Defining network packet rules in XML

Support

Support for business applications

Kaspersky Endpoint Security 12 for Windows

Computer protection

Firewall

Managing network packet rules

Defining network packet rules in XML

25 April 2024

ID 245114

Get as PDF

Firewall allows exporting network packet rules in XML format. Then you can modify the file to, for example, add a large number of rules of the same type.

The XML file contains two main nodes: Rules and Resources. The Rules node lists network packet rules. This node contains rules configured by default (predefined rules) as well as rules added by the user (custom rules).

Network packet rule markup

</key>

Network packet rule settings in XML format

Parameter	Description	Value
`<key name="0000">`	Priority of the rule. The lower the value, the higher the priority.	Integer The priority value must consist of 4 digits. The nodes in the XML file must be arranged by priority value, starting with `0000`.
`RuleId`	ID of the rule.	Predefined rules `100` – Requests to DNS server over TCP. `101` – Requests to DNS server over UDP. `102` – Sending email messages. `110` – Any network activity (Trusted networks). `125` – Any network activity (Local networks). `130` – Remote Desktop network activity. `131` – TCP connections through local ports. `132` – UDP connections through local ports. `133` – Incoming TCP stream. `134` – Incoming UDP stream. `137` – ICMP Destination Unreachable incoming responses. `138` – ICMP Echo Reply incoming packets. `140` – ICMP Time Exceeded incoming responses. `142` – Incoming ICMP stream. `266` – ICMPv6 Echo Request incoming packets.
`RuleState`	Status of the rule.	`0` – predefined rule is disabled `1` – predefined rule is enabled `2` – custom rule is disabled `3` – custom rule is enabled
`RuleTypeId`	ID of the rule type.	`4` – network packet rule.
`AppIdEx`	ID of the application to which the network packet rule belongs.	If the rule does not belong to any application, the value is `0`.
`ResIdEx`	Main ID of the resource with rule settings. You can use this identifier to locate a block with rule settings in the `Resources` node.	Integer
`ResIdEx2`	ID of the network type.	`0` – Any address. `50` – Trusted networks. `51` – Local networks. `52` – Public networks. `<Network Identifier>` – Addresses from the list (addresses are defined manually).
`AccessFlag`	Value of the Action parameter.	`0` – Allow. `2` – By application rules. `3` – Block. `4` – Allow and Log events. `6` – By application rules and Log events. `7` – Block and Log events.
`</key>`

The Resources node contains network packet rule settings. Custom network packet rule settings are listed in the <key name="0004"> block.

Custom network packet rule markup

</key>

</key>

</key>

</key>

<tSTRING name="AdapterName">ADAPTER TEST 123</tSTRING>

</key>

<tTYPE_ID name="unique">3213697024</tTYPE_ID>

</key>

</key>

Custom network packet rule settings

Parameter	Description	Value
`<key name="Data">`	ID of the parameter block.	Integer
`RemotePorts`	Value of the Remote ports parameter.	List of remote port ranges.
`LocalPorts`	Value of the Local ports parameter.	List of local port ranges.
`AdapterBindings`	Value of the Network adapters parameter.	`IpAddresses` – value of the IP addresses parameter. `MacAddresses` – value of the MAC addresses parameter. `AdapterName` – name of the network adapter. `InterfaceType` – value of the Interface type parameter: `0` – Other. `1` – LoopBack. `2` – Wired network (Ethernet). `3` – Wireless network (Wi-Fi). `4` – Tunnel. `5` – PPP connection. `6` – PPPoE connection. `7` – VPN connection. `8` – Modem connection.
`unique`	Internal ID of the structure.	Integer It is recommended to leave this parameter unchanged.
`Proto`	Value of the Protocol parameter.	`0` – disabled. `1` – ICMP. `2` – IGMP. `6` – TCP. `17` – UDP. `47` – GRE. `58` – ICMPv6.
`Direction`	Value of the Direction parameter.	`1` – Inbound (packet). `2` – Outbound (packet). `3` – Inbound / Outbound. `4` – Inbound. `5` – Outbound.
`IcmpType`	Value of the ICMP type parameter.	ICMP protocol `0` – Echo Reply (ICMP) or disabled. `3` – Destination Unreachable (ICMP). `4` – Source Quench. `5` – Redirect. `6` – Alternate Host Address. `8` – Echo Request. `9` – Router Advertisement. `10` – Router Solicitation. `11` – Time Exceeded. `12` – Parameter Problem. `13` – Timestamp. `14` – Timestamp Reply. `15` – Information Request. `16` – Information Reply. `17` – Address Mask Request. `18` – Address Mask Reply. `30` – Traceroute. `31` – Datagram Conversion Error. `32` – Mobile Host Redirect. `33` – IPv6 Where-Are-You. `34` – IPv6 I-Am-Here. `35` – Mobile Registration Request. `36` – Mobile Registration Reply. `37` – Domain Name Request. `38` – Domain Name Reply. `40` – Photuris. ICMPv6 protocol `1` – Destination Unreachable. `2` – Packet Too Big. `3` – Time Exceeded. `4` – Parameter Problem. `128` – Echo Request. `129` – Echo Reply. `130` – Multicast Listener Query. `131` – Multicast Listener Report. `132` – Multicast Listener Done. `133` – Router Solicitation. `134` – Router Advertisement. `135` – Neighbor Solicitation. `136` – Neighbor Advertisement. `137` – Redirect Message. `138` – Router Renumbering. `139` – ICMP Node Information Query. `141` – Inverse Neighbor Discovery Solicitation Message. `142` – Inverse Neighbor Discovery Advertisement Message. `143` – Version 2 Multicast Listener Report. `144` – Home Agent Address Discovery Request Message. `145` – Home Agent Address Discovery Reply Message. `146` – Mobile Prefix Solicitation. `147` – Mobile Prefix Advertisement. `148` – Certification Path Solicitation Message. `149` – Certification Path Advertisement Message. `151` – Multicast Router Advertisement. `152` – Multicast Router Solicitation. `153` – Multicast Router Termination.
`IcmpCode`	Value of the ICMP code parameter.	`0` – Code 0 or disabled. `1` – Code 1. `2` – Code 2.
`Flags`	Structure attribute pointer.	Integer It is recommended to leave this parameter unchanged.
`TTL`	Value of the Time to live (TTL) parameter.	Value in seconds. If disabled, the value is `0`.
`</key>`
`Id`	Main ID of the resource (see the `Rules` node).	Integer
`ParentID`	ID of the parent group.	Integer It is recommended to leave this parameter unchanged.
`Flags`	Status of the rule.	`6` – the rule is disabled. `38` – the rule is enabled.
`Name`	Name of the network packet rule.	String

Kaspersky Endpoint Security for Windows: Detection of advanced threats

Control systems which prevent damage from the sensitive data theft. Management from a single console. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.