Creating Rules for an IPv6 Subnet (Windows Embedded CE 6.0)
1/6/2010
The following table shows an example of how to create rules for an IPv6 subnet. In this case, inbound traffic is received from a trusted subnet 3ffe:2900:/32.
.gif "Ee494667.security(en-US,WinEmbedded.60).gif") Security Note: |
|---|
| Use caution when creating a rule to receive traffic from a trusted subnet. This could expose a weakness in the firewall because IP addresses can be faked, or spoofed. |
| dwFlags | PrivateHost | PublicHost | PublicHostPrefix |
|---|---|---|---|
FWF_ALLOW | FWF_INBOUND |
AF_INET6 |
3ffe:2900 |
32 |
Registry entries for the rule
The following registry example shows the registry entries for this rule.
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\TrafficFrom3ffe:2900]
"Mask"=dword:1002 ; FWM_PUBLIC_HOST | FWM_PUBLIC_HOST_PREFIX
"Flags"=dword:0A ; FWF_ALLOW | FWF_INBOUND
"PrivateHost"=hex:17,00 ; AF_INET6
"PublicHost"=hex:17,00,00,00,3f,fe,29,00 ; 3ffe:2900
"PublicHostPrefix"=dword:20 ; / 32
Code example to create the rule
The following code example shows this rule.
FW_RULE TrafficFrom3ffe2900;
SOCKADDR_STORAGE ssSaddr;
int saddrsize=sizeof(ssSaddr);
// The following fields must always be set.
TrafficFrom3ffe2900.dwSize = sizeof(FW_RULE);
TrafficFrom3ffe2900.dwFlags = FWF_ALLOW | FWF_INBOUND;
TrafficFrom3ffe2900.dwMask = 0; // initialize mask to zero
TrafficFrom3ffe2900.PrivateHost.Family = AF_INET6;
TrafficFrom3ffe2900.wszDescription = L"Allow inbound traffic from the trusted subnet 3ffe:2900::/32";
//Public IP.
TrafficFrom3ffe2900 .dwMask |= FWM_PUBLIC_HOST;
WSAStringToAddress(_T("3ffe:2900::"), AF_INET6, NULL, (PSOCKADDR) &ssSaddr, &saddrsize);
TrafficFrom3ffe2900.PublicHost.AddressIPv6 = ((PSOCKADDR_IN6) &ssSaddr)->sin6_addr;
TrafficFrom3ffe2900.dwMask |= FWM_PUBLIC_HOST_PREFIX;
TrafficFrom3ffe2900.PublicHostPrefixLength = 32;
// Create a persistent rule.
FirewallCreateRule(&TrafficFrom3ffe2900, TRUE);