pub struct FilterBuilder;Expand description
WFP Filter builder
Translates FilterRule into WFP filter structures and manages filter lifecycle.
§Examples
use windows_wfp::{WfpEngine, FilterBuilder, FilterRule, Direction, Action, FilterWeight, initialize_wfp};
let engine = WfpEngine::new()?;
initialize_wfp(&engine)?;
let rule = FilterRule::new("Block curl", Direction::Outbound, Action::Block)
.with_weight(FilterWeight::UserBlock)
.with_app_path(r"C:\Windows\System32\curl.exe");
let filter_id = FilterBuilder::add_filter(&engine, &rule)?;
// Later: remove the filter
FilterBuilder::delete_filter(&engine, filter_id)?;Implementations§
Source§impl FilterBuilder
impl FilterBuilder
Sourcepub fn add_filter(engine: &WfpEngine, rule: &FilterRule) -> WfpResult<u64>
pub fn add_filter(engine: &WfpEngine, rule: &FilterRule) -> WfpResult<u64>
Add filter to WFP engine
Translates a FilterRule and adds it to the WFP engine.
§Errors
Returns WfpError::FilterAddFailed if the filter cannot be added.
§Examples
use windows_wfp::{WfpEngine, FilterBuilder, FilterRule, Direction, Action, FilterWeight, initialize_wfp};
let engine = WfpEngine::new()?;
initialize_wfp(&engine)?;
let rule = FilterRule::new("Allow all outbound", Direction::Outbound, Action::Permit)
.with_weight(FilterWeight::DefaultPermit);
let filter_id = FilterBuilder::add_filter(&engine, &rule)?;Examples found in repository?
examples/simple_block.rs (line 42)
24fn main() -> WfpResult<()> {
25 println!("windows-wfp - Simple Block Demo\n");
26
27 // Initialize WFP
28 println!("Opening WFP Engine...");
29 let engine = WfpEngine::new()?;
30 println!("Engine opened\n");
31
32 println!("Registering provider...");
33 initialize_wfp(&engine)?;
34 println!("Provider registered\n");
35
36 // Block notepad.exe outbound connections
37 println!("Adding block filter for notepad.exe...");
38 let notepad_rule = FilterRule::new("Block Notepad", Direction::Outbound, Action::Block)
39 .with_weight(FilterWeight::UserBlock)
40 .with_app_path(r"C:\Windows\System32\notepad.exe");
41
42 let filter_id = FilterBuilder::add_filter(&engine, ¬epad_rule)?;
43 println!("Filter added (ID: {})\n", filter_id);
44
45 println!("Filter active for 10 seconds...");
46 println!(" (Try opening notepad.exe and accessing network)\n");
47
48 for i in (1..=10).rev() {
49 println!(" {} seconds remaining...", i);
50 thread::sleep(Duration::from_secs(1));
51 }
52
53 println!("\nRemoving filter...");
54 FilterBuilder::delete_filter(&engine, filter_id)?;
55 println!("Filter removed\n");
56
57 println!("Demo complete!");
58 Ok(())
59}More examples
examples/live_demo.rs (line 70)
32fn main() -> WfpResult<()> {
33 println!("windows-wfp - Live WFP Demo");
34 println!("================================\n");
35
36 // Check for admin privileges
37 if !is_elevated() {
38 eprintln!("ERROR: This demo requires Administrator privileges!");
39 eprintln!(" Please run: cargo run --example live_demo --release");
40 eprintln!(" from an Administrator command prompt.\n");
41 std::process::exit(1);
42 }
43
44 println!("Running with Administrator privileges\n");
45
46 // Step 1: Initialize WFP Engine
47 println!("Step 1: Opening WFP Engine session...");
48 let engine = WfpEngine::new()?;
49 println!(" Engine session opened\n");
50
51 // Step 2: Register Provider & Sublayer
52 println!("Step 2: Registering WFP provider & sublayer...");
53 initialize_wfp(&engine)?;
54 println!(" Provider & sublayer registered\n");
55
56 // Step 3: Subscribe to network events
57 println!("Step 3: Subscribing to network events...");
58 let event_subscription = WfpEventSubscription::new(&engine)?;
59 println!(" Event subscription active\n");
60
61 // Step 4: Add blocking filter for curl.exe
62 println!("Step 4: Adding block filter for curl.exe...");
63 let curl_path = find_curl_path();
64 println!(" Target: {}", curl_path.display());
65
66 let block_rule = FilterRule::new("Block curl.exe", Direction::Outbound, Action::Block)
67 .with_weight(FilterWeight::UserBlock)
68 .with_app_path(curl_path.clone());
69
70 let filter_id = FilterBuilder::add_filter(&engine, &block_rule)?;
71 println!(" Filter added (ID: {})\n", filter_id);
72
73 // Step 5: Monitor events
74 println!("Step 5: Monitoring network events...");
75 println!(" Press Ctrl+C to stop\n");
76 println!("TIP: In another terminal, run:");
77 println!(" > curl https://google.com");
78 println!(" You should see the connection BLOCKED below!\n");
79 println!("===================================================\n");
80
81 let start_time = std::time::Instant::now();
82 let mut event_count = 0;
83
84 loop {
85 match event_subscription.try_recv() {
86 Ok(event) => {
87 event_count += 1;
88 print_event(&event, event_count);
89 }
90 Err(std::sync::mpsc::TryRecvError::Empty) => {
91 thread::sleep(Duration::from_millis(100));
92 }
93 Err(std::sync::mpsc::TryRecvError::Disconnected) => {
94 println!("\nEvent channel disconnected!");
95 break;
96 }
97 }
98
99 // Auto-stop after 60 seconds for demo
100 if start_time.elapsed() > Duration::from_secs(60) {
101 println!("\nDemo timeout (60s) - stopping...");
102 break;
103 }
104 }
105
106 // Cleanup
107 println!("\nCleaning up...");
108 FilterBuilder::delete_filter(&engine, filter_id)?;
109 println!(" Filter removed");
110 drop(event_subscription);
111 println!(" Event subscription closed");
112 drop(engine);
113 println!(" Engine session closed\n");
114
115 println!("Demo complete! {} events captured.", event_count);
116 Ok(())
117}Sourcepub fn delete_filter(engine: &WfpEngine, filter_id: u64) -> WfpResult<()>
pub fn delete_filter(engine: &WfpEngine, filter_id: u64) -> WfpResult<()>
Delete filter from WFP engine by ID
Removes a previously added filter using its unique ID.
§Errors
Returns WfpError::FilterDeleteFailed if the filter cannot be deleted.
§Examples
use windows_wfp::{WfpEngine, FilterBuilder, FilterRule, Direction, Action, FilterWeight, initialize_wfp};
let engine = WfpEngine::new()?;
initialize_wfp(&engine)?;
let rule = FilterRule::new("Allow all", Direction::Outbound, Action::Permit)
.with_weight(FilterWeight::DefaultPermit);
let filter_id = FilterBuilder::add_filter(&engine, &rule)?;
// Later: remove the filter
FilterBuilder::delete_filter(&engine, filter_id)?;Examples found in repository?
examples/simple_block.rs (line 54)
24fn main() -> WfpResult<()> {
25 println!("windows-wfp - Simple Block Demo\n");
26
27 // Initialize WFP
28 println!("Opening WFP Engine...");
29 let engine = WfpEngine::new()?;
30 println!("Engine opened\n");
31
32 println!("Registering provider...");
33 initialize_wfp(&engine)?;
34 println!("Provider registered\n");
35
36 // Block notepad.exe outbound connections
37 println!("Adding block filter for notepad.exe...");
38 let notepad_rule = FilterRule::new("Block Notepad", Direction::Outbound, Action::Block)
39 .with_weight(FilterWeight::UserBlock)
40 .with_app_path(r"C:\Windows\System32\notepad.exe");
41
42 let filter_id = FilterBuilder::add_filter(&engine, ¬epad_rule)?;
43 println!("Filter added (ID: {})\n", filter_id);
44
45 println!("Filter active for 10 seconds...");
46 println!(" (Try opening notepad.exe and accessing network)\n");
47
48 for i in (1..=10).rev() {
49 println!(" {} seconds remaining...", i);
50 thread::sleep(Duration::from_secs(1));
51 }
52
53 println!("\nRemoving filter...");
54 FilterBuilder::delete_filter(&engine, filter_id)?;
55 println!("Filter removed\n");
56
57 println!("Demo complete!");
58 Ok(())
59}More examples
examples/live_demo.rs (line 108)
32fn main() -> WfpResult<()> {
33 println!("windows-wfp - Live WFP Demo");
34 println!("================================\n");
35
36 // Check for admin privileges
37 if !is_elevated() {
38 eprintln!("ERROR: This demo requires Administrator privileges!");
39 eprintln!(" Please run: cargo run --example live_demo --release");
40 eprintln!(" from an Administrator command prompt.\n");
41 std::process::exit(1);
42 }
43
44 println!("Running with Administrator privileges\n");
45
46 // Step 1: Initialize WFP Engine
47 println!("Step 1: Opening WFP Engine session...");
48 let engine = WfpEngine::new()?;
49 println!(" Engine session opened\n");
50
51 // Step 2: Register Provider & Sublayer
52 println!("Step 2: Registering WFP provider & sublayer...");
53 initialize_wfp(&engine)?;
54 println!(" Provider & sublayer registered\n");
55
56 // Step 3: Subscribe to network events
57 println!("Step 3: Subscribing to network events...");
58 let event_subscription = WfpEventSubscription::new(&engine)?;
59 println!(" Event subscription active\n");
60
61 // Step 4: Add blocking filter for curl.exe
62 println!("Step 4: Adding block filter for curl.exe...");
63 let curl_path = find_curl_path();
64 println!(" Target: {}", curl_path.display());
65
66 let block_rule = FilterRule::new("Block curl.exe", Direction::Outbound, Action::Block)
67 .with_weight(FilterWeight::UserBlock)
68 .with_app_path(curl_path.clone());
69
70 let filter_id = FilterBuilder::add_filter(&engine, &block_rule)?;
71 println!(" Filter added (ID: {})\n", filter_id);
72
73 // Step 5: Monitor events
74 println!("Step 5: Monitoring network events...");
75 println!(" Press Ctrl+C to stop\n");
76 println!("TIP: In another terminal, run:");
77 println!(" > curl https://google.com");
78 println!(" You should see the connection BLOCKED below!\n");
79 println!("===================================================\n");
80
81 let start_time = std::time::Instant::now();
82 let mut event_count = 0;
83
84 loop {
85 match event_subscription.try_recv() {
86 Ok(event) => {
87 event_count += 1;
88 print_event(&event, event_count);
89 }
90 Err(std::sync::mpsc::TryRecvError::Empty) => {
91 thread::sleep(Duration::from_millis(100));
92 }
93 Err(std::sync::mpsc::TryRecvError::Disconnected) => {
94 println!("\nEvent channel disconnected!");
95 break;
96 }
97 }
98
99 // Auto-stop after 60 seconds for demo
100 if start_time.elapsed() > Duration::from_secs(60) {
101 println!("\nDemo timeout (60s) - stopping...");
102 break;
103 }
104 }
105
106 // Cleanup
107 println!("\nCleaning up...");
108 FilterBuilder::delete_filter(&engine, filter_id)?;
109 println!(" Filter removed");
110 drop(event_subscription);
111 println!(" Event subscription closed");
112 drop(engine);
113 println!(" Engine session closed\n");
114
115 println!("Demo complete! {} events captured.", event_count);
116 Ok(())
117}Auto Trait Implementations§
impl Freeze for FilterBuilder
impl RefUnwindSafe for FilterBuilder
impl Send for FilterBuilder
impl Sync for FilterBuilder
impl Unpin for FilterBuilder
impl UnsafeUnpin for FilterBuilder
impl UnwindSafe for FilterBuilder
Blanket Implementations§
Source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
Source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
Mutably borrows from an owned value. Read more