• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 627
  • Last Modified:

For Rllibby regarding firewall

Ok I WAS going to say it does not work but i tried something and i fixed it, ok the problem is that the code is failing because when it gets the IP it gets the network address, not the assigned IP address, so this is what i did

  if GetLocalIPAddr(@ipLocal) then
     begin
         IpLocal[0]:=StrToInt('203');
         IpLocal[1]:=StrToInt('217');
         IpLocal[2]:=StrToInt('3');
         IpLocal[3]:=StrToInt('209');
        // Create the interface
        PfCreateInterface(0, PF_ACTION_FORWARD, PF_ACTION_FORWARD, False, True, hIF);

        // Add some filters - these are just examples
        AddFilter(ioIn, '66.102.7.104', protoTcp, nil);
        AddFilter(ioOut, '66.102.7.104', protoTcp, '80');
        AddFilter(ioOut, '216.239.53.99', protoTcp, '80');
        AddFilter(ioIn, '66.218.70.48', protoUdp, '1024');

        // Example of blocking all outbound to web sites
        AddFilter(ioOut, nil, protoTcp, '80');

        AddFilter(ioOut, '203.217.3.209', protoTcp, '80');
        AddFilter(ioOut,  Nil, protoTcp, '80');

//etc etc


and it fixed it, it blocked the page, ok then i wrote some code years ago, probably could do with a little cleaning up, but it gets the real IP address and not the network address, if you want to use this code in your code it should fix a lot of peoples problems

you see this machine reads 0.0.0.0 127.0.0.1 and ISP IP (which is in the example above but it's alright now, i can finish off the firewall to prevent you from h4<>0ring me :P just kiddin...)



unit GetIp;


interface

Uses
  WinSock,Windows, Dialogs, SysUtils ;

Type

 PMIB_IPADDRROW = ^TMIB_IPADDRROW;
 TMIB_IPADDRROW = record
    dwAddr: dword;
    dwIndex: dword;
    dwMask: dword;
    dwBCastAddr: dword;
    dwReasmSize: dword;
    unused1: word;
    unused2: word;
   end;  { TMIB_IPADDRROW }

  PMIB_IPADDRTABLE = ^TMIB_IPADDRTABLE;
 TMIB_IPADDRTABLE = record
     dwNumEntries: dword;
    Table: array[0 .. 0] of TMIB_IPADDRROW;
 end; { TMIB_IPADDRTABLE }

Type
 TName = array[0..100] of Char;
  PName = ^TName;



  function GetIpAddrTable(pIpAddrTable: PMIB_IPADDRTABLE;
        var pdwSize:  dword;
    bOrder: BOOL): dword; stdcall; external 'IPHLPAPI.DLL';
   function GetHostIP(var sHostName, sIPAddr, sWSAError: string): Boolean;
   Function GetIpAddress: String;

implementation

Function GetIpAddress: String;
  var
  IpAddrTable: PMIB_IPADDRTABLE;
  Size, dwResult: dword;
  ErrorMessage: array[0 .. 256] of char;
  LibH: THandle;
  CountIp: Integer;
  theipaddy: array[1..10] of string;
  Res,tmpname,tmpclass,s1 : string;
  C: Integer;
//  countip: integer;
begin
  { Confirm that the IP Helper API DLL exists }
        LibH := LoadLibrary('IPHLPAPI.DLL');
if LibH = 0
  then Exit
  else FreeLibrary(LibH);
//Memo1.Lines.Clear;
 Size := 1;
GetMem(IpAddrTable, Size);
FillChar(IpAddrTable^, Size, #0);
 dwResult := GetIpAddrTable(IpAddrTable, Size, true);
  if dwResult = ERROR_INSUFFICIENT_BUFFER
 then
begin
 FreeMem(IpAddrTable);
 GetMem(IpAddrTable, Size);
 FillChar(IpAddrTable^, Size, #0);
 dwResult := GetIpAddrTable(IpAddrTable, Size, true);
 end
   else
begin
 FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, nil, dwResult, 0,
  @ErrorMessage, Sizeof(ErrorMessage) - 1, nil);
showmessage('Function GetIpAddrTable failed - ' + ErrorMessage);
  end;

{ Display all IP addresses }
countip:=0;
for C := 0 to IpAddrTable.dwNumEntries - 1 do
 begin
 inc(countip);
   theipaddy[c+1]:=inet_ntoa(in_addr(IpAddrTable.Table[C].dwAddr));
  end;
 FreeMem(IpAddrTable);
 Res:='';

 for c:=1 to countip do
  Begin
   If (Pos('127.0.0.1',theipaddy[c])=0) And (Pos('0.0.0.0',theipaddy[c])=0) And (Pos('192.168.',theipaddy[c])=0)  Then
     Res:=Res+theipaddy[c]+', ';
  End;
 Res:=Copy(Res,1,Length(Res)-2);
 Result:=Trim(Res);
End;

function GetHostIP(var sHostName, sIPAddr, sWSAError: string): Boolean;
var
  HEnt: pHostEnt;
  HName: PName;
  WSAData: TWSAData;
  iCnt: Integer;
begin
  Result := False;
  if WSAStartup($0101, WSAData) <> 0 then begin
    sWSAError := 'WSAStartup error';
    Exit;
  end;
  sHostName := '';
  sIPAddr := '';
  sWSAError := '';
  New(HName);
  if GetHostName(HName^, SizeOf(TName)) = 0 then begin
    Result := True;
    sHostName := StrPas(HName^);
    HEnt := GetHostByName(HName^);
    for iCnt := 0 to HEnt^.h_length - 1 do
      sIPAddr := sIPAddr + IntToStr(Ord(HEnt^.h_addr_list^[iCnt])) + '.';
    SetLength(sIPAddr, Length(sIPAddr) - 1);
  end
  else begin
    case WSAGetLastError of
      WSAEFAULT        : sWSAError := 'WSAEFault';
      WSANOTINITIALISED: sWSAError := 'WSANotInitialised';
      WSAENETDOWN      : sWSAError := 'WSAENetDown';
      WSAEINPROGRESS   : sWSAError := 'WSAEInProgress';
    end;
  end;
  Dispose(HName);
  WSACleanup;
end;


end.


//yeah sorry about the mess, i got the winsock code from somewhere and extended it to get the IP back when i did not really know what i was doing lol

// sample

program Project1;
{$APPTYPE CONSOLE}
uses SysUtils,GetIP;

begin
  // Insert user code here
   Writeln(GetIPAddress);
   Readln;
end.


So if you could merge the two together, that would be great :) unless you know a reason why these two should not be lawfully wed in holy ma... i was at wedding on Saturday lol...

and here's 100 points for you to do it :P
0
tobjectpascal
Asked:
tobjectpascal
  • 6
  • 2
1 Solution
 
tobjectpascalAuthor Commented:
ProtoUDP does not seem to work either, just TCP. i'm trying to block UDP port 5001 (Yahoo Voice)
0
 
tobjectpascalAuthor Commented:
OK it seems that whatever you had with nil and blocking all ip addresses seems to exist for the UDP part as well... it's strange, if you can fix it that would be great :)


Thanks...


Craig C.
0
 
tobjectpascalAuthor Commented:
damn it, i thought that would fix it...

AddFilter(ioIn, 'v5.vc.dcn.yahoo.com', ProtoUDP, '5001');

still nothin, is it even possible to block UDP?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
tobjectpascalAuthor Commented:
lmao


Netstat


v6.vc.scd.yahoo.com:5001

 AddFilter(ioIN,  Nil, protoUDP, '5000'); <<blocks the UDP port 5001, i created a for next loop from 5000 to 6000 and blocked them all in and out... after some messing around i figured out that it's 1 less than what netstat displays...
0
 
Russell LibbySoftware Engineer, Advisory Commented:

Seems like you have it working, and have merged the source in the other question,so....
not sure if there is much I can help you with at this point.

Regarding the udp handling, I'm not sure why it is the way it is. Like I said in the prior q, the documentation from MS is poor to none. And trying to find examples on this stuff provides very few examples to go from.

But, if there is anything that I can help you with, just give a holler.
 
Russell
0
 
tobjectpascalAuthor Commented:
the UDP handling worked, '5001' blocks port '5000' it's always one less, i blocked 5001 no problem with 5000,.
0
 
tobjectpascalAuthor Commented:
i do have 1 question though, just the theory, not after any code :)

this code blocks the port completely, from all programs which i think is excellent, but firewalls manage to prevent certain applications from connecting on certain ports... do you know the idea behind that? as in what's the difference between this code and code to do that? completely different method? different DLLs to call?

injecting dlls into the proccess space? i can't really see how,  just a thought...
0
 
Russell LibbySoftware Engineer, Advisory Commented:

The "idea" behind it actually translates to software code running at a lower level than the user mode packet filtering. Its called NDIS filtering, and it allows you to selectively pass or drop selectd tcp packets. To be honest, the guts of it are way beyond anything I have looked at; though the MSDN should contain (in C) some sample miniport drivers that contain the bare minimum for implementing this.

Regarding the process injection though, that would be the best way (in user mode) to perform the same thing without writing driver code.

Regards,
Russell



0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now