IFWXIpFilter interface

  • Article

Applies to: desktop apps only

The IFWXIpFilter interface is the application filter interface that represents an IP filter, which specifies the ranges of IP addresses for which a connection or socket is allowed to function. Use this interface to ensure that secondary and emulated connections are secure.

Members

The IFWXIpFilter interface inherits from the IUnknown interface. IFWXIpFilter also has these types of members:

  • Methods

Methods

The IFWXIpFilter interface has these methods.

Method Description
Clone

Returns a copy of an IP filter. The copy will contain the same ranges of IP addresses as the original.
Compare

Compares the IP ranges of two IP filters.
ExcludeFilter

Excludes the ranges of IP addresses represented by an existing IP filter from the IP filter.
ExcludeRange

Excludes a range of IP addresses from the IP filter.
IncludeFilter

Includes the ranges of IP addresses represented by an existing IP filter in the IP filter.
IncludeRange

Includes a range of IP addresses in the IP filter.
IsIncluded

Checks if a particular IP address is included in the ranges of those allowed by the IP filter.

 

Remarks

There are situations in which an application filter is responsible for limiting which IP addresses are allowed access, including:

  • The case of a secondary inbound connection, as occurs in use of the FTP protocol. Use the IFWXIpFilter interface in the FTP scenario to restrict access to the inbound socket of the secondary connection. For example, an FTP application filter opens a secondary connection with a range that includes only the IP address of the FTP server. All IP packets with a source address that is not the IP address of the FTP server will be rejected by the packet filter driver if they are addressed to the socket that the FTP application filter created for the secondary connection.
  • The case of a secondary or emulated connection in a publishing scenario.

For security purposes, the application filter should define an IP filter, which specifies the ranges of IP addresses for which a particular connection or socket is allowed. The IFWXIpFilter interface is where you specify those ranges of IP addresses.

Note  If you set the ranges of IP addresses equal to NULL, all IP addresses will be allowed to connect.

Requirements

Minimum supported client

 None supported

Minimum supported server

 Windows Server 2008 R2, Windows Server 2008 with SP2 (64-bit only)

Version

 Forefront Threat Management Gateway (TMG) 2010

Header

 Wspfwext.idl

See also

Filter Interfaces

IFWXConnection

IFWXFirewall::CreateIpFilter

IFWXNetworkSocket

IFWXSession

 

 

Build date: 7/12/2010