PfAddFiltersToInterface (iphlpapi)
Last changed: Rob Kaczor-153.2.246.30

.
Summary
The PfAddFiltersToInterface function adds the specified filters to the specified interface.

C# Signature:

    [DllImport("Iphlpapi.dll", EntryPoint = "PfAddFiltersToInterface")]
    internal static extern UInt32 PfAddFiltersToInterface(IntPtr ih, UInt32 cInFilters,
    [MarshalAsAttribute(UnmanagedType.Struct)] ref PPF_FILTER_DESCRIPTOR pfiltIn, UInt32 cOutFilters,
    [MarshalAsAttribute(UnmanagedType.Struct)] ref PPF_FILTER_DESCRIPTOR pFiltOut, IntPtr pfHandle);

VB Signature:

Declare Function PfAddFiltersToInterface Lib "iphlpapi.dll" (TODO) As TODO

User-Defined Types:

    [StructLayout(LayoutKind.Sequential, Pack = 1)]
    internal unsafe struct PPF_FILTER_DESCRIPTOR
    {
        public FILTER_FLAGS dwFilterFlags;
        public UInt32 dwRule;
        public PFADDRESSTYPE pfatType;

        public UInt32* SrcAddr;
        public UInt32* SrcMask;
        public UInt32* DstAddr;
        public UInt32* DstMask;

        public PROTOCOL dwProtocol;
        public UInt32 fLateBound;
        public UInt16 wSrcPort;
        public UInt16 wDstPort;
        public UInt16 wSrcPortHighRange;
        public UInt16 wDstPortHighRange;
    }

Notes:

    /// <summary>
    /// The PfAddFiltersToInterface function adds the specified filters to the specified interface.
    /// If the function succeeds, the return value is NO_ERROR.
    /// </summary>
    /// <param name="ih">[in] Specifies a handle to the interface.</param>
    /// <param name="cInFilters">[in] Specifies the number of input filter descriptions pointed to by the pfiltIn parameter.</param>
    /// <param name="pfiltIn">[in] Pointer to an array of filter descriptions to use as input filters.</param>
    /// <param name="cOutFilters">[in] Specifies the number of output filter descriptions pointed to by the pfiltOut parameter.</param>
    /// <param name="pFiltOut">[in] Pointer to an array of filter descriptions to use as output filters.</param>
    /// <param name="pfHandle">[out] Pointer to a buffer that receives an array of filter handles. If the caller does not require the filter handles, the caller may set this parameter to NULL.</param>
    /// <returns>If the function succeeds, the return value is NO_ERROR.</returns>

Sample Code:

    using System;
    using System.Collections.Generic;
    using System.Net;
    using System.Runtime.InteropServices;
    using Microsoft.Win32;

    /// <summary>
    /// IP packet filter management wrapper for Iphlpapi.dll (Win 2000/XP)
    /// </summary>
    class Program
    {
    // C conversions for Fltdefs.h
    internal const int FALSE = 0;
    internal const int TRUE = 1;

    //enums
    internal enum PFFORWARD_ACTION : uint
    {
        PF_ACTION_FORWARD = 0,
        PF_ACTION_DROP
    }

    internal enum PFADDRESSTYPE : uint
    {
        PF_IPV4,
        PF_IPV6
    }

    internal enum PROTOCOL : uint
    {
        ANY = 0x00,
        ICMP = 0x01,
        TCP = 0x06,
        UDP = 0x11
    }

    internal enum FILTER_FLAGS : uint
    {
        FD_FLAGS = 0x1
    }

    [StructLayout(LayoutKind.Sequential, Pack = 1)]
    internal unsafe struct PPF_FILTER_DESCRIPTOR
    {
        public FILTER_FLAGS dwFilterFlags;
        public UInt32 dwRule;
        public PFADDRESSTYPE pfatType;

        public UInt32* SrcAddr;
        public UInt32* SrcMask;
        public UInt32* DstAddr;
        public UInt32* DstMask;

        public PROTOCOL dwProtocol;
        public UInt32 fLateBound;
        public UInt16 wSrcPort;
        public UInt16 wDstPort;
        public UInt16 wSrcPortHighRange;
        public UInt16 wDstPortHighRange;
    }

    static void Main(string[] args)
    {
        string[] hostsToBlock = new string[2];
        hostsToBlock[0] = "67.77.87.97,255.255.255.255,0";    //blocks all traffic on any port to/from 67.77.87.97
        hostsToBlock[1] = "0.0.0.0,0.0.0.0,29000";        //blocks all traffic on port 29000, in and out
        StartPacketFilter(hostsToBlock);
        System.Windows.Forms.Application.Run();
    }

    internal static UInt32 lIpFromString(string sIpAddress)
    {
        UInt32 lIp = 0;
        try
        {
        string[] octets = sIpAddress.Split(new string[] { "." }, StringSplitOptions.None);

        if (octets.Length != 4)
            return 0;

        for (int i = 0; i < 4; i++)
            lIp |= (UInt32.Parse(octets[i]) << (i * 8));
        }
        catch { }
        return lIp;
    }

    internal static string[] GetLocalIpAddresses()
    {
        IPHostEntry host = Dns.GetHostEntry(Dns.GetHostName());
        string[] localIpAddresses = new string[host.AddressList.Length];
        for (int i = 0; i < host.AddressList.Length; i++)
        {
        localIpAddresses[i] = host.AddressList[i].ToString();
        }
        return localIpAddresses;
    }

    internal static bool StartPacketFilter(string[] hosts)
    {
        string[] localIpAddresses = GetLocalIpAddresses();
        if (localIpAddresses == null)
        return false;

        foreach (string localAddress in localIpAddresses)
        {
        uint result;
        IntPtr interfaceHandle = new IntPtr();

        //convert the string IP to an unsigned int for p/invoke
        UInt32 lLocalIp = lIpFromString(localAddress);

        //create a filter interface in the tcp/ip stack
        result = IpPacketFilter.PfCreateInterface(0, PFFORWARD_ACTION.PF_ACTION_FORWARD, PFFORWARD_ACTION.PF_ACTION_FORWARD, FALSE, TRUE, ref interfaceHandle);
        if (result != 0)
            return false;

        //bind interface to an ip address
        result = IpPacketFilter.PfBindInterfaceToIPAddress(interfaceHandle, PFADDRESSTYPE.PF_IPV4, ref lLocalIp);
        if (result != 0)
            return false;

        foreach (string targetHost in hosts)
        {
            IntPtr filterHandle = new IntPtr();
            string[] hostDetail = targetHost.Split(new string[] { "," }, StringSplitOptions.None);
            if (hostDetail != null && hostDetail.Length == 3)
            {
            //build the filter structure
            PPF_FILTER_DESCRIPTOR filter = new PPF_FILTER_DESCRIPTOR();
            filter.dwFilterFlags = FILTER_FLAGS.FD_FLAGS;
            filter.dwRule = FALSE;
            filter.pfatType = PFADDRESSTYPE.PF_IPV4;
            filter.dwProtocol = PROTOCOL.TCP;

            uint iSrcAddr = lLocalIp;
            uint iSrcMask = lIpFromString("255.255.255.255");
            filter.wSrcPort = 0;
            filter.wSrcPortHighRange = 0;

            uint iDstAddr = lIpFromString(hostDetail[0]);
            uint iDstMask = lIpFromString(hostDetail[1]);
            filter.wDstPort = UInt16.Parse(hostDetail[2]);
            filter.wDstPortHighRange = UInt16.Parse(hostDetail[2]);

            unsafe
            {
                filter.SrcAddr = &iSrcAddr;
                filter.DstAddr = &iDstAddr;
                filter.SrcMask = &iSrcMask;
                filter.DstMask = &iDstMask;
            }
            // add filter to interface (both inbound and outbound)
            result = IpPacketFilter.PfAddFiltersToInterface(interfaceHandle, 1, ref filter, 1, ref filter, filterHandle);
            if (result != 0)
                return false;
            }
        }
        }
        return true;
    }
    }

Documentation