Windows中通过C++添加防火墙规则
#include <iostream>
#include <Windows.h>
#include <netfw.h>
int main() {
HRESULT hr = CoInitializeEx(0, COINIT_APARTMENTTHREADED);// 初始化 COM
if (SUCCEEDED(hr)) {
INetFwPolicy2* pFwPolicy2 = NULL;
//创建防火墙策略
hr = CoCreateInstance(__uuidof(NetFwPolicy2), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwPolicy2), (void**)&pFwPolicy2);
if (SUCCEEDED(hr)) {
INetFwRules* pFwRules = NULL;
//获取防火墙规则
hr = pFwPolicy2->get_Rules(&pFwRules);
if (SUCCEEDED(hr)) {
INetFwRule* pFwRule = NULL;
// 在这里你可以通过遍历 pFwRules 获取并修改你想要的规则
// 例如,假设我们要修改名为 "MyFirewallRule" 的规则
BSTR ruleName = SysAllocString(L"MyFirewallRule");
//从规则集合中获取指定名称的规则
hr = pFwRules->Item(ruleName, &pFwRule);
if (SUCCEEDED(hr)) {
std::cout << "Firewall rule is exist" << std::endl;
pFwRules->Remove(ruleName);//删除名为""MyFirewallRule"的防火墙
SysFreeString(ruleName);
pFwRules->Release();
pFwPolicy2->Release();
CoUninitialize();//反初始化COM
return -1;
}
//创建一个新的防火墙规则
hr = CoCreateInstance(__uuidof(NetFwRule), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwRule),(void**)&pFwRule);
if (SUCCEEDED(hr)) {
// 设置规则的属性
pFwRule->put_Name(ruleName);
pFwRule->put_Description(SysAllocString(L"My Firewall Rule"));
pFwRule->put_Action(NET_FW_ACTION_ALLOW); // 允许连接
pFwRule->put_Direction(NET_FW_RULE_DIR_IN); // 入站规则
pFwRule->put_Enabled(VARIANT_TRUE); // 启用规则
pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP); // TCP 协议
pFwRule->put_LocalPorts(SysAllocString(L"83")); // 本地端口 83
pFwRule->put_InterfaceTypes(SysAllocString(L"All")); // 适用于所有网络接口
// 将规则添加到规则集合中
hr = pFwRules->Add(pFwRule);
if (SUCCEEDED(hr)) {
std::cout << "Firewall rule added successfully." << std::endl;
}
else {
std::cout << "Failed to add firewall rule: " << hr << std::endl;
}
pFwRule->Release();
}
SysFreeString(ruleName);
pFwRules->Release();
}
pFwPolicy2->Release();
}
CoUninitialize();//反初始化COM
}
return 0;
}
添加到防火墙之前:
添加到防火墙之后:
防火墙的基本状态设置
# 查看当前防火墙状态: netsh advfirewall show allprofiles netsh advfirewall show allprofiles state
# 恢复初始防火墙设置: netsh advfirewall reset # 设置默认输入和输出策略: # 设置为允许 netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound # 设置为拒绝 netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound # 显示默认的入站和出站防火墙行为。 netsh advfirewall show allprofiles firewallpolicy # 显示日志记录设置。 netsh advfirewall show allprofiles logging # 开启防火墙 netsh advfirewall set allprofiles state on #关闭防火墙: netsh advfirewall set allprofiles state off
防火墙的入站规则设置:
# 允许 netsh advfirewall firewall add rule name=test dir=in action=allow protocol=tcp localport=8080 # 阻止 netsh advfirewall firewall add rule name=test dir=in action=block protocol=tcp localport=8080
防火墙的出站规则设置:
# 允许 netsh advfirewall firewall add rule name=test dir=out action=allow protocol=tcp localport=8080 # 阻止 netsh advfirewall firewall add rule name=test dir=out action=block protocol=tcp localport=8080
删除入站出站规则:
# 删除入站允许 netsh advfirewall firewall delete rule name=test dir=in action=allow protocol=tcp localport=8080 # 删除出站允许 netsh advfirewall firewall delete rule name=test dir=out action=allow protocol=tcp localport=8080
防火墙的其他设置:
允许并阻止ping:可以使用netsh来控制给定系统如何响应ping请求以及是否响应。以下两个netsh命令显示了如何阻止然后打开Windows防火墙来ping请求:
netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block protocol=icmpv4 netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4
启用程序:另一个常见任务是为给定程序打开Windows防火墙。以下示例说明了如何添加使Windows Live Messenger通过Windows防火墙工作的规则:
netsh advfirewall firewall add rule name="rule name" dir=in action=allow program="C:\\Path\\To\\Your\\Program.exe"
导出和导入防火墙设置文件:
netsh advfirewall export "C:\temp\WFconfiguration.wfw" netsh advfirewall import "C:\temp\WFconfiguration.wfw"
浙公网安备 33010602011771号