Reference Manual |
NAME
wpff - interact with the WinPkFilter Filter TableSYNOPSIS
wpff ifn proto port:port src | dst [mstcp | drop | nat32]DESCRIPTION
wpff [i]
wpff erase [i]
wpff reset
wpff save
wpffi ifn
wpffx ifn proto port:port src | dst [mstcp | drop | nat32]
...
When invoked with no argument, wpff prints the current WinPkFilter filter table. If an index i is specified, a specific entry is printed. The listing includes all address, protocol and port information as well as the number of times a filter has been applied.NOTESArgument erase followed by an index specifies that a particular table entry be deleted. If no index is specified, the entire table is deleted.
Argument reset clears table usage statistics and then prints the table.
Argument save transfers NAT32's copy of the table to the driver. This is needed on resume from sleep.
Command wpff ifn proto port:port ... adds a filter pair (one for traffic from the MSTCP and one for traffic from the Adapter) to the Filter Table for interface ifn. If interface 0 is specified, the filter applies for all IP addresses, not just the interface's IP address. A protocol and port (range) must also be specified.
The literal 'src' specifies that the filter is to apply to MSTCP traffic with matching source address and source port number and to Adapter traffic with matching destination address and destination port number.
The literal 'dst' specifies that the filter is to apply to MSTCP traffic with matching destination address and destination port number and to Adapter traffic with matching source address and source port number.
The literals 'mstcp', 'drop' and 'nat32' specifies the action to be taken when a received packet matches the filter. The literal 'mstcp' specifies that the packet be sent to the MSTCP, 'drop' specifies that the packet be dropped and 'nat32' specifies that the packet be passed to NAT32 for further processing. The latter is also the default action.
Command wpffx is similar to wpff except that only the second filter of the above pair is added and with swapped source and destination port numbers.
The WinPkFilter filters are effective within the Operating System Kernel and thus allow specific MSTCP traffic to bypass NAT32 completely. This results in significant performance improvement for traffic flows that are of no interest to NAT32.EXAMPLEFilters are processed by the device driver in the order they appear in the table. When a match is found, the specified action is taken and no further filters are evaluated.
To drop all incoming UDP Port 53 traffic on the Primary Internet interface, use the following command:SEE ALSOwpff p udp 53 src drop
WinPkFilter Driver Configuration, NAT32 Network Configuration, Windows Network Configuration