Creating Rules for an IPv6 Subnet (Windows CE 5.0)
The following table shows an example of how to create rules for an IPv6 subnet. In this case, inbound traffic is received from a trusted subnet 3ffe:2900:/32.
Security Note Use caution when creating a rule to receive traffic from a trusted subnet. This could expose a weakness in the firewall because IP addresses can be faked, or spoofed.
| dwFlags | PrivateHost | PublicHost | PublicHostPrefix |
|---|---|---|---|
| FWF_ALLOW | FWF_INBOUND | AF_INET6 | 3ffe:2900 | 32 |
Registry entries for the rule
The following registry example shows the registry entries for this rule.
[HKEY_LOCAL_MACHINE\COMM\Firewall\Rules\TrafficFrom3ffe:2900]
"Mask"=dword:1002 ; FWM_PUBLIC_HOST | FWM_PUBLIC_HOST_PREFIX
"Flags"=dword:0A ; FWF_ALLOW | FWF_INBOUND
"PrivateHost"=hex:17,00 ; AF_INET6
"PublicHost"=hex:17,00,00,00,3f,fe,29,00 ; 3ffe:2900
"PublicHostPrefix"=dword:20 ; / 32
Code example to create the rule
The following code example shows this rule.
FW_RULE TrafficFrom3ffe2900;
SOCKADDR_STORAGE ssSaddr;
int saddrsize=sizeof(ssSaddr);
// The following fields must always be set.
TrafficFrom3ffe2900.dwSize = sizeof(FW_RULE);
TrafficFrom3ffe2900.dwFlags = FWF_ALLOW | FWF_INBOUND;
TrafficFrom3ffe2900.dwMask = 0; // initialize mask to zero
TrafficFrom3ffe2900.PrivateHost.Family = AF_INET6;
TrafficFrom3ffe2900.wszDescription = L"Allow inbound traffic from the trusted subnet 3ffe:2900::/32";
//Public IP.
TrafficFrom3ffe2900 .dwMask |= FWM_PUBLIC_HOST;
WSAStringToAddress(_T("3ffe:2900::"), AF_INET6, NULL, (PSOCKADDR) &ssSaddr, &saddrsize);
TrafficFrom3ffe2900.PublicHost.AddressIPv6 = ((PSOCKADDR_IN6) &ssSaddr)->sin6_addr;
TrafficFrom3ffe2900.dwMask |= FWM_PUBLIC_HOST_PREFIX;
TrafficFrom3ffe2900.PublicHostPrefixLength = 32;
// Create a persistent rule.
FirewallCreateRule(&TrafficFrom3ffe2900, TRUE);
See Also
General Firewall Rule Examples | Default IP Firewall Rules | FW_RULE
Send Feedback on this topic to the authors