What's the difference between "Veto" and "Hard Block"?

Question

Is the following code called "Veto", "Hard Block", or both?

if (FWP_ACTION_PERMIT == classifyOut->actionType 
 && FlagOn(classifyOut->rights, FWPS_RIGHT_ACTION_WRITE))
{
    classifyOut->rights = 0;
    classifyOut->actionType = FWP_ACTION_BLOCK;
}

The documentation about this issue is vague.

Please visit: http://msdn.microsoft.com/en-us/library/windows/desktop/aa364008(v=vs.85).aspx

Answer 1

It is a Hard Block, but not a Veto.

A hard action is an action where you reset the FWPS_RIGHT_ACTION_WRITE flag in addition to setting the actionType to FWP_ACTION_BLOCK or FWP_ACTION_PERMIT. (This is not explicitly defined in the documentation, but it can be inferred from the first table.)

In your code, you're resetting the flag, then setting actionType to FWP_ACTION_BLOCK, making your action a Hard Block:

classifyOut->rights = 0;
classifyOut->actionType = FWP_ACTION_BLOCK;

As explained in the documentation,

A Veto is a Block action returned by the filter when the FWPS_RIGHT_ACTION_WRITE flag was reset prior to calling the filter.

In your code, you're only issuing a block if the flag is set, making your action not a Veto:

if ( ... && FlagOn(classifyOut->rights, FWPS_RIGHT_ACTION_WRITE) {...}