问题
I need to open up the Windows Firewall for outbound connections for an application I'm writing.
The best answers I've been able to locate are here:
http://www.shafqatahmed.com/2008/01/controlling-win.html
http://www.vincenzo.net/isxkb/index.php?title=Adding_a_rule_to_the_Windows_firewall
The problem is that method only creates an inbound rule, and not an outbound rule. (Both the C# and InnoSetup script use the same method.) This is entirely useless for me.
The default behaviour for the Windows Firewall is to allow outbound traffic, but that doesn't guarantee that someone won't change that.
I would prefer to do this in the installer (using InnoSetup) rather than doing it in C#.
Did I miss something?
Does anyone know how to create an outbound rule?
回答1:
You can use netsh if you need add some exceptions for your application.
write in command line (for XP):
netsh firewall add allowedprogram ?
write in command line (for W7):
netsh advfirewall firewall add rule ?
This difference becouse netsh firewall command is deprecated. Instead, we have to use the command netsh advfirewall firewall.
More information about using the command netsh advfirewall firewall instead of the netsh firewall command we can see in Knowledge Base there: http://go.microsoft.com/fwlink/?linkid=121488
Examples:
Adding a rule for incoming traffic without security encapsulation for messenger.exe:
netsh advfirewall firewall add rule name="allow messenger" dir=in program="c:\programfiles\messenger\msmsgs.exe" security=authnoencap action=allow
Adding a rule for outgoing traffic at the port 80:
netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block
Adding rules to inbound traffic with safety & traffic encryption for TCP through port 80:
netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow
回答2:
TechNet does: Create an Outbound Port Rule on Windows 7, Windows Vista, Windows Server 2008 or Windows Server 2008 R2
Although I assume you meant to create such rules programatically, if that's the case you might be interested in Working with Group Policy Objects Programmatically.
Finally if you're planning to do that during installation, InnoSetup should be able to merge the necessary registry keys at setup time.
回答3:
The problem with netsh is that it does not work on some Windows versions (e.g. Windows Vista Basic). That is why it is better to add the exception without using netsh. This article contains sample Inno Setup code.
回答4:
This is one of the many tasks that can be passed off to the Windows command-line tools. netsh does the appropriate things, but it (like everything else netsh does) is next to impossible to find. The simple version is:netsh firewall add allowedprogram <path> <name>
For more details, run:netsh firewall add allowedprogram ?
These can be done either in the [Run] section or by calling Exec.
Note that this is depreciated in Windows 7; if you're only targeting Vista/2008 or later, you should use netsh advfirewall firewall instead. Microsoft has an article on converting from the former the latter, but I still have to support XP, so I haven't done this.
来源:https://stackoverflow.com/questions/7701667/how-to-add-outbound-windows-firewall-exception