:py:mod:`dissect.target.plugins.os.windows.regf.firewall` ========================================================= .. py:module:: dissect.target.plugins.os.windows.regf.firewall Module Contents --------------- Classes ~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.firewall.FirewallPlugin Attributes ~~~~~~~~~~ .. autoapisummary:: dissect.target.plugins.os.windows.regf.firewall.re_firewall .. py:data:: re_firewall .. py:class:: FirewallPlugin(target: dissect.target.Target) Bases: :py:obj:`dissect.target.plugin.Plugin` Plugin that parses firewall rules from the registry. .. py:attribute:: KEY :value: 'HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Parameters\\FirewallPolicy\\FirewallRules' .. py:attribute:: FIELD_MAP .. py:attribute:: VALUE_MAP .. py:method:: check_compatible() -> None Perform a compatibility check with the target. This function should return ``None`` if the plugin is compatible with the current target (``self.target``). For example, check if a certain file exists. Otherwise it should raise an ``UnsupportedPluginError``. :raises UnsupportedPluginError: If the plugin could not be loaded. .. py:method:: firewall() Return firewall rules saved in the registry. For a Windows operating system, the Firewall rules are stored in the HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules registry key. Yields dynamic records with usually the following fields: hostname (string): The target hostname. domain (string): The target domain. key (string): The rule key name. version (string): The version field of the rule. action (string): The action of the rule. active (boolean): Whether the rule is active. dir (string): The direction of the rule. protocol (uint32): The specified protocol (UDP=17, TCP=6). lport (string): The listening port of the rule. rport (string): The receiving port of the rule. profile (string): The Profile field of the rule. app (string): The App field of the rule. svc (string): The Svc of the rule. name (string): The Name of the rule. desc (string): The Desc of the rule. embed_ctxt (string): The EmbedCtxt of the rule.