8

A little background: Basicaly I'd like to add a program firewall access rule to both private and public networks.

I used to use this- "netsh firewall add allowedprogram program= "Path.." name=AppName ENABLE scope=ALL profile=CURRENT"

But now I'd like to automate the proccess a little using a COM object. Found this shiny piece of code - http://web.archive.org/web/20070707110141/http://www.dot.net.nz/Default.aspx?tabid=42&mid=404&ctl=Details&ItemID=8

And after implementing the class I've been trying to use- FirewallHelper.Instance.GrantAuthorization(@"Path... ","AppName ",NET_FW_SCOPE_.NET_FW_SCOPE_ALL,NET_FW_IP_VERSION_.NET_FW_IP_VERSION_ANY);

The problem I'm facing is that the GrantAuthorization method will only add a rule for the public OR private network whereas my old netsh command would 2 rules for- 1 for each network.

The commands actually seems very similar so it is kinda buffling to me.

So... how to add both network rules?

Shaun

4

4 回答 4

15

我的回答来自大卫的回答,但更详细。并修复有关设置 Localports 的问题。您需要在设置 Localports 之前设置协议。更多细节如下:

首先,您需要导入参考FirewallAPI.dll。它在“C:\Windows\System32\FirewallAPI.dll”中,然后:

using NetFwTypeLib;

并将代码插入您的:

        Type tNetFwPolicy2 = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
        INetFwPolicy2 fwPolicy2 = (INetFwPolicy2)Activator.CreateInstance(tNetFwPolicy2);
        var currentProfiles = fwPolicy2.CurrentProfileTypes;

        // Let's create a new rule
        INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
        inboundRule.Enabled = true;
        //Allow through firewall
        inboundRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
        //Using protocol TCP
        inboundRule.Protocol = 6; // TCP
        //Port 81
        inboundRule.LocalPorts = "81";
        //Name of rule
        inboundRule.Name = "MyRule";
        // ...//
        inboundRule.Profiles = currentProfiles;

        // Now add the rule
        INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
        firewallPolicy.Rules.Add(inboundRule);
于 2015-12-01T10:25:45.537 回答
8

我认为您最好的选择是与具有高级安全 API 的 Windows 防火墙对话。

“C# INetFwRule2”的快速谷歌将向您展示如何注册或更新防火墙规则的大量示例。

为了增加公共和私人政策,我使用了一些类似的东西

Type tNetFwPolicy2 = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
INetFwPolicy2 fwPolicy2 = (INetFwPolicy2)Activator.CreateInstance(tNetFwPolicy2);
var currentProfiles = fwPolicy2.CurrentProfileTypes;

// Let's create a new rule

INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
inboundRule.Enabled = true;
inboundRule.LocalPorts = "1234";
inboundRule.Protocol = 6; // TCP
// ...
inboundRule.Profiles = currentProfiles;

// Now add the rule

INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);
于 2013-03-14T17:48:52.700 回答
4

这个页面没有说这个已经被回答并且是旧的,所以以防万一,以备将来使用,我会回答这个。

首先,导入位于“C:\Windows\System32\FirewallAPI.dll”的引用 FirewallAPI.dll,然后添加 using 指令

using NetFwTypeLib;

inboundRule.Profiles属性似乎被归类为具有以下值的一组标志(该属性的类型是 int,所以我做了一个枚举):

public enum FirewallProfiles
{
    Domain = 1,
    Private = 2,
    Public = 4
}

因此,使用该代码,我们可以将配置文件更改为以下内容:

// Create a new rule
INetFwRule2 inboundRule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwRule"));
// Enable the rule
inboundRule.Enabled = true;
// Allow through firewall
inboundRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
// Using protocol TCP
inboundRule.Protocol = 6; // TCP
// Set port number
inboundRule.LocalPorts = "1234";
// Name of rule
inboundRule.Name = "Name Of Firewall Rule";
// Set profiles
inboundRule.Profiles = (int)(FirewallProfiles.Private | FirewallProfiles.Public);

// Add the rule
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(inboundRule);

或者您可以更改inboundRule.Profiles为 int 值。

两个注意事项:

1:如果您不在管理权限下运行此代码,

firewallPolicty.Rules.Add(inboundRule);

会抛出异常。

2:inboundRule.Profiles必须在1到7之间,否则会抛出异常

于 2020-05-25T02:27:07.887 回答
2

以防万一你们想要出站规则: 

inboundRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT;
于 2018-01-21T15:48:31.320 回答