Firewall Events

Firewall events are events that the Microsoft Firewall service triggers in response to occurrences of specific types. An application filter must register the types of events for which it should receive notifications when it is initialized by the Firewall service. When the Firewall service raises an event for which an application filter is registered for the first time in a specific user session, the Firewall service attaches the application filter to the related session, and the application filter creates an instance of its session filter object for the session. Then, the Firewall service notifies the filter about subsequent events for which the filter is registered in the same user session by calling the event handler implemented in the session filter object. This way, the application filter can monitor a session for events where a filter response, such as data filtering, might be needed. For more information about the event notification process in application filters, see Filter Object Model.

The following types of firewall events are defined in the FwxFirewallEventType enumerated type.

fwx_Connect_Tcp

Request to connect to a TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxConnectEvent structure.

fwx_Udp_Destination

Request to connect to or send data to a UDP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxUdpDestination structure.

fwx_Bind_Tcp

Request to bind to a TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxBindEvent structure.

fwx_Bind_Udp

Request to connect to a UDP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxBindEvent structure.

fwx_Listen

Request to listen on a TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxListenEvent structure.

fwx_AcceptedConnection

Arrival of an inbound connection on a listening TCP socket. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxAcceptEvent structure.

fwx_GetHostByName

Call to the gethostbyname function by a Firewall client. This event is not generated for a SecureNAT client. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxGetHostByNameEvent structure.

fwx_GetHostByAddr

Call to the gethostbyaddr function by a Firewall client. This event is not generated for a SecureNAT client. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxGetHostByAddrEvent structure.

fwx_ConnectionTerminating

Existence of a connection object that will be deleted when all references to it are released. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxEndConnectionEvent structure.

fwx_EstablishedConnection

Establishment of a connection as a result of a call to the IFWXSession::AllowFutureConnect, IFWXSession::BindForClient, or IFWXSession::RedirectConnections method. When the Firewall service sends a notification for an event of this type, information related to the event is supplied in an FwxEstablishedConnectionEvent structure.

In general, these events are generated both in the case of Firewall clients and SecureNAT clients.


Send comments about this topic to Microsoft

Build date: 11/30/2009

© 2008 Microsoft Corporation. All rights reserved.