tobjectpascal
asked on
For Rllibby regarding firewall
Ok I WAS going to say it does not work but i tried something and i fixed it, ok the problem is that the code is failing because when it gets the IP it gets the network address, not the assigned IP address, so this is what i did
if GetLocalIPAddr(@ipLocal) then
begin
IpLocal[0]:=StrToInt('203' );
IpLocal[1]:=StrToInt('217' );
IpLocal[2]:=StrToInt('3');
IpLocal[3]:=StrToInt('209' );
// Create the interface
PfCreateInterface(0, PF_ACTION_FORWARD, PF_ACTION_FORWARD, False, True, hIF);
// Add some filters - these are just examples
AddFilter(ioIn, '66.102.7.104', protoTcp, nil);
AddFilter(ioOut, '66.102.7.104', protoTcp, '80');
AddFilter(ioOut, '216.239.53.99', protoTcp, '80');
AddFilter(ioIn, '66.218.70.48', protoUdp, '1024');
// Example of blocking all outbound to web sites
AddFilter(ioOut, nil, protoTcp, '80');
AddFilter(ioOut, '203.217.3.209', protoTcp, '80');
AddFilter(ioOut, Nil, protoTcp, '80');
//etc etc
and it fixed it, it blocked the page, ok then i wrote some code years ago, probably could do with a little cleaning up, but it gets the real IP address and not the network address, if you want to use this code in your code it should fix a lot of peoples problems
you see this machine reads 0.0.0.0 127.0.0.1 and ISP IP (which is in the example above but it's alright now, i can finish off the firewall to prevent you from h4<>0ring me :P just kiddin...)
unit GetIp;
interface
Uses
WinSock,Windows, Dialogs, SysUtils ;
Type
PMIB_IPADDRROW = ^TMIB_IPADDRROW;
TMIB_IPADDRROW = record
dwAddr: dword;
dwIndex: dword;
dwMask: dword;
dwBCastAddr: dword;
dwReasmSize: dword;
unused1: word;
unused2: word;
end; { TMIB_IPADDRROW }
PMIB_IPADDRTABLE = ^TMIB_IPADDRTABLE;
TMIB_IPADDRTABLE = record
dwNumEntries: dword;
Table: array[0 .. 0] of TMIB_IPADDRROW;
end; { TMIB_IPADDRTABLE }
Type
TName = array[0..100] of Char;
PName = ^TName;
function GetIpAddrTable(pIpAddrTabl e: PMIB_IPADDRTABLE;
var pdwSize: dword;
bOrder: BOOL): dword; stdcall; external 'IPHLPAPI.DLL';
function GetHostIP(var sHostName, sIPAddr, sWSAError: string): Boolean;
Function GetIpAddress: String;
implementation
Function GetIpAddress: String;
var
IpAddrTable: PMIB_IPADDRTABLE;
Size, dwResult: dword;
ErrorMessage: array[0 .. 256] of char;
LibH: THandle;
CountIp: Integer;
theipaddy: array[1..10] of string;
Res,tmpname,tmpclass,s1 : string;
C: Integer;
// countip: integer;
begin
{ Confirm that the IP Helper API DLL exists }
LibH := LoadLibrary('IPHLPAPI.DLL' );
if LibH = 0
then Exit
else FreeLibrary(LibH);
//Memo1.Lines.Clear;
Size := 1;
GetMem(IpAddrTable, Size);
FillChar(IpAddrTable^, Size, #0);
dwResult := GetIpAddrTable(IpAddrTable , Size, true);
if dwResult = ERROR_INSUFFICIENT_BUFFER
then
begin
FreeMem(IpAddrTable);
GetMem(IpAddrTable, Size);
FillChar(IpAddrTable^, Size, #0);
dwResult := GetIpAddrTable(IpAddrTable , Size, true);
end
else
begin
FormatMessage(FORMAT_MESSA GE_FROM_SY STEM, nil, dwResult, 0,
@ErrorMessage, Sizeof(ErrorMessage) - 1, nil);
showmessage('Function GetIpAddrTable failed - ' + ErrorMessage);
end;
{ Display all IP addresses }
countip:=0;
for C := 0 to IpAddrTable.dwNumEntries - 1 do
begin
inc(countip);
theipaddy[c+1]:=inet_ntoa( in_addr(Ip AddrTable. Table[C].d wAddr));
end;
FreeMem(IpAddrTable);
Res:='';
for c:=1 to countip do
Begin
If (Pos('127.0.0.1',theipaddy [c])=0) And (Pos('0.0.0.0',theipaddy[c ])=0) And (Pos('192.168.',theipaddy[ c])=0) Then
Res:=Res+theipaddy[c]+', ';
End;
Res:=Copy(Res,1,Length(Res )-2);
Result:=Trim(Res);
End;
function GetHostIP(var sHostName, sIPAddr, sWSAError: string): Boolean;
var
HEnt: pHostEnt;
HName: PName;
WSAData: TWSAData;
iCnt: Integer;
begin
Result := False;
if WSAStartup($0101, WSAData) <> 0 then begin
sWSAError := 'WSAStartup error';
Exit;
end;
sHostName := '';
sIPAddr := '';
sWSAError := '';
New(HName);
if GetHostName(HName^, SizeOf(TName)) = 0 then begin
Result := True;
sHostName := StrPas(HName^);
HEnt := GetHostByName(HName^);
for iCnt := 0 to HEnt^.h_length - 1 do
sIPAddr := sIPAddr + IntToStr(Ord(HEnt^.h_addr_ list^[iCnt ])) + '.';
SetLength(sIPAddr, Length(sIPAddr) - 1);
end
else begin
case WSAGetLastError of
WSAEFAULT : sWSAError := 'WSAEFault';
WSANOTINITIALISED: sWSAError := 'WSANotInitialised';
WSAENETDOWN : sWSAError := 'WSAENetDown';
WSAEINPROGRESS : sWSAError := 'WSAEInProgress';
end;
end;
Dispose(HName);
WSACleanup;
end;
end.
//yeah sorry about the mess, i got the winsock code from somewhere and extended it to get the IP back when i did not really know what i was doing lol
// sample
program Project1;
{$APPTYPE CONSOLE}
uses SysUtils,GetIP;
begin
// Insert user code here
Writeln(GetIPAddress);
Readln;
end.
So if you could merge the two together, that would be great :) unless you know a reason why these two should not be lawfully wed in holy ma... i was at wedding on Saturday lol...
and here's 100 points for you to do it :P
if GetLocalIPAddr(@ipLocal) then
begin
IpLocal[0]:=StrToInt('203'
IpLocal[1]:=StrToInt('217'
IpLocal[2]:=StrToInt('3');
IpLocal[3]:=StrToInt('209'
// Create the interface
PfCreateInterface(0, PF_ACTION_FORWARD, PF_ACTION_FORWARD, False, True, hIF);
// Add some filters - these are just examples
AddFilter(ioIn, '66.102.7.104', protoTcp, nil);
AddFilter(ioOut, '66.102.7.104', protoTcp, '80');
AddFilter(ioOut, '216.239.53.99', protoTcp, '80');
AddFilter(ioIn, '66.218.70.48', protoUdp, '1024');
// Example of blocking all outbound to web sites
AddFilter(ioOut, nil, protoTcp, '80');
AddFilter(ioOut, '203.217.3.209', protoTcp, '80');
AddFilter(ioOut, Nil, protoTcp, '80');
//etc etc
and it fixed it, it blocked the page, ok then i wrote some code years ago, probably could do with a little cleaning up, but it gets the real IP address and not the network address, if you want to use this code in your code it should fix a lot of peoples problems
you see this machine reads 0.0.0.0 127.0.0.1 and ISP IP (which is in the example above but it's alright now, i can finish off the firewall to prevent you from h4<>0ring me :P just kiddin...)
unit GetIp;
interface
Uses
WinSock,Windows, Dialogs, SysUtils ;
Type
PMIB_IPADDRROW = ^TMIB_IPADDRROW;
TMIB_IPADDRROW = record
dwAddr: dword;
dwIndex: dword;
dwMask: dword;
dwBCastAddr: dword;
dwReasmSize: dword;
unused1: word;
unused2: word;
end; { TMIB_IPADDRROW }
PMIB_IPADDRTABLE = ^TMIB_IPADDRTABLE;
TMIB_IPADDRTABLE = record
dwNumEntries: dword;
Table: array[0 .. 0] of TMIB_IPADDRROW;
end; { TMIB_IPADDRTABLE }
Type
TName = array[0..100] of Char;
PName = ^TName;
function GetIpAddrTable(pIpAddrTabl
var pdwSize: dword;
bOrder: BOOL): dword; stdcall; external 'IPHLPAPI.DLL';
function GetHostIP(var sHostName, sIPAddr, sWSAError: string): Boolean;
Function GetIpAddress: String;
implementation
Function GetIpAddress: String;
var
IpAddrTable: PMIB_IPADDRTABLE;
Size, dwResult: dword;
ErrorMessage: array[0 .. 256] of char;
LibH: THandle;
CountIp: Integer;
theipaddy: array[1..10] of string;
Res,tmpname,tmpclass,s1 : string;
C: Integer;
// countip: integer;
begin
{ Confirm that the IP Helper API DLL exists }
LibH := LoadLibrary('IPHLPAPI.DLL'
if LibH = 0
then Exit
else FreeLibrary(LibH);
//Memo1.Lines.Clear;
Size := 1;
GetMem(IpAddrTable, Size);
FillChar(IpAddrTable^, Size, #0);
dwResult := GetIpAddrTable(IpAddrTable
if dwResult = ERROR_INSUFFICIENT_BUFFER
then
begin
FreeMem(IpAddrTable);
GetMem(IpAddrTable, Size);
FillChar(IpAddrTable^, Size, #0);
dwResult := GetIpAddrTable(IpAddrTable
end
else
begin
FormatMessage(FORMAT_MESSA
@ErrorMessage, Sizeof(ErrorMessage) - 1, nil);
showmessage('Function GetIpAddrTable failed - ' + ErrorMessage);
end;
{ Display all IP addresses }
countip:=0;
for C := 0 to IpAddrTable.dwNumEntries - 1 do
begin
inc(countip);
theipaddy[c+1]:=inet_ntoa(
end;
FreeMem(IpAddrTable);
Res:='';
for c:=1 to countip do
Begin
If (Pos('127.0.0.1',theipaddy
Res:=Res+theipaddy[c]+', ';
End;
Res:=Copy(Res,1,Length(Res
Result:=Trim(Res);
End;
function GetHostIP(var sHostName, sIPAddr, sWSAError: string): Boolean;
var
HEnt: pHostEnt;
HName: PName;
WSAData: TWSAData;
iCnt: Integer;
begin
Result := False;
if WSAStartup($0101, WSAData) <> 0 then begin
sWSAError := 'WSAStartup error';
Exit;
end;
sHostName := '';
sIPAddr := '';
sWSAError := '';
New(HName);
if GetHostName(HName^, SizeOf(TName)) = 0 then begin
Result := True;
sHostName := StrPas(HName^);
HEnt := GetHostByName(HName^);
for iCnt := 0 to HEnt^.h_length - 1 do
sIPAddr := sIPAddr + IntToStr(Ord(HEnt^.h_addr_
SetLength(sIPAddr, Length(sIPAddr) - 1);
end
else begin
case WSAGetLastError of
WSAEFAULT : sWSAError := 'WSAEFault';
WSANOTINITIALISED: sWSAError := 'WSANotInitialised';
WSAENETDOWN : sWSAError := 'WSAENetDown';
WSAEINPROGRESS : sWSAError := 'WSAEInProgress';
end;
end;
Dispose(HName);
WSACleanup;
end;
end.
//yeah sorry about the mess, i got the winsock code from somewhere and extended it to get the IP back when i did not really know what i was doing lol
// sample
program Project1;
{$APPTYPE CONSOLE}
uses SysUtils,GetIP;
begin
// Insert user code here
Writeln(GetIPAddress);
Readln;
end.
So if you could merge the two together, that would be great :) unless you know a reason why these two should not be lawfully wed in holy ma... i was at wedding on Saturday lol...
and here's 100 points for you to do it :P
ASKER
OK it seems that whatever you had with nil and blocking all ip addresses seems to exist for the UDP part as well... it's strange, if you can fix it that would be great :)
Thanks...
Craig C.
Thanks...
Craig C.
ASKER
damn it, i thought that would fix it...
AddFilter(ioIn, 'v5.vc.dcn.yahoo.com', ProtoUDP, '5001');
still nothin, is it even possible to block UDP?
AddFilter(ioIn, 'v5.vc.dcn.yahoo.com', ProtoUDP, '5001');
still nothin, is it even possible to block UDP?
ASKER
lmao
Netstat
v6.vc.scd.yahoo.com:5001
AddFilter(ioIN, Nil, protoUDP, '5000'); <<blocks the UDP port 5001, i created a for next loop from 5000 to 6000 and blocked them all in and out... after some messing around i figured out that it's 1 less than what netstat displays...
Netstat
v6.vc.scd.yahoo.com:5001
AddFilter(ioIN, Nil, protoUDP, '5000'); <<blocks the UDP port 5001, i created a for next loop from 5000 to 6000 and blocked them all in and out... after some messing around i figured out that it's 1 less than what netstat displays...
Seems like you have it working, and have merged the source in the other question,so....
not sure if there is much I can help you with at this point.
Regarding the udp handling, I'm not sure why it is the way it is. Like I said in the prior q, the documentation from MS is poor to none. And trying to find examples on this stuff provides very few examples to go from.
But, if there is anything that I can help you with, just give a holler.
Russell
ASKER
the UDP handling worked, '5001' blocks port '5000' it's always one less, i blocked 5001 no problem with 5000,.
ASKER
i do have 1 question though, just the theory, not after any code :)
this code blocks the port completely, from all programs which i think is excellent, but firewalls manage to prevent certain applications from connecting on certain ports... do you know the idea behind that? as in what's the difference between this code and code to do that? completely different method? different DLLs to call?
injecting dlls into the proccess space? i can't really see how, just a thought...
this code blocks the port completely, from all programs which i think is excellent, but firewalls manage to prevent certain applications from connecting on certain ports... do you know the idea behind that? as in what's the difference between this code and code to do that? completely different method? different DLLs to call?
injecting dlls into the proccess space? i can't really see how, just a thought...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER