Logging Blocked Inbound Packets (Windows Embedded CE 6.0)
1/6/2010
These rules log blocked inbound packets. The following table shows an example of how to create rules for logging. In this case, the firewall logs blocked inbound packets everyday, and logs all packets on Fridays.
| dwFlags | Action | wDayOfWeek |
|---|---|---|
FWF_LOG | FWF_INBOUND |
FWA_BLOCK |
|
FWF_LOG | FWF_INBOUND |
|
FWD_FRIDAY |
FWF_LOG | FWF_OUTBOUND |
|
FWD_FRIDAY |
Registry entries for the rule
The following registry example shows the registry entries for this rule.
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogBlockedInbound]
"Mask"=dword:40 ; FWM_ACTION
"PrivateHost"=hex:02,00 ; AF_INET
"Flags"=dword:0C ; FWF_LOG | FWF_INBOUND
"Action"=dword:01 ; FWA_BLOCK
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogInboundFriday]
"Mask"=dword:100 ; FWM_DAY_OF_WEEK
"PrivateHost"=hex:02,00 ; AF_INET
"Flags"=dword:0C ; FWF_LOG | FWF_INBOUND
"DayOfWeek"=dword:20 ; FWD_FRIDAY
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\LogOutboundFriday]
"Mask"=dword:100 ; FWM_DAY_OF_WEEK
"PrivateHost"=hex:02,00 ; AF_INET
"Flags"=dword:14 ; FWF_LOG | FWF_OUTBOUND
"DayOfWeek"=dword:20 ; FWD_FRIDAY
Code example to create the rule
The following code example shows this rule.
FW_RULE LogBlockedInbound;
// The following fields must always be set.
LogBlockedInbound.dwSize = sizeof(FW_RULE);
LogBlockedInbound.dwFlags = FWF_LOG | FWF_INBOUND;
LogBlockedInbound.dwMask = 0; //Initialize to zero
LogBlockedInbound.PrivateHost.Family = AF_INET;
LogBlockedInbound.wszDescription = L"Log blocked inbound packets everyday";
// Action.
LogBlockedInbound.dwMask |= FWM_ACTION;
LogBlockedInbound.Action = FWA_BLOCK;
// Create a persistent rule.
FirewallCreateRule(&LogBlockedInbound, TRUE);
FW_RULE LogInboundFriday;
// The following fields must always be set.
LogInboundFriday.dwSize = sizeof(FW_RULE);
LogInboundFriday.dwFlags = FWF_LOG | FWF_INBOUND;
LogInboundFriday.dwMask = 0; //Initialize to zero
LogInboundFriday.PrivateHost.Family = AF_INET;
LogInboundFriday.wszDescription = L"Log inbound packets Fridays";
// Day of week.
LogInboundFriday.dwMask |= FWM_DAY_OF_WEEK;
LogInboundFriday.wDayOfWeek = FWD_FRIDAY;
// Create a persistent rule.
FirewallCreateRule(&LogInboundFriday, TRUE);
FW_RULE LogOutboundFriday;
// The following fields must always be set.
LogOutboundFriday.dwSize = sizeof(FW_RULE);
LogOutboundFriday.dwFlags = FWF_LOG | FWF_OUTBOUND;
LogOutboundFriday.dwMask = 0; //Initialize to zero
LogOutboundFriday.PrivateHost.Family = AF_INET;
LogOutboundFriday.wszDescription = L"Log outbound packets Fridays";
// Day of week.
LogOutboundFriday.dwMask |= FWM_DAY_OF_WEEK;
LogOutboundFriday.wDayOfWeek = FWD_FRIDAY;
// Create a persistent rule.
FirewallCreateRule(&LogOutboundFriday, TRUE);