public static extern uint FwpmFilterAdd0(System.IntPtr engineHandle, [MarshalAs(UnmanagedType.Struct)] ref FWPM_FILTER0_ filter, IntPtr sd, ref ulong id);
/// <summary> /// Disables all outbound traffic from this device persistently until this action is /// explicitly reversed. /// </summary> public static void DisableInternet() { try { IntPtr engineHandle = IntPtr.Zero; var nullPtr = IntPtr.Zero; var result = NativeMethods.FwpmEngineOpen0(null, NativeConstants.RPC_C_AUTHN_WINNT, IntPtr.Zero, IntPtr.Zero, ref engineHandle); if (result != 0) { if (s_logger != null) { s_logger.Info("Failed to open filter engine handle: " + result); } return; } if (s_logger != null) { s_logger.Info("Filter engine handle opened successfully."); } FWPM_FILTER0_ fwpFilter = new FWPM_FILTER0_(); // Predefined windows GUID for outbound packet matching. var FWPM_LAYER_OUTBOUND_IPPACKET_V4_MANAGED = new Guid("1e5c9fae-8a84-4135-a331-950b54229ecd"); var FWPM_LAYER_OUTBOUND_IPPACKET_V4 = new GUID(); using (var ms = new MemoryStream(FWPM_LAYER_OUTBOUND_IPPACKET_V4_MANAGED.ToByteArray())) using (var br = new BinaryReader(ms)) { FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data1 = br.ReadUInt32(); FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data2 = br.ReadUInt16(); FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data3 = br.ReadUInt16(); FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data4 = br.ReadBytes(8); } fwpFilter.layerKey = FWPM_LAYER_OUTBOUND_IPPACKET_V4; using (var ms = new MemoryStream(INSTALLED_FILTER_ID.ToByteArray())) using (var br = new BinaryReader(ms)) { fwpFilter.filterKey.Data1 = br.ReadUInt32(); fwpFilter.filterKey.Data2 = br.ReadUInt16(); fwpFilter.filterKey.Data3 = br.ReadUInt16(); fwpFilter.filterKey.Data4 = br.ReadBytes(8); } // PERSIST OR BOOT? fwpFilter.flags = NativeConstants.FWPM_FILTER_FLAG_PERSISTENT; //fwpFilter.flags = NativeConstants.FWPM_FILTER_FLAG_BOOTTIME; fwpFilter.action.type = FWP_ACTION_TYPE.FWP_ACTION_BLOCK; fwpFilter.weight.type = FWP_DATA_TYPE_.FWP_EMPTY; // auto-weight. fwpFilter.numFilterConditions = 0; // this applies to all application traffic fwpFilter.displayData.name = "Citadel INet Block"; fwpFilter.displayData.description = "Enforce filter use for internet access."; ulong runtimeId = 0; result = NativeMethods.FwpmFilterAdd0(engineHandle, ref fwpFilter, IntPtr.Zero, ref runtimeId); if (result != 0) { if (s_logger != null) { s_logger.Info("Failed to add filter: " + result); } NativeMethods.FwpmEngineClose0(engineHandle); return; } if (s_logger != null) { s_logger.Info("Filter added successfully."); } result = NativeMethods.FwpmEngineClose0(engineHandle); if (result != 0) { if (s_logger != null) { s_logger.Info("Failed to close install handle: " + result); } return; } } catch (Exception e) { LoggerUtil.RecursivelyLogException(s_logger, e); } }