IFWXIpFilter interface
Applies to: desktop apps only
The IFWXIpFilter interface is the application filter interface that represents an IP filter, which specifies the ranges of IP addresses for which a connection or socket is allowed to function. Use this interface to ensure that secondary and emulated connections are secure.
Members
The IFWXIpFilter interface inherits from the IUnknown interface. IFWXIpFilter also has these types of members:
- Methods
Methods
The IFWXIpFilter interface has these methods.
Method | Description |
---|---|
Clone | Returns a copy of an IP filter. The copy will contain the same ranges of IP addresses as the original. |
Compare | Compares the IP ranges of two IP filters. |
ExcludeFilter | Excludes the ranges of IP addresses represented by an existing IP filter from the IP filter. |
ExcludeRange | Excludes a range of IP addresses from the IP filter. |
IncludeFilter | Includes the ranges of IP addresses represented by an existing IP filter in the IP filter. |
IncludeRange | Includes a range of IP addresses in the IP filter. |
IsIncluded | Checks if a particular IP address is included in the ranges of those allowed by the IP filter. |
Remarks
There are situations in which an application filter is responsible for limiting which IP addresses are allowed access, including:
- The case of a secondary inbound connection, as occurs in use of the FTP protocol. Use the IFWXIpFilter interface in the FTP scenario to restrict access to the inbound socket of the secondary connection. For example, an FTP application filter opens a secondary connection with a range that includes only the IP address of the FTP server. All IP packets with a source address that is not the IP address of the FTP server will be rejected by the packet filter driver if they are addressed to the socket that the FTP application filter created for the secondary connection.
- The case of a secondary or emulated connection in a publishing scenario.
For security purposes, the application filter should define an IP filter, which specifies the ranges of IP addresses for which a particular connection or socket is allowed. The IFWXIpFilter interface is where you specify those ranges of IP addresses.
Note If you set the ranges of IP addresses equal to NULL, all IP addresses will be allowed to connect.
Requirements
Minimum supported client |
None supported |
Minimum supported server |
Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only) |
Version |
Forefront Threat Management Gateway (TMG) 2010 |
Header |
Wspfwext.idl |
See also
Build date: 7/12/2010