2.2.85 FW_MM_RULE
This structure is used to represent a main mode rule.
-
typedef struct _tag_FW_MM_RULE { struct _tag_FW_MM_RULE* pNext; unsigned SHORT wSchemaVersion; [string, range(1,512), ref] wchar_t* wszRuleId; [string, range(1,10001)] wchar_t* wszName; [string, range(1,10001)] wchar_t* wszDescription; unsigned LONG dwProfiles; FW_ADDRESSES Endpoint1; FW_ADDRESSES Endpoint2; [string, range(1,255)] wchar_t* wszPhase1AuthSet; [string, range(1,255)] wchar_t* wszPhase1CryptoSet; unsigned SHORT wFlags; [string, range(1,10001)] wchar_t wszEmbeddedContext; FW_OS_PLATFORM_LIST PlatformValidityList; [range(FW_RULE_ORIGIN_INVALID, FW_RULE_ORIGIN_MAX-1)] FW_RULE_ORIGIN_TYPE Origin; [string, range(1,10001)] wchar_t wszGPOName; FW_RULE_STATUS Status; signed LONG Reserved; [size_is((Reserved & FW_OBJECT_CTRL_FLAG_INCLUDE_METADATA) ? 1 : 0)] FW_OBJECT_METADATA pMetaData; } FW_MM_RULE, *PFW_MM_RULE;
pNext: A pointer to the next FW_MM_RULE in the list.
wSchemaVersion: Specifies the version of the rule.
wszRuleId: A pointer to a Unicode string that uniquely identifies the rule.
wszName: A pointer to a Unicode string that provides a friendly name for the rule.
wszDescription: A pointer to a Unicode string that provides a friendly description for the rule.
dwProfiles: A bitmask of the FW_PROFILE_TYPE flags. It is a condition that matches traffic on the specified profiles.
Endpoint1: A condition that specifies the addresses of the first host of the traffic that the rule matches. An empty EndPoint1 structure means this condition is not applied (no match).
Endpoint2: A condition that specifies the addresses of the second host of the traffic that the rule matches. An empty EndPoint2 structure means this condition is not applied (no match).
wszPhase1AuthSet: A Unicode string that represents the set identifier of a Phase1 authentication sets policy objects.
wFlags: Bit flags from FW_CS_RULE_FLAGS.
wszEmbeddedContext: A pointer to a Unicode string that specifies a group name for this rule. Other components in the system use this string to enable or disable a group of rules by verifying that all rules have the same group name.
PlatformValidityList: A condition in a rule that determines whether or not the rule is enforced by the local computer based on the local computer's platform information. The rule is enforced only if the local computer's operating system platform is an element of the set described by PlatformValidityList.<22>
Origin: This field is the rule origin, as specified in the FW_RULE_ORIGIN_TYPE enumeration. It MUST be filled on enumerated rules and ignored on input.
wszGPOName: A pointer to a Unicode string containing the displayName of the GPO containing this object. When adding a new object, this field is not used. The client SHOULD set the value to NULL, and the server MUST ignore the value. When enumerating an existing object, if the client does not set the FW_ENUM_RULES_FLAG_RESOLVE_GPO_NAME flag, the server MUST set the value to NULL. Otherwise, the server MUST set the value to the displayName of the GPO containing the object or NULL if the object is not contained within a GPO. For details about how the server initializes an object from a GPO, see section 3.1.3. For details about how the displayName of a GPO is stored, see [MS-GPOL] section 2.3.
Status: The status code of the rule, as specified by the FW_RULE_STATUS enumeration. This field is filled out when the structure is returned as output. On input, this field MUST be set to FW_RULE_STATUS_OK.
Reserved: This member is not used, other than to instruct RPC, by using the FW_OBJECT_CTRL_FLAG_INCLUDE_METADATA flag, that a pointer to an FW_OBJECT_METADATA structure is present. It has no semantic meaning to the object itself.
pMetaData: A pointer to an FW_OBJECT_METADATA structure that contains specific metadata about the current state of the connection security rule.