防火墙规则
Posted wuyuan2011woaini
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了防火墙规则相关的知识,希望对你有一定的参考价值。
原文链接地址:https://blog.csdn.net/tajon1226/article/details/52591141、https://blog.csdn.net/chence19871/article/details/50394061
1 // MicroFireExample.cpp : 定义控制台应用程序的入口点。 2 // 3 4 #include "stdafx.h" 5 6 #include <windows.h> 7 #include <stdio.h> 8 #include <netfw.h> 9 10 #pragma comment( lib, "ole32.lib" ) 11 #pragma comment( lib, "oleaut32.lib" ) 12 13 14 // Forward declarations 15 HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2); 16 17 18 19 int _tmain(int argc, _TCHAR* argv[]) 20 { 21 HRESULT hrComInit = S_OK; 22 HRESULT hr = S_OK; 23 24 INetFwPolicy2 *pNetFwPolicy2 = NULL; 25 INetFwRules *pFwRules = NULL; 26 INetFwRule *pFwRule = NULL; 27 28 long CurrentProfilesBitMask = 0; 29 30 BSTR bstrRuleName = SysAllocString(L"OUTBOUND_RULE"); 31 BSTR bstrRuleDescription = SysAllocString(L"Disable outbound network traffic to Dst IP 112.80.248.73 and dst port 80"); 32 BSTR bstrRuleGroup = SysAllocString(L"Sample Rule Group"); 33 //BSTR bstrRuleApplication = SysAllocString(L"%programfiles%\MyApplication.exe"); 34 BSTR bstrRuleRIP = SysAllocString(L"112.80.248.73"); 35 BSTR bstrRuleRPorts = SysAllocString(L"80"); 36 37 // Initialize COM. 38 hrComInit = CoInitializeEx( 39 0, 40 COINIT_APARTMENTTHREADED 41 ); 42 43 // Ignore RPC_E_CHANGED_MODE; this just means that COM has already been 44 // initialized with a different mode. Since we don‘t care what the mode is, 45 // we‘ll just use the existing mode. 46 if (hrComInit != RPC_E_CHANGED_MODE) 47 { 48 if (FAILED(hrComInit)) 49 { 50 printf("CoInitializeEx failed: 0x%08lx ", hrComInit); 51 goto Cleanup; 52 } 53 } 54 55 // Retrieve INetFwPolicy2 56 hr = WFCOMInitialize(&pNetFwPolicy2); 57 if (FAILED(hr)) 58 { 59 goto Cleanup; 60 } 61 62 // Retrieve INetFwRules 63 hr = pNetFwPolicy2->get_Rules(&pFwRules); 64 if (FAILED(hr)) 65 { 66 printf("get_Rules failed: 0x%08lx ", hr); 67 goto Cleanup; 68 } 69 70 // Retrieve Current Profiles bitmask 71 hr = pNetFwPolicy2->get_CurrentProfileTypes(&CurrentProfilesBitMask); 72 if (FAILED(hr)) 73 { 74 printf("get_CurrentProfileTypes failed: 0x%08lx ", hr); 75 goto Cleanup; 76 } 77 78 // When possible we avoid adding firewall rules to the Public profile. 79 // If Public is currently active and it is not the only active profile, we remove it from the bitmask 80 if ((CurrentProfilesBitMask & NET_FW_PROFILE2_PUBLIC) && 81 (CurrentProfilesBitMask != NET_FW_PROFILE2_PUBLIC)) 82 { 83 CurrentProfilesBitMask ^= NET_FW_PROFILE2_PUBLIC; 84 } 85 86 // Create a new Firewall Rule object. 87 hr = CoCreateInstance( 88 __uuidof(NetFwRule), 89 NULL, 90 CLSCTX_INPROC_SERVER, 91 __uuidof(INetFwRule), 92 (void**)&pFwRule); 93 if (FAILED(hr)) 94 { 95 printf("CoCreateInstance for Firewall Rule failed: 0x%08lx ", hr); 96 goto Cleanup; 97 } 98 99 // Populate the Firewall Rule object 100 pFwRule->put_Name(bstrRuleName); 101 pFwRule->put_Description(bstrRuleDescription); 102 //pFwRule->put_ApplicationName(bstrRuleApplication); 103 pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP); 104 pFwRule->put_RemoteAddresses(bstrRuleRIP); 105 pFwRule->put_RemotePorts(bstrRuleRPorts); 106 pFwRule->put_Direction(NET_FW_RULE_DIR_OUT); 107 pFwRule->put_Grouping(bstrRuleGroup); 108 pFwRule->put_Profiles(CurrentProfilesBitMask); 109 pFwRule->put_Action(NET_FW_ACTION_BLOCK); 110 pFwRule->put_Enabled(VARIANT_TRUE); 111 112 // Add the Firewall Rule 113 hr = pFwRules->Add(pFwRule); 114 if (FAILED(hr)) 115 { 116 printf("Firewall Rule Add failed: 0x%08lx ", hr); 117 goto Cleanup; 118 } 119 120 Cleanup: 121 122 // Free BSTR‘s 123 SysFreeString(bstrRuleName); 124 SysFreeString(bstrRuleDescription); 125 SysFreeString(bstrRuleGroup); 126 //SysFreeString(bstrRuleApplication); 127 SysFreeString(bstrRuleRIP); 128 SysFreeString(bstrRuleRPorts); 129 130 // Release the INetFwRule object 131 if (pFwRule != NULL) 132 { 133 pFwRule->Release(); 134 } 135 136 // Release the INetFwRules object 137 if (pFwRules != NULL) 138 { 139 pFwRules->Release(); 140 } 141 142 // Release the INetFwPolicy2 object 143 if (pNetFwPolicy2 != NULL) 144 { 145 pNetFwPolicy2->Release(); 146 } 147 148 // Uninitialize COM. 149 if (SUCCEEDED(hrComInit)) 150 { 151 CoUninitialize(); 152 } 153 154 return 0; 155 } 156 157 158 // Instantiate INetFwPolicy2 159 HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2) 160 { 161 HRESULT hr = S_OK; 162 163 hr = CoCreateInstance( 164 __uuidof(NetFwPolicy2), 165 NULL, 166 CLSCTX_INPROC_SERVER, 167 __uuidof(INetFwPolicy2), 168 (void**)ppNetFwPolicy2); 169 170 if (FAILED(hr)) 171 { 172 printf("CoCreateInstance for INetFwPolicy2 failed: 0x%08lx ", hr); 173 goto Cleanup; 174 } 175 176 Cleanup: 177 return hr; 178 }
1 #include "stdafx.h" 2 3 #include <windows.h> 4 #include <stdio.h> 5 #include <netfw.h> 6 7 #pragma comment( lib, "ole32.lib" ) 8 #pragma comment( lib, "oleaut32.lib" ) 9 10 11 // Forward declarations 12 HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2); 13 14 15 int __cdecl main() 16 { 17 HRESULT hrComInit = S_OK; 18 HRESULT hr = S_OK; 19 20 INetFwRules *pFwRules = NULL; 21 INetFwRule *pFwRule = NULL; 22 INetFwRule *pTmpFwRule = NULL; 23 24 VARIANT_BOOL isServiceRestricted = FALSE; 25 26 INetFwPolicy2 *pNetFwPolicy2 = NULL; 27 INetFwServiceRestriction *pFwServiceRestriction = NULL; 28 29 // The Service and App name to use 30 BSTR bstrServiceName = SysAllocString(L"SampleService"); // provide a valid service short name here. 31 BSTR bstrAppName = SysAllocString(L"E:\DownCode\13114500790\ServiceTest.exe"); 32 // The rule name, description should be provided as indirect strings ‘@appfullpath,-resource index‘ for 33 // localization purposes. 34 // Using the strings directly for illustration here. 35 BSTR bstrRuleName = SysAllocString(L"Allow TCP 12345 to sampleservice"); 36 BSTR bstrRuleDescription = SysAllocString(L"Allow only TCP 12345 traffic to sampleservice service, block everything else"); 37 BSTR bstrRuleLPorts = SysAllocString(L"12345"); 38 39 // Error checking for BSTR allocations 40 if (NULL == bstrServiceName) { printf("Failed to allocate bstrServiceName "); goto Cleanup; } 41 if (NULL == bstrAppName) { printf("Failed to allocate bstrAppName "); goto Cleanup; } 42 if (NULL == bstrRuleName) { printf("Failed to allocate bstrRuleName "); goto Cleanup; } 43 if (NULL == bstrRuleDescription) { printf("Failed to allocate bstrRuleDescription "); goto Cleanup; } 44 if (NULL == bstrRuleLPorts) { printf("Failed to allocate bstrRuleLPorts "); goto Cleanup; } 45 46 // Initialize COM. 47 hrComInit = CoInitializeEx( 48 0, 49 COINIT_APARTMENTTHREADED 50 ); 51 52 // Ignore RPC_E_CHANGED_MODE; this just means that COM has already been 53 // initialized with a different mode. Since we don‘t care what the mode is, 54 // we‘ll just use the existing mode. 55 if (hrComInit != RPC_E_CHANGED_MODE) 56 { 57 if (FAILED(hrComInit)) 58 { 59 printf("CoInitializeEx failed: 0x%08lx ", hrComInit); 60 goto Cleanup; 61 } 62 } 63 64 // Retrieve INetFwPolicy2 65 hr = WFCOMInitialize(&pNetFwPolicy2); 66 if (FAILED(hr)) 67 { 68 goto Cleanup; 69 } 70 71 72 // Retrieve INetFwServiceRestriction 73 hr = pNetFwPolicy2->get_ServiceRestriction(&pFwServiceRestriction); 74 if (FAILED(hr)) 75 { 76 printf("get_ServiceRestriction failed: 0x%08lx ", hr); 77 goto Cleanup; 78 } 79 80 // Restrict the sampleservice Service. 81 // This will add two WSH rules - 82 // - a default block all inbound traffic to the service 83 // - a default block all outbound traffic from the service 84 /* 85 hr = pFwServiceRestriction->RestrictService(bstrServiceName, bstrAppName, TRUE, FALSE); 86 if (FAILED(hr)) 87 { 88 printf("RestrictService failed: 0x%08lx Make sure you specified a valid service shortname. ", hr); 89 goto Cleanup; 90 } 91 */ 92 93 // If the service does not send/receive any network traffic then you are done. You can skip adding the allow WSH rules below. 94 95 // If the service requires sending/receiving certain traffic, then add ‘allow‘ WSH rules as follows 96 97 // Get the collections of Windows Service Hardening networking rules first 98 hr = pNetFwPolicy2->get_Rules(&pFwRules); 99 //hr = pFwServiceRestriction->get_Rules(&pFwRules); 100 if (FAILED(hr)) 101 { 102 wprintf(L"get_Rules failed: 0x%08lx ", hr); 103 goto Cleanup; 104 } 105 106 // Add inbound WSH allow rule for allowing TCP 12345 to the service 107 // Create a new Rule object. 108 hr = CoCreateInstance( 109 __uuidof(NetFwRule), 110 NULL, 111 CLSCTX_INPROC_SERVER, 112 __uuidof(INetFwRule), 113 (void**)&pFwRule); 114 if (FAILED(hr)) 115 { 116 printf("CoCreateInstance for Firewall Rule failed: 0x%08lx ", hr); 117 goto Cleanup; 118 } 119 120 // Populate the Rule Name 121 hr = pFwRule->put_Name(bstrRuleName); 122 if (FAILED(hr)) 123 { 124 printf("put_Name failed: 0x%08lx ", hr); 125 goto Cleanup; 126 } 127 128 // Populate the Rule Description 129 hr = pFwRule->put_Description(bstrRuleDescription); 130 if (FAILED(hr)) 131 { 132 printf("put_Description failed: 0x%08lx ", hr); 133 goto Cleanup; 134 } 135 136 // Populate the Application Name 137 hr = pFwRule->put_ApplicationName(bstrAppName); 138 if (FAILED(hr)) 139 { 140 printf("put_ApplicationName failed: 0x%08lx ", hr); 141 goto Cleanup; 142 } 143 144 // Populate the Service Name 145 hr = pFwRule->put_ServiceName(bstrServiceName); 146 if (FAILED(hr)) 147 { 148 printf("put_ServiceName failed: 0x%08lx ", hr); 149 goto Cleanup; 150 } 151 152 // Populate the Protocol 153 hr = pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP); 154 if (FAILED(hr)) 155 { 156 printf("put_Protocol failed: 0x%08lx ", hr); 157 goto Cleanup; 158 } 159 160 // Populate the Local Ports 161 hr = pFwRule->put_LocalPorts(bstrRuleLPorts); 162 if (FAILED(hr)) 163 { 164 printf("put_LocalPorts failed: 0x%08lx ", hr); 165 goto Cleanup; 166 } 167 168 // Populate the rule Action 169 hr = pFwRule->put_Action(NET_FW_ACTION_ALLOW); 170 if (FAILED(hr)) 171 { 172 printf("put_Action failed: 0x%08lx ", hr); 173 goto Cleanup; 174 } 175 176 // Populate the rule Enabled setting 177 hr = pFwRule->put_Enabled(VARIANT_TRUE); 178 if (FAILED(hr)) 179 { 180 printf("put_Enabled failed: 0x%08lx ", hr); 181 goto Cleanup; 182 } 183 184 //------------------------------------------------------------------------------------------ 185 BSTR bstrPPLiveRuleName = SysAllocString(L"PPLive"); 186 hr = pFwRules->Item(bstrRuleName, &pTmpFwRule); 187 /* 188 if (FAILED(hr)) 189 { 190 printf("Item failed: 0x%08lx ", hr); 191 goto Cleanup; 192 } 193 */ 194 195 if (pTmpFwRule != NULL) 196 { 197 printf("规则已存在! "); 198 VARIANT_BOOL flag; 199 pTmpFwRule->get_Enabled(&flag); 200 if (!flag) //如果规则没打开 201 { 202 pTmpFwRule->put_Enabled(VARIANT_TRUE); //打开规则 203 } 204 int a; 205 a = 3; 206 goto Cleanup; 207 } 208 209 // Add the Rule to the collection of Windows Service Hardening(WSH) rules 210 hr = pFwRules->Add(pFwRule); 211 if (FAILED(hr)) 212 { 213 printf("Firewall Rule Add failed: 0x%08lx ", hr); 214 goto Cleanup; 215 } 216 217 Sleep(3000); 218 219 // Check to see if the Service is Restricted 220 hr = pFwServiceRestriction->ServiceRestricted(bstrServiceName, bstrAppName, &isServiceRestricted); 221 if (FAILED(hr)) 222 { 223 printf("ServiceRestricted failed: 0x%08lx ", hr); 224 goto Cleanup; 225 } 226 227 if (isServiceRestricted) 228 { 229 printf ("Service was successfully restricted in WSH. Except for TCP 12345 inbound traffic and its responses, all other inbound and outbound connections to and from the service will be blocked. "); 230 } 231 else 232 { 233 printf ("The Service could not be properly restricted. "); 234 } 235 236 237 Cleanup: 238 239 // Free BSTR‘s 240 SysFreeString(bstrServiceName); 241 SysFreeString(bstrAppName); 242 SysFreeString(bstrRuleName); 243 SysFreeString(bstrRuleDescription); 244 SysFreeString(bstrRuleLPorts); 245 SysFreeString(bstrPPLiveRuleName); 246 247 // Release the INetFwRule object 248 if (pFwRule != NULL) 249 { 250 pFwRule->Release(); 251 } 252 253 // Release the INetFwRules object 254 if (pFwRules != NULL) 255 { 256 pFwRules->Release(); 257 } 258 259 // Release INetFwPolicy2 260 if (pNetFwPolicy2 != NULL) 261 { 262 pNetFwPolicy2->Release(); 263 } 264 265 // Uninitialize COM. 266 if (SUCCEEDED(hrComInit)) 267 { 268 CoUninitialize(); 269 } 270 271 getchar(); 272 return 0; 273 } 274 275 276 // Instantiate INetFwPolicy2 277 HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2) 278 { 279 HRESULT hr = S_OK; 280 281 hr = CoCreateInstance( 282 __uuidof(NetFwPolicy2), 283 NULL, 284 CLSCTX_INPROC_SERVER, 285 __uuidof(INetFwPolicy2), 286 (void**)ppNetFwPolicy2); 287 288 if (FAILED(hr)) 289 { 290 printf("CoCreateInstance for INetFwPolicy2 failed: 0x%08lx ", hr); 291 goto Cleanup; 292 } 293 294 Cleanup: 295 return hr; 296 }
XP
1 #include <windows.h> 2 #include <crtdbg.h> 3 #include <netfw.h> 4 #include <objbase.h> 5 #include <oleauto.h> 6 #include <stdio.h> 7 8 #pragma comment( lib, "ole32.lib" ) 9 #pragma comment( lib, "oleaut32.lib" ) 10 11 12 HRESULT WindowsFirewallInitialize(OUT INetFwProfile** fwProfile) 13 { 14 HRESULT hr = S_OK; 15 INetFwMgr* fwMgr = NULL; 16 INetFwPolicy* fwPolicy = NULL; 17 18 _ASSERT(fwProfile != NULL); 19 20 *fwProfile = NULL; 21 22 // Create an instance of the firewall settings manager. 23 hr = CoCreateInstance( 24 __uuidof(NetFwMgr), 25 NULL, 26 CLSCTX_INPROC_SERVER, 27 __uuidof(INetFwMgr), 28 (void**)&fwMgr 29 ); 30 if (FAILED(hr)) 31 { 32 printf("CoCreateInstance failed: 0x%08lx ", hr); 33 goto error; 34 } 35 36 // Retrieve the local firewall policy. 37 hr = fwMgr->get_LocalPolicy(&fwPolicy); 38 if (FAILED(hr)) 39 { 40 printf("get_LocalPolicy failed: 0x%08lx ", hr); 41 goto error; 42 } 43 44 // Retrieve the firewall profile currently in effect. 45 hr = fwPolicy->get_CurrentProfile(fwProfile); 46 if (FAILED(hr)) 47 { 48 printf("get_CurrentProfile failed: 0x%08lx ", hr); 49 goto error; 50 } 51 52 error: 53 54 // Release the local firewall policy. 55 if (fwPolicy != NULL) 56 { 57 fwPolicy->Release(); 58 } 59 60 // Release the firewall settings manager. 61 if (fwMgr != NULL) 62 { 63 fwMgr->Release(); 64 } 65 66 return hr; 67 } 68 69 70 void WindowsFirewallCleanup(IN INetFwProfile* fwProfile) 71 { 72 // Release the firewall profile. 73 if (fwProfile != NULL) 74 { 75 fwProfile->Release(); 76 } 77 } 78 79 80 HRESULT WindowsFirewallIsOn(IN INetFwProfile* fwProfile, OUT BOOL* fwOn) 81 { 82 HRESULT hr = S_OK; 83 VARIANT_BOOL fwEnabled; 84 85 _ASSERT(fwProfile != NULL); 86 _ASSERT(fwOn != NULL); 87 88 *fwOn = FALSE; 89 90 // Get the current state of the firewall. 91 hr = fwProfile->get_FirewallEnabled(&fwEnabled); 92 if (FAILED(hr)) 93 { 94 printf("get_FirewallEnabled failed: 0x%08lx ", hr); 95 goto error; 96 } 97 98 // Check to see if the firewall is on. 99 if (fwEnabled != VARIANT_FALSE) 100 { 101 *fwOn = TRUE; 102 printf("The firewall is on. "); 103 } 104 else 105 { 106 printf("The firewall is off. "); 107 } 108 109 error: 110 111 return hr; 112 } 113 114 115 HRESULT WindowsFirewallTurnOn(IN INetFwProfile* fwProfile) 116 { 117 HRESULT hr = S_OK; 118 BOOL fwOn; 119 120 _ASSERT(fwProfile != NULL); 121 122 // Check to see if the firewall is off. 123 hr = WindowsFirewallIsOn(fwProfile, &fwOn); 124 if (FAILED(hr)) 125 { 126 printf("WindowsFirewallIsOn failed: 0x%08lx ", hr); 127 goto error; 128 } 129 130 // If it is, turn it on. 131 if (!fwOn) 132 { 133 // Turn the firewall on. 134 hr = fwProfile->put_FirewallEnabled(VARIANT_TRUE); 135 if (FAILED(hr)) 136 { 137 printf("put_FirewallEnabled failed: 0x%08lx ", hr); 138 goto error; 139 } 140 141 printf("The firewall is now on. "); 142 } 143 144 error: 145 146 return hr; 147 } 148 149 150 HRESULT WindowsFirewallTurnOff(IN INetFwProfile* fwProfile) 151 { 152 HRESULT hr = S_OK; 153 BOOL fwOn; 154 155 _ASSERT(fwProfile != NULL); 156 157 // Check to see if the firewall is on. 158 hr = WindowsFirewallIsOn(fwProfile, &fwOn); 159 if (FAILED(hr)) 160 { 161 printf("WindowsFirewallIsOn failed: 0x%08lx ", hr); 162 goto error; 163 } 164 165 // If it is, turn it off. 166 if (fwOn) 167 { 168 // Turn the firewall off. 169 hr = fwProfile->put_FirewallEnabled(VARIANT_FALSE); 170 if (FAILED(hr)) 171 { 172 printf("put_FirewallEnabled failed: 0x%08lx ", hr); 173 goto error; 174 } 175 176 printf("The firewall is now off. "); 177 } 178 179 error: 180 181 return hr; 182 } 183 184 185 HRESULT WindowsFirewallAppIsEnabled( 186 IN INetFwProfile* fwProfile, 187 IN const wchar_t* fwProcessImageFileName, 188 OUT BOOL* fwAppEnabled 189 ) 190 { 191 HRESULT hr = S_OK; 192 BSTR fwBstrProcessImageFileName = NULL; 193 VARIANT_BOOL fwEnabled; 194 INetFwAuthorizedApplication* fwApp = NULL; 195 INetFwAuthorizedApplications* fwApps = NULL; 196 197 _ASSERT(fwProfile != NULL); 198 _ASSERT(fwProcessImageFileName != NULL); 199 _ASSERT(fwAppEnabled != NULL); 200 201 *fwAppEnabled = FALSE; 202 203 // Retrieve the authorized application collection. 204 hr = fwProfile->get_AuthorizedApplications(&fwApps); 205 if (FAILED(hr)) 206 { 207 printf("get_AuthorizedApplications failed: 0x%08lx ", hr); 208 goto error; 209 } 210 211 // Allocate a BSTR for the process image file name. 212 fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName); 213 if (fwBstrProcessImageFileName == NULL) 214 { 215 hr = E_OUTOFMEMORY; 216 printf("SysAllocString failed: 0x%08lx ", hr); 217 goto error; 218 } 219 220 // Attempt to retrieve the authorized application. 221 hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp); 222 if (SUCCEEDED(hr)) 223 { 224 // Find out if the authorized application is enabled. 225 hr = fwApp->get_Enabled(&fwEnabled); 226 if (FAILED(hr)) 227 { 228 printf("get_Enabled failed: 0x%08lx ", hr); 229 goto error; 230 } 231 232 if (fwEnabled != VARIANT_FALSE) 233 { 234 // The authorized application is enabled. 235 *fwAppEnabled = TRUE; 236 237 printf( 238 "Authorized application %lS is enabled in the firewall. ", 239 fwProcessImageFileName 240 ); 241 } 242 else 243 { 244 printf( 245 "Authorized application %lS is disabled in the firewall. ", 246 fwProcessImageFileName 247 ); 248 } 249 } 250 else 251 { 252 // The authorized application was not in the collection. 253 hr = S_OK; 254 255 printf( 256 "Authorized application %lS is disabled in the firewall. ", 257 fwProcessImageFileName 258 ); 259 } 260 261 error: 262 263 // Free the BSTR. 264 SysFreeString(fwBstrProcessImageFileName); 265 266 // Release the authorized application instance. 267 if (fwApp != NULL) 268 { 269 fwApp->Release(); 270 } 271 272 // Release the authorized application collection. 273 if (fwApps != NULL) 274 { 275 fwApps->Release(); 276 } 277 278 return hr; 279 } 280 281 282 HRESULT WindowsFirewallAddApp( 283 IN INetFwProfile* fwProfile, 284 IN const wchar_t* fwProcessImageFileName, 285 IN const wchar_t* fwName 286 ) 287 { 288 HRESULT hr = S_OK; 289 BOOL fwAppEnabled; 290 BSTR fwBstrName = NULL; 291 BSTR fwBstrProcessImageFileName = NULL; 292 INetFwAuthorizedApplication* fwApp = NULL; 293 INetFwAuthorizedApplications* fwApps = NULL; 294 295 _ASSERT(fwProfile != NULL); 296 _ASSERT(fwProcessImageFileName != NULL); 297 _ASSERT(fwName != NULL); 298 299 // First check to see if the application is already authorized. 300 hr = WindowsFirewallAppIsEnabled( 301 fwProfile, 302 fwProcessImageFileName, 303 &fwAppEnabled 304 ); 305 if (FAILED(hr)) 306 { 307 printf("WindowsFirewallAppIsEnabled failed: 0x%08lx ", hr); 308 goto error; 309 } 310 311 // Only add the application if it isn‘t already authorized. 312 if (!fwAppEnabled) 313 { 314 // Retrieve the authorized application collection. 315 hr = fwProfile->get_AuthorizedApplications(&fwApps); 316 if (FAILED(hr)) 317 { 318 printf("get_AuthorizedApplications failed: 0x%08lx ", hr); 319 goto error; 320 } 321 322 // Create an instance of an authorized application. 323 hr = CoCreateInstance( 324 __uuidof(NetFwAuthorizedApplication), 325 NULL, 326 CLSCTX_INPROC_SERVER, 327 __uuidof(INetFwAuthorizedApplication), 328 (void**)&fwApp 329 ); 330 if (FAILED(hr)) 331 { 332 printf("CoCreateInstance failed: 0x%08lx ", hr); 333 goto error; 334 } 335 336 // Allocate a BSTR for the process image file name. 337 fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName); 338 if (fwBstrProcessImageFileName == NULL) 339 { 340 hr = E_OUTOFMEMORY; 341 printf("SysAllocString failed: 0x%08lx ", hr); 342 goto error; 343 } 344 345 // Set the process image file name. 346 hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName); 347 if (FAILED(hr)) 348 { 349 printf("put_ProcessImageFileName failed: 0x%08lx ", hr); 350 goto error; 351 } 352 353 // Allocate a BSTR for the application friendly name. 354 fwBstrName = SysAllocString(fwName); 355 if (SysStringLen(fwBstrName) == 0) 356 { 357 hr = E_OUTOFMEMORY; 358 printf("SysAllocString failed: 0x%08lx ", hr); 359 goto error; 360 } 361 362 // Set the application friendly name. 363 hr = fwApp->put_Name(fwBstrName); 364 if (FAILED(hr)) 365 { 366 printf("put_Name failed: 0x%08lx ", hr); 367 goto error; 368 } 369 370 371 // Add the application to the collection. 372 hr = fwApps->Add(fwApp); 373 if (FAILED(hr)) 374 { 375 printf("Add failed: 0x%08lx ", hr); 376 goto error; 377 } 378 379 printf( 380 "Authorized application %lS is now enabled in the firewall. ", 381 fwProcessImageFileName 382 ); 383 } 384 385 error: 386 387 // Free the BSTRs. 388 SysFreeString(fwBstrName); 389 SysFreeString(fwBstrProcessImageFileName); 390 391 // Release the authorized application instance. 392 if (fwApp != NULL) 393 { 394 fwApp->Release(); 395 } 396 397 // Release the authorized application collection. 398 if (fwApps != NULL) 399 { 400 fwApps->Release(); 401 } 402 403 return hr; 404 } 405 406 407 HRESULT WindowsFirewallPortIsEnabled( 408 IN INetFwProfile* fwProfile, 409 IN LONG portNumber, 410 IN NET_FW_IP_PROTOCOL ipProtocol, 411 OUT BOOL* fwPortEnabled 412 ) 413 { 414 HRESULT hr = S_OK; 415 VARIANT_BOOL fwEnabled; 416 INetFwOpenPort* fwOpenPort = NULL; 417 INetFwOpenPorts* fwOpenPorts = NULL; 418 419 _ASSERT(fwProfile != NULL); 420 _ASSERT(fwPortEnabled != NULL); 421 422 *fwPortEnabled = FALSE; 423 424 // Retrieve the globally open ports collection. 425 hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts); 426 if (FAILED(hr)) 427 { 428 printf("get_GloballyOpenPorts failed: 0x%08lx ", hr); 429 goto error; 430 } 431 432 // Attempt to retrieve the globally open port. 433 hr = fwOpenPorts->Item(portNumber, ipProtocol, &fwOpenPort); 434 if (SUCCEEDED(hr)) 435 { 436 // Find out if the globally open port is enabled. 437 hr = fwOpenPort->get_Enabled(&fwEnabled); 438 if (FAILED(hr)) 439 { 440 printf("get_Enabled failed: 0x%08lx ", hr); 441 goto error; 442 } 443 444 if (fwEnabled != VARIANT_FALSE) 445 { 446 // The globally open port is enabled. 447 *fwPortEnabled = TRUE; 448 449 printf("Port %ld is open in the firewall. ", portNumber); 450 } 451 else 452 { 453 printf("Port %ld is not open in the firewall. ", portNumber); 454 } 455 } 456 else 457 { 458 // The globally open port was not in the collection. 459 hr = S_OK; 460 461 printf("Port %ld is not open in the firewall. ", portNumber); 462 } 463 464 error: 465 466 // Release the globally open port. 467 if (fwOpenPort != NULL) 468 { 469 fwOpenPort->Release(); 470 } 471 472 // Release the globally open ports collection. 473 if (fwOpenPorts != NULL) 474 { 475 fwOpenPorts->Release(); 476 } 477 478 return hr; 479 } 480 481 482 HRESULT WindowsFirewallPortAdd( 483 IN INetFwProfile* fwProfile, 484 IN LONG portNumber, 485 IN NET_FW_IP_PROTOCOL ipProtocol, 486 IN const wchar_t* name 487 ) 488 { 489 HRESULT hr = S_OK; 490 BOOL fwPortEnabled; 491 BSTR fwBstrName = NULL; 492 INetFwOpenPort* fwOpenPort = NULL; 493 INetFwOpenPorts* fwOpenPorts = NULL; 494 495 _ASSERT(fwProfile != NULL); 496 _ASSERT(name != NULL); 497 498 // First check to see if the port is already added. 499 hr = WindowsFirewallPortIsEnabled( 500 fwProfile, 501 portNumber, 502 ipProtocol, 503 &fwPortEnabled 504 ); 505 if (FAILED(hr)) 506 { 507 printf("WindowsFirewallPortIsEnabled failed: 0x%08lx ", hr); 508 goto error; 509 } 510 511 // Only add the port if it isn‘t already added. 512 if (!fwPortEnabled) 513 { 514 // Retrieve the collection of globally open ports. 515 hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts); 516 if (FAILED(hr)) 517 { 518 printf("get_GloballyOpenPorts failed: 0x%08lx ", hr); 519 goto error; 520 } 521 522 // Create an instance of an open port. 523 hr = CoCreateInstance( 524 __uuidof(NetFwOpenPort), 525 NULL, 526 CLSCTX_INPROC_SERVER, 527 __uuidof(INetFwOpenPort), 528 (void**)&fwOpenPort 529 ); 530 if (FAILED(hr)) 531 { 532 printf("CoCreateInstance failed: 0x%08lx ", hr); 533 goto error; 534 } 535 536 // Set the port number. 537 hr = fwOpenPort->put_Port(portNumber); 538 if (FAILED(hr)) 539 { 540 printf("put_Port failed: 0x%08lx ", hr); 541 goto error; 542 } 543 544 // Set the IP protocol. 545 hr = fwOpenPort->put_Protocol(ipProtocol); 546 if (FAILED(hr)) 547 { 548 printf("put_Protocol failed: 0x%08lx ", hr); 549 goto error; 550 } 551 552 // Allocate a BSTR for the friendly name of the port. 553 fwBstrName = SysAllocString(name); 554 if (SysStringLen(fwBstrName) == 0) 555 { 556 hr = E_OUTOFMEMORY; 557 printf("SysAllocString failed: 0x%08lx ", hr); 558 goto error; 559 } 560 561 // Set the friendly name of the port. 562 hr = fwOpenPort->put_Name(fwBstrName); 563 if (FAILED(hr)) 564 { 565 printf("put_Name failed: 0x%08lx ", hr); 566 goto error; 567 } 568 569 // Opens the port and adds it to the collection. 570 hr = fwOpenPorts->Add(fwOpenPort); 571 if (FAILED(hr)) 572 { 573 printf("Add failed: 0x%08lx ", hr); 574 goto error; 575 } 576 577 printf("Port %ld is now open in the firewall. ", portNumber); 578 } 579 580 error: 581 582 // Free the BSTR. 583 SysFreeString(fwBstrName); 584 585 // Release the open port instance. 586 if (fwOpenPort != NULL) 587 { 588 fwOpenPort->Release(); 589 } 590 591 // Release the globally open ports collection. 592 if (fwOpenPorts != NULL) 593 { 594 fwOpenPorts->Release(); 595 } 596 597 return hr; 598 } 599 600 601 int main(int argc, TCHAR* argv[]) 602 { 603 HRESULT hr = S_OK; 604 HRESULT comInit = E_FAIL; 605 INetFwProfile* fwProfile = NULL; 606 607 // Initialize COM. 608 comInit = CoInitializeEx( 609 0, 610 COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE 611 ); 612 613 // Ignore RPC_E_CHANGED_MODE; this just means that COM has already been 614 // initialized with a different mode. Since we don‘t care what the mode is, 615 // we‘ll just use the existing mode. 616 if (comInit != RPC_E_CHANGED_MODE) 617 { 618 hr = comInit; 619 if (FAILED(hr)) 620 { 621 printf("CoInitializeEx failed: 0x%08lx ", hr); 622 goto error; 623 } 624 } 625 626 INetFwRules *fwRules; 627 628 629 630 // Retrieve the firewall profile currently in effect. 631 hr = WindowsFirewallInitialize(&fwProfile); 632 if (FAILED(hr)) 633 { 634 printf("WindowsFirewallInitialize failed: 0x%08lx ", hr); 635 goto error; 636 } 637 638 639 // Turn off the firewall. 640 hr = WindowsFirewallTurnOff(fwProfile); 641 if (FAILED(hr)) 642 { 643 printf("WindowsFirewallTurnOff failed: 0x%08lx ", hr); 644 goto error; 645 } 646 647 // Turn on the firewall. 648 hr = WindowsFirewallTurnOn(fwProfile); 649 if (FAILED(hr)) 650 { 651 printf("WindowsFirewallTurnOn failed: 0x%08lx ", hr); 652 goto error; 653 } 654 655 656 // Add Windows Messenger to the authorized application collection. 657 hr = WindowsFirewallAddApp( 658 fwProfile, 659 L"E:\Code_Factory\NetDemo\NetDemo V1.0-UDP\Release\NetDemo.exe", 660 L"NetDemo" 661 ); 662 if (FAILED(hr)) 663 { 664 printf("WindowsFirewallAddApp failed: 0x%08lx ", hr); 665 goto error; 666 } 667 668 // Add TCP::80 to list of globally open ports. 669 hr = WindowsFirewallPortAdd(fwProfile, 80, NET_FW_IP_PROTOCOL_TCP, L"WWW"); 670 if (FAILED(hr)) 671 { 672 printf("WindowsFirewallPortAdd failed: 0x%08lx ", hr); 673 goto error; 674 } 675 676 error: 677 678 // Release the firewall profile. 679 WindowsFirewallCleanup(fwProfile); 680 681 // Uninitialize COM. 682 if (SUCCEEDED(comInit)) 683 { 684 CoUninitialize(); 685 } 686 687 getchar(); 688 return 0; 689 }
以上是关于防火墙规则的主要内容,如果未能解决你的问题,请参考以下文章