Intel AMT Features > System Defense > Use Cases > Create an IP Filter
CollapseAll image

Create an IP Filter

The following steps describe how to create an IP filter.

1.  Create an instance of AMT_IPHeadersFilter with the following mandatory properties:

Property

Value

InstanceID

Enter any value (the value is overridden; enter zero to avoid problems with compatibility across versions).

Name

“IPFilterExample” – Enter a meaningful name that you can use later to search for this instance. Maximum length 16.

CreationClassName

Enter any value (the value is overridden)

SystemName

Enter any value (the value is overridden)

SystemCreationClassName

Enter any value (the value is overridden)

FilterProfile

The type/behavior of the filter. Valid values:

     0 – Statistics + Pass

     1 – Statistics + Drop

     2 – Rate Limit

     3 – Pass

     4 – Drop

FilterDirection

The direction of the traffic to filter. Valid values:

     0 – Outgoing (Tx)

     1 – Incoming (Rx)

ActionEventOnMatch

Create an event in the Event Manager when this filter is matched. Valid values:

     True

     False

HdrIPVersion

Identifies the version of the IP addresses for IP header filters. Valid values:

     4 – IPv4

     6 – IPv6

2.  Populate other properties to define the filter. For example, to filter UDP packets and pass no more than 100 packets per second if the filter is matched:

Property

Value

HdrProtocolID

17 – The UDP IANA number

FilterProfileData

100

Click here for a snippet demonstrating this step

You can execute this snippet by inserting it into the execution template found here.

  

$ipHeadersFilterInstance =$wsmanConnectionObject.NewInstance("AMT_IPHeadersFilter")

$ipHeadersFilterInstance.SetProperty("InstanceID","0")

$ipHeadersFilterInstance.SetProperty("Name","MyIPFilter")

$ipHeadersFilterInstance.SetProperty("CreationClassName","n/a")

$ipHeadersFilterInstance.SetProperty("SystemName","n/a")

$ipHeadersFilterInstance.SetProperty("SystemCreationClassName","n/a")

$ipHeadersFilterInstance.SetProperty("FilterProfile","1")

$ipHeadersFilterInstance.SetProperty("FilterDirection","0")

$ipHeadersFilterInstance.SetProperty("ActionEventOnMatch","true")

$ipHeadersFilterInstance.SetProperty("HdrIPVersion","4")

# The $ipHeadersFilterRef is an EPR to the new AMT_IPHeadersFilter object.

$ipHeadersFilterRef =$ipHeadersFilterInstance.Create()

 

 

 

 Note:

The filter’s protocol is determined by the HdrProtocolID property which takes IANA numbers, and the HdrIPVersion property which determines the IP type (IPv4 or IPv6).

 

Additional Information

   If you define values for one of the following pairs of properties (selecting both pairs is invalid), you must define values for both the mask and the address:

   HdrDestAddress and HdrDestMask

   HdrSrcAddress and HdrSrcMask

   The following properties, that define ports, can only be used if the value of HdrProtocolID is 6 (TCP) or 17 (UDP):

   HdrSrcPortStart

   HdrSrcPortEnd

   HdrDestPortStart

   HdrDestPortEnd

   Ports can only be defined using one of the following options:

   A source port and destination port with equal values in the HdrPortStart and HdrPortEnd properties

   A range of source ports

   A range of destination ports

   The following properties can only be used if the value of HdrProtocolID is 6:

   TCPFlagsOn

   TCPFlagsOff

Instance Diagram

Not applicable

Classes Used in This Flow

SDK Sample

If there is a sample demonstrating this flow, it is included in the SDK installation file. See SDK Installation Layout for details.

 

See Also:

   Network Isolation

   System Defense Policies

   Heuristic Policies

   System Defense Filter Types

   Processing Network Packets with System Defense

   Networking Packet Structures

Copyright © 2006-2022, Intel Corporation. All rights reserved.