public static extern uint FwpmFilterAdd0(System.IntPtr engineHandle, [MarshalAs(UnmanagedType.Struct)] ref FWPM_FILTER0_ filter, IntPtr sd, ref ulong id);
/// <summary>
/// Disables all outbound traffic from this device persistently until this action is
/// explicitly reversed.
/// </summary>
public static void DisableInternet()
{
try
{
IntPtr engineHandle = IntPtr.Zero;
var nullPtr = IntPtr.Zero;
var result = NativeMethods.FwpmEngineOpen0(null, NativeConstants.RPC_C_AUTHN_WINNT, IntPtr.Zero, IntPtr.Zero, ref engineHandle);
if (result != 0)
{
if (s_logger != null)
{
s_logger.Info("Failed to open filter engine handle: " + result);
}
return;
}
if (s_logger != null)
{
s_logger.Info("Filter engine handle opened successfully.");
}
FWPM_FILTER0_ fwpFilter = new FWPM_FILTER0_();
// Predefined windows GUID for outbound packet matching.
var FWPM_LAYER_OUTBOUND_IPPACKET_V4_MANAGED = new Guid("1e5c9fae-8a84-4135-a331-950b54229ecd");
var FWPM_LAYER_OUTBOUND_IPPACKET_V4 = new GUID();
using (var ms = new MemoryStream(FWPM_LAYER_OUTBOUND_IPPACKET_V4_MANAGED.ToByteArray()))
using (var br = new BinaryReader(ms))
{
FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data1 = br.ReadUInt32();
FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data2 = br.ReadUInt16();
FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data3 = br.ReadUInt16();
FWPM_LAYER_OUTBOUND_IPPACKET_V4.Data4 = br.ReadBytes(8);
}
fwpFilter.layerKey = FWPM_LAYER_OUTBOUND_IPPACKET_V4;
using (var ms = new MemoryStream(INSTALLED_FILTER_ID.ToByteArray()))
using (var br = new BinaryReader(ms))
{
fwpFilter.filterKey.Data1 = br.ReadUInt32();
fwpFilter.filterKey.Data2 = br.ReadUInt16();
fwpFilter.filterKey.Data3 = br.ReadUInt16();
fwpFilter.filterKey.Data4 = br.ReadBytes(8);
}
// PERSIST OR BOOT?
fwpFilter.flags = NativeConstants.FWPM_FILTER_FLAG_PERSISTENT;
//fwpFilter.flags = NativeConstants.FWPM_FILTER_FLAG_BOOTTIME;
fwpFilter.action.type = FWP_ACTION_TYPE.FWP_ACTION_BLOCK;
fwpFilter.weight.type = FWP_DATA_TYPE_.FWP_EMPTY; // auto-weight.
fwpFilter.numFilterConditions = 0; // this applies to all application traffic
fwpFilter.displayData.name = "Citadel INet Block";
fwpFilter.displayData.description = "Enforce filter use for internet access.";
ulong runtimeId = 0;
result = NativeMethods.FwpmFilterAdd0(engineHandle, ref fwpFilter, IntPtr.Zero, ref runtimeId);
if (result != 0)
{
if (s_logger != null)
{
s_logger.Info("Failed to add filter: " + result);
}
NativeMethods.FwpmEngineClose0(engineHandle);
return;
}
if (s_logger != null)
{
s_logger.Info("Filter added successfully.");
}
result = NativeMethods.FwpmEngineClose0(engineHandle);
if (result != 0)
{
if (s_logger != null)
{
s_logger.Info("Failed to close install handle: " + result);
}
return;
}
}
catch (Exception e)
{
LoggerUtil.RecursivelyLogException(s_logger, e);
}
}
