问题
Anybody know how to programmatically add an IP address to a Server 2008 Windows Firewall with Advanced Security rule?
i.e. I've setup a Block Action firewall rule which has some IP addresses listed under the "Remote IP address" section of the Scope. I want to be able to programmatically add (or perhaps remove) IP addresses from this list. Are there .NET objects available to do this?
回答1:
The Windows Firewall with Advanced Security Start Page can be found at:
http://msdn.microsoft.com/en-us/library/ff956124(v=VS.85).aspx
Specifically, it seems you need the INetFwRule Interface which is described at:
http://msdn.microsoft.com/en-us/library/aa365344(v=VS.85).aspx
Check the get_RemoteAddresses and put_RemoteAddresses
回答2:
You can also try the netsh environment.
I used it once for changing the MTU of my interface
回答3:
I just made this work in vb.NET. Add a refrence to "c:\windows\system32\firewallapi.dll"
Make a class called Firewall - like so:
Imports NetFwTypeLib
Imports System.Net
Public Class Firewall
Implements IDisposable
Private _policy As INetFwPolicy2 = Nothing
Private ReadOnly Property Policy As INetFwPolicy2
Get
If _policy Is Nothing Then
_policy = DirectCast(Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")), INetFwPolicy2)
End If
Return _policy
End Get
End Property
Public Sub Add(ipAddress As IPAddress, ruleName As String)
Dim firewallRule As NetFwTypeLib.INetFwRule = Policy.Rules.Item(ruleName)
Dim NewAddress As String = ipAddress.ToString & "/255.255.255.255"
If Not firewallRule.RemoteAddresses.Contains(NewAddress) Then
firewallRule.RemoteAddresses += "," & NewAddress
End If
End Sub
Public Sub Remove(ipAddress As IPAddress, ruleName As String)
Dim firewallRule As NetFwTypeLib.INetFwRule = Policy.Rules.Item(ruleName)
Dim NewAddress As String = ipAddress.ToString & "/255.255.255.255"
If firewallRule.RemoteAddresses.Contains(NewAddress) Then
Dim ipList As String = firewallRule.RemoteAddresses
ipList = ipList.Replace(NewAddress, "")
ipList = ipList.Replace(",,", ",")
firewallRule.RemoteAddresses = ipList
End If
End Sub
Public Function Exists(ipAddress As IPAddress, ruleName As String) As Boolean
Dim firewallRule As NetFwTypeLib.INetFwRule = Policy.Rules.Item(ruleName)
Dim NewAddress As String = ipAddress.ToString & "/255.255.255.255"
If firewallRule.RemoteAddresses.Contains(NewAddress) Then
Return True
Else
Return False
End If
End Function
Private disposedValue As Boolean
Protected Overridable Sub Dispose(disposing As Boolean)
If Not Me.disposedValue Then
If disposing Then
End If
If Not _policy Is Nothing Then
_policy = Nothing
End If
End If
Me.disposedValue = True
End Sub
Public Sub Dispose() Implements IDisposable.Dispose
Dispose(True)
GC.SuppressFinalize(Me)
End Sub
End Class
回答4:
I think that the information you're looking for is available here:
http://blogs.msdn.com/b/securitytools/archive/2009/08/21/automating-windows-firewall-settings-with-c.aspx
来源:https://stackoverflow.com/questions/4382933/programmatically-add-ip-to-server-2008-firewall-rule