I keep getting error 0x80320002 on Windows Filtering Platform

Question

I'm trying to write a simple program to block specific ports using WFP. I can block specific apps using the following code.

#include <Windows.h>
#include <fwpmu.h>
#include <stdio.h>
#include <string>

#pragma comment(lib, "Fwpuclnt")    

int main() {

    HANDLE hEngine;
    FwpmEngineOpen(nullptr, RPC_C_AUTHN_DEFAULT, nullptr, nullptr, &hEngine);

    FWPM_FILTER filter{};
    WCHAR filterName[] = L"Block Calculator's internet access";
    filter.displayData.name = filterName;

    filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V4;
    filter.action.type = FWP_ACTION_BLOCK;

    WCHAR filename[] = LR"(C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe)";
    FWP_BYTE_BLOB* appId;
    FwpmGetAppIdFromFileName(filename, &appId);

    FWPM_FILTER_CONDITION cond;
    cond.fieldKey = FWPM_CONDITION_ALE_APP_ID;
    cond.matchType = FWP_MATCH_EQUAL;
    
    cond.conditionValue.type = FWP_BYTE_BLOB_TYPE;
    cond.conditionValue.byteBlob = appId;


    filter.filterCondition = &cond;
    filter.numFilterConditions = 1;

    FwpmFilterAdd(hEngine, &filter, nullptr, nullptr);

    filter.layerKey = FWPM_LAYER_ALE_AUTH_CONNECT_V6;   // IPv6
    FwpmFilterAdd(hEngine, &filter, nullptr, nullptr);

    FWPM_FILTER_CONDITION test = cond;
    
    FwpmEngineClose(hEngine);


}

But if I modify the condition to block a specific port, I get error 0x80320002: The filter condition does not exist.

    FWPM_FILTER_CONDITION cond;
    cond.fieldKey = FWPM_CONDITION_IP_DESTINATION_PORT;
    cond.matchType = FWP_MATCH_EQUAL;
    
    cond.conditionValue.type = FWP_UINT16;
    cond.conditionValue.uint16 = 443;

I feel like I'm missing something simple, but I've checked the documentation and I cannot find any reason why it won't work. Any help would be appreciated.

Answer 1

You want FWPM_CONDITION_IP_REMOTE_PORT.