and broadcast events is disabled. This is the default setting.
| Value | Meaning |
|---|---|
| FWPM_NET_EVENT_KEYWORD_INBOUND_MCAST 1 |
Collect inbound multicast network events. |
| FWPM_NET_EVENT_KEYWORD_INBOUND_BCAST 2 |
Collect inbound broadcast network events. |
When option is FWPM_ENGINE_PACKET_QUEUING (available only in Windows 8 and Windows Server 2012), newValue should be one of the following.
| Value | Meaning |
|---|---|
| FWPM_ENGINE_OPTION_PACKET_QUEUE_NONE 0 |
Do not enable packet queuing. |
| FWPM_ENGINE_OPTION_PACKET_QUEUE_INBOUND 1 |
Enable inbound packet queuing. |
| FWPM_ENGINE_OPTION_PACKET_QUEUE_OUTBOUND 2 |
Enable outbound packet queuing. |
When option is FWPM_ENGINE_MONITOR_IPSEC_CONNECTIONS (available only in Windows 8 and Windows Server 2012), newValue should be the following. (FwpmEngineSetOption0 may be used to enable connections, but will fail with FWP_E_STILL_ON ERROR when attempting to disable it.)
| Value | Meaning |
|---|---|
| 1 | The IPsec Connection Monitoring feature will be enabled. New IPsec connection events will be logged as well as notifications sent. |
When option is FWPM_ENGINE_TXN_WATCHDOG_TIMEOUT_IN_MSEC (available only in Windows 8 and Windows Server 2012), newValue should be the time in milliseconds that specifies the maximum duration for a single WFP transaction. Transactions taking longer than this duration will trigger a watchdog event.
The FWPM_ENGINE_NAME_CACHE option is reserved for internal use.
Return value
| Return code/value | Description |
|---|---|
| ERROR_SUCCESS 0 |
Success |
| FWP_E_* error code 0x80320001—0x80320039 |
A Windows Filtering Platform (WFP) specific error. See WFP Error Codes for details. |
| RPC_* error code 0x80010001—0x80010122 |
Failure to communicate with the remote or local firewall engine. |
| Other NTSTATUS codes | An error occurred. |
Remarks
This function cannot be called from within a transaction, it fails with FWP_E_TXN_IN_PROGRESS. See Object Management for more information about transactions.
This function cannot be called from within a dynamic session, it fails with FWP_E_DYNAMIC_SESSION_IN_PROGRESS. See Object Management for more information about sessions.
The caller needs FWPM_ACTRL_WRITE access to the filter engine. See Access Control for more information.
The default settings for network event collection are as follows:
- Outbound, all (unicast, multicast, and broadcast) events are collected.
- Inbound, only unicast events are collected.
Network event collection settings persist across reboots.
To collect inbound broadcast and/or multicast network events,
- Call FwpmEngineSetOption0 with option set to
FWPM_ENGINE_COLLECT_NET_EVENTSand newValue set to 1. - Call FwpmEngineSetOption0 with option set to
FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDSand newValue parameter set toFWPM_NET_EVENT_KEYWORD_INBOUND_MCASTand/orFWPM_NET_EVENT_KEYWORD_INBOUND_BCAST.
To stop collecting inbound broadcast and/or multicast network events,
- Call FwpmEngineSetOption0 with option set to
FWPM_ENGINE_NET_EVENT_MATCH_ANY_KEYWORDSand newValue parameter set to 0 (zero).
Disabling and re-enabling of network event collection (FWPM_ENGINE_COLLECT_NET_EVENTS) does not reset the collection of inbound broadcast and multicast events.
FwpmEngineSetOption0 is a specific implementation of FwpmEngineSetOption. See WFP Version-Independent Names and Targeting Specific Versions of Windows for more information.
Requirements
| Requirement | Value |
|---|---|
| Minimum supported client | Available starting with Windows Vista. |
| Target Platform | Universal |
| Header | fwpmk.h |
| Library | fwpkclnt.lib |
| IRQL | <= PASSIVE_LEVEL |