Skip to content

Latest commit

 

History

History
55 lines (54 loc) · 3.12 KB

windows_advfirewall.md

File metadata and controls

55 lines (54 loc) · 3.12 KB
Raw

WindowsAdvFirewall

The Windows Advanced Firewall header designation has the following format:

target:: windows_advfirewall {out|in} {inet|inet6|mixed}
  • out: Specifies that the direction of packet flow is out. (default)
  • in: Specifies that the direction of packet flow is in.
  • inet: specifies that the resulting filter should only render IPv4 addresses.
  • inet6: specifies that the resulting filter should only render IPv6 addresses.

Term Format

  • action:: The action to take when matched. See Actions section for valid options.
  • comment:: A text comment enclosed in double-quotes. The comment can extend over multiple lines if desired, until a closing quote is encountered.
  • destination-address:: One or more destination address tokens
  • destination-exclude:: Exclude one or more address tokens from the specified destination-address
  • destination-port:: One or more service definition tokens
  • expiration:: stop rendering this term after specified date. YYYY-MM-DD
  • icmp-type:: Specify icmp-type code to match, see section ICMP TYPES for list of valid arguments
  • name:: Name of the term.
  • option:: See platforms supported Options section.
  • platform:: one or more target platforms for which this term should ONLY be rendered. *_platform-exclude:: one or more target platforms for which this term should NEVER be rendered.
  • protocol:: the network protocols this term will match, such as tcp, udp, icmp, or a numeric value.
  • source-address:: one or more source address tokens.
  • source-exclude:: exclude one or more address tokens from the specified source-address.
  • source-port:: one or more service definition tokens.

Sub Tokens

Actions

  • accept
  • deny

WindowsIPSec

The Windows IPSec header designation has the following format:

target:: windows_advfirewall [filter_name]
  • filter name: defines the name of the Windows IPSec filter.

Term Format

  • action:: The action to take when matched. See Actions section for valid options.
  • comment:: A text comment enclosed in double-quotes. The comment can extend over multiple lines if desired, until a closing quote is encountered.
  • destination-address:: One or more destination address tokens
  • destination-exclude:: Exclude one or more address tokens from the specified destination-address
  • destination-port:: One or more service definition tokens
  • expiration:: stop rendering this term after specified date. YYYY-MM-DD
  • name:: Name of the term.
  • option:: See platforms supported Options section.
  • platform:: one or more target platforms for which this term should ONLY be rendered. *_platform-exclude:: one or more target platforms for which this term should NEVER be rendered.
  • protocol:: the network protocols this term will match, such as tcp, udp, icmp, or a numeric value.
  • source-address:: one or more source address tokens.
  • source-exclude:: exclude one or more address tokens from the specified source-address.
  • source-port:: one or more service definition tokens.

Sub Tokens

Actions

  • accept
  • deny