ndis_fw.conf

这是一本学习 window编程的很好的参考教材

#
# This is sample rules file for ndis_flt driver
#
# This file must be located in %SystemRoot%\system32\drivers\etc
# Driver will reload changed file in 5-10 sec
# Remember that rules are executing from top to bottom.
#
# ----------------------------------------------------------------------------
#
# Rules format:
#
# ----------------------------------------------------------------------------
#
# IP rules:
#
# allow|deny ip in|out [<if>] from <addr> to <addr> [ipproto <ipproto>] [nolog]
#
# Where <if> is interface number. See log file on driver startup for numbers.
#
# Where <addr> is IP-address and possibly netmask (192.168.0.0/24) or "any"
#  <addr> ::== any
#   is equal to 0.0.0.0/0
#
# And <ipproto> is IP-protocol number. See etc\protocol file.
#
# Example:
#
# allow ip out from any to 192.168.0.0/24 ipproto 1 nolog
# deny ip in from any to 127.0.0.1
#
# ----------------------------------------------------------------------------
#
# TCP rules:
#
# allow|deny tcp in|out [<if>] from <addr> to <addr> [flags <flags>] [nolog]
#
# Where <addr> is IP-address and possibly netmask or port range
# <addr> ::== <ip_address>[/<mask>][:<port>[-<port2>]]
#  for example 192.168.0.1:1-1023 or 192.168.0.0/24
#
# And where <flags> is sequense of one or some TCP-flags: A P S R F U
# and '+' or '-' character after (flag is set or flag is not set)
#
# Example (deny incoming connections to privileged ports from some subnet):
# deny tcp in from 192.168.5.0/24 to 0.0.0.0/0:1-1024 flags S+A-
#
# ----------------------------------------------------------------------------
#
# UDP rules:
#
# allow|deny udp in|out [<if>] from <addr> to <addr> [nolog]
#
# Where <addr> is similiar to TCP rules case.
#
# Example:
#
# allow udp out from any to 0.0.0.0/0:53
# allow udp in from 0.0.0.0/0:53 to any
#
# ----------------------------------------------------------------------------
#
# ICMP rules:
#
# allow|deny icmp in|out [<if>] from <addr> to <addr> [type <type>[.<code>] [nolog]
#
# Where <addr> is similiar for UDP rules case.
#
# And <type> and <code> is ICMP types and codes.
# For example echo request is 8.0 and echo reply is 0.0.
#
# Example:
#
# allow icmp out from any to any type 8.0
# allow icmp in from any to any type 0.0
#
# ----------------------------------------------------------------------------

# --- ip ---

# out tcp/udp/icmp
allow ip out from any to any ipproto 6 nolog
allow ip out from any to any ipproto 17 nolog
allow ip out from any to any ipproto 1 nolog

# in tcp/udp/icmp
allow ip in from any to any ipproto 6 nolog
allow ip in from any to any ipproto 17 nolog
allow ip in from any to any ipproto 1 nolog

# deny all another protocols
deny ip in from any to any
deny ip out from any to any

# --- tcp ---

# allow outgoing connections only from dynamic ports range (log SYN's)

allow tcp out from 0.0.0.0/0:1024-4096 to any flags S+
allow tcp out from 0.0.0.0/0:1024-4096 to any nolog

deny tcp in from any to any flags S+A-
allow tcp in from any to 0.0.0.0/0:1024-4096 nolog
deny tcp in from any to any

# --- udp ---

# deny unprivileged port -> unprivileged port
deny udp out from 0.0.0.0/0:1024-65535 to 0.0.0.0/0:1024-65535
deny udp in from 0.0.0.0/0:1024-65535 to 0.0.0.0/0:1024-65535

# log DNS activity
allow udp out from any to 0.0.0.0/0:53
allow udp in from 0.0.0.0/0:53 to any

allow udp in from any to any nolog
allow udp out from any to any nolog

# --- icmp ---

# allow outgoing "echo request"
allow icmp out from any to any type 8.0

# allow incoming "echo reply" and "destination unreachable"
allow icmp in from any to any type 0.0
allow icmp in from any to any type 3

deny icmp in from any to any
deny icmp out from any to any