Question about notification feature #32
Comments
|
Up until this point; this library was only a wrapper around the Windows Firewall COM. However, your suggestion fits nicely with this library. Meanwhile, I can use any information I can get about this. Do you know if there is a similar event for Windows XP? And if so, what is the event id? Is there a specific difference between the way that this event is generated and it's content under Windows XP, Vista, 7, 8 and 10? In other words I need any piece of information that might end up being helpful. Events 2002, 2004, 2006, 2010 also seems promising. |
These events are controlled by "auditpol.exe" afaik. Think this link explains it quite well and is a good starting point for you:
Don't know myself - auditpol Applies To: Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8 Description about the filter events connection/drop:
|
|
Doing some more research on this matter I think utilizing the Windows Filtering Platform (WFP) would be much more promising instead of relying on auditpol. Example: To find a blocking rule you can use the following netsh commands:
In addition there are many more useful functions which are useful to monitor the operation of the filtering platform on windows. Best of all, a C API is available with all the functionality - but so far I haven't found a C# managed code API. WFP API documentation:
What do you think - would you be able to create a WFPHelper from that? |
|
WFP has some messy API. And I thought NVAPI was overly convoluted. Structures having up to 3 different definitions and memory management is done on the library level is time-consuming to successfully port to C#. But it is possible. I mean, as you can see I like to create wrapper and helper for native parts of the Windows or other software. xD Thanks for providing detailed information. I take a look into it to see if it is possible to plan a clear path to an MVP since the whole library seems big enough to not be able to release a wrapper in one go due to the time it will consume. |
|
Great! Thanks for looking into that - if it would be easy, somebody would have done it already ;) Here is some additional information which may be useful:
|
Hi falahati, your class library appears to be quite sophisticated for managing the windows firewall rules - nice work!
However one feature which seems to be missing (or would be nice to have) in the library is a way to get notified when packages are dropped (or connection blocked) together with the information about which rule blocked a connection. Essentially what is shown in EventViewer > security > event 5157.
This would be very useful for troubleshooting and when implementing a firewall UI.
Is this something you would consider or is it maybe available but I haven't seen it?
Thx. harry
The text was updated successfully, but these errors were encountered: