I'm running "IP Security Policy Managment" to block ip addresses.
Is it possible to create a new filter by using the console or by using win32 api? I would like to automate the process from my application.
Asked
Active
Viewed 1,695 times
2
-
1i would try this on StackOverflow as it's more suited there (with more programmers that may know how to do that) – MadBoy Oct 21 '10 at 20:32
3 Answers
4
The netsh tool in the ipsec context will do what you're looking for. Have at look at Microsoft's reference for detailed information.
In the the ipsec dynamic context of netsh you can apply rules on-the-fly (which won't be made persistent), or you can use the ipsec static context to make changes to the persistent configuration (which aren't applied immediately). You can create rules and filter lists and manipulate the ipsec policy exactly like you would from the GUI. It's really very handy.
I suspect that you'll be able to figure it out since you're already familiar with all the terminology in the GUI, which is virtually the same in the command-line interface. Here's a short example creating a policy (not active), a filteraction (block), a filterlist, adding a filter to that filterlist (any source, destination me, ICMP), and adding a rule to the policy.
netsh ipsec static add policy name=MyPolicy
netsh ipsec static add filteraction name=MyFilteraction action=block
netsh ipsec static add filterlist name=MyFilterlist
netsh ipsec static add filter filterlist=MyFilterlist srcaddr=any dstaddr=me protocol=ICMP
netsh ipsec static add rule name=Rule1 policy=MyPolicy filterlist=MyFilterlist filteraction=MyFilteraction
Evan Anderson
- 141,881
- 20
- 196
- 331
0
This should be possible with netsh firewall or with netsh ipsec; unfortunately, I have never really used these commands, so I cannot help you any further. As always, you can get the help screens using netsh <command> /?.
natxo asenjo
- 5,739
- 2
- 26
- 27