IFWXIpFilter

IFWXIpFilter is the application filter interface that represents an IP Filter: a range of IP addresses for which a connection or socket is allowed to function. Use this interface to ensure that secondary and emulated connections are secure.

Notes to Implementers

There are situations in which an application filter is responsible for limiting what IP addresses are allowed access to, including:

• The case of a secondary inbound connection, as occurs in use of the FTP protocol
• The case of a secondary or emulated connection in a publishing scenario.

For security purposes, the application filter has to define an IP filter: a range of IP addresses for which a particular connection or socket is allowed. The IFWXIpFilter interface is where you define that range of IP addresses.

An IP filter created by using the IFWXIpFilter interface is no more than a definition of IP ranges. The mechanism that provides the filtering functionality is the ISA server packet filtering mechanism. Therefore, an IP Filter defined by using IFWXIpFilter will not function unless IP packet filtering is enabled in ISA. For more information about packet filtering, see IP Packet Filtering, or the ISA Server product documentation.

Note  If you set the range of IP addresses equal to NULL, you are allowing all addresses to connect.

Typical Implementations

Implemented by the Firewall service.