Firewall Service Registry Settings (Compact 7)
3/12/2014
The rules for the Firewall Service are stored under the HKEY_LOCAL_MACHINE\Comm\Tcpip\Firewall\Rules registry key. Each rule contains a Windows Filtering Platform (WFP) filter that can contain up to three WFP conditions. For information on WFP, see Windows Filtering Platform.
The following table describes the registry settings for a filter.
| Name | Type | Description |
|---|---|---|
layerKey |
REG_SZ |
Defines the layerKey member of a FWPM_FILTER0 structure. Must be one of the WFP Filtering Layer Identifiers |
actionType |
REG_DWORD |
Defines the action.type member of a FWPM_FILTER0 structure. Must be one of the valid values identified by type member of FWMP_ACTION_0. |
actionCalloutKey |
REG_SZ |
Defines the action.calloutKey member of a FWPM_FILTER0 structure. This value is only required when the action.type member of FWPM_FILTER0 is one of the following values.
|
weightValue |
DWORD |
Weight of the filter. Valid values range from 0 to 15. |
Conditions are stored as registry subkeys under their applicable filter. A filter cannot contain more than three conditions.
The following table describes the registry settings for a condition.
| Name | Type | Description |
|---|---|---|
fieldKey |
REG_DWORD |
Defines the fieldKey member of FWPM_FILTER_CONDITION0. |
matchType |
REG_DWORD |
Defines the matchType member of a FWPM_FILTER_CONDITION0 structure. |
conditionType |
REG_DWORD |
Defines the conditionValue.type of a FWPM_FILTER_CONDITION0 structure. |
conditionValue |
Binary |
Defines the conditionValue member of a FWPM_FILTER_CONDITION0 structure |
Examples
Description
The following example adds a Firewall Service rule that allows inbound IPv4 connection from port 21 to port 80. This rule can be used to create a port exception list when the BlockInboundConnectionsV4 rule is enabled.
Code
[HKEY_LOCAL_MACHINE\Comm\Tcpip\Firewall\Rules\PortExceptionList1]
"layerKey"="{e1cd9fe7-f4b5-4273-96c0-592e487b8650}"
"actionType"=dword:1002
"weightValue"=dword:5
[HKEY_LOCAL_MACHINE\Comm\Tcpip\Firewall\Rules\PortExceptionList1\Condition1]
"fieldKey"="{0c1ba1af-5765-453f-af22-a8f791ac775b}"
"matchType"=dword:5
"conditionType"=dword:102
"conditionValue"=hex:02,00,00,00,15,00,00,00,02,00,00,00,50,00,00,00
Description
The following example adds a Firewall Service rule that allows all connections to any ports from a specified IPv4 address. This rule is useful when you want the device to trust all connections from a remote IP address.
Code
[HKEY_LOCAL_MACHINE\Comm\Tcpip\Firewall\Rules\RemoteAddressV4]
"layerKey"="{e1cd9fe7-f4b5-4273-96c0-592e487b8650}"
"actionType"=dword:1002
"weightValue"=dword:5
[HKEY_LOCAL_MACHINE\Comm\Tcpip\Firewall\Rules\RemoteAddressV4\Condition1]
"fieldKey"="{B235AE9A-1D64-49B8-A44C-5FF3D9095045}"
"matchType"=dword:0
"conditionType"=dword:100
"conditionValue"=hex:82,a8,17,ac,ff,ff,ff,ff
See Also
Reference
FWPM_FILTER0
FWPM_FILTER_CONDITION0