public void CheckCommonRuleProperties(INetFwRule3 rule) { Assert.NotNull(rule); Assert.Equal(NET_FW_ACTION_.NET_FW_ACTION_ALLOW, rule.Action); Assert.Equal(NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT, rule.Direction); Assert.Equal(true, rule.Enabled); Assert.Equal(FirewallManager.GetFormattedLocalUserSid(Username), rule.LocalUserAuthorizedList); }
public static void BlockAllInbound(string ruleName, string windowsUserName) { INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); // This type is only available in Windows Server 2012 INetFwRule3 rule = ((INetFwRule3)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwRule"))); rule.Name = ruleName; rule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK; rule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN; rule.Enabled = true; string userSid = GetLocalUserSid(windowsUserName); rule.LocalUserAuthorizedList = String.Format(CultureInfo.InvariantCulture, "D:(A;;CC;;;{0})", userSid); firewallPolicy.Rules.Add(rule); }
public static bool LoadRule(FirewallRule rule, INetFwRule2 entry) { try { INetFwRule3 entry3 = entry as INetFwRule3; rule.BinaryPath = entry.ApplicationName; rule.ServiceTag = entry.serviceName; if (entry3 != null) { rule.AppSID = entry3.LocalAppPackageId; } // Note: while LocalAppPackageId and serviceName can be set at the same timea universall App can not be started as a service ProgramID progID; if (entry.ApplicationName != null && entry.ApplicationName.Equals("System", StringComparison.OrdinalIgnoreCase)) { progID = ProgramID.NewID(ProgramID.Types.System); } // Win10 else if (entry3 != null && entry3.LocalAppPackageId != null) { if (entry.serviceName != null) { throw new ArgumentException("Firewall paremeter conflict"); } progID = ProgramID.NewAppID(entry3.LocalAppPackageId, entry.ApplicationName); } // else if (entry.serviceName != null) { progID = ProgramID.NewSvcID(entry.serviceName, entry.ApplicationName); } else if (entry.ApplicationName != null) { progID = ProgramID.NewProgID(entry.ApplicationName); } else // if nothing is configured than its a global roule { progID = ProgramID.NewID(ProgramID.Types.Global); } rule.ProgID = Priv10Engine.AdjustProgID(progID); // https://docs.microsoft.com/en-us/windows/desktop/api/netfw/nn-netfw-inetfwrule rule.Name = entry.Name; rule.Grouping = entry.Grouping; rule.Description = entry.Description; //rule.ProgramPath = entry.ApplicationName; //rule.ServiceName = entry.serviceName; rule.Enabled = entry.Enabled; switch (entry.Direction) { case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN: rule.Direction = FirewallRule.Directions.Inbound; break; case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT: rule.Direction = FirewallRule.Directions.Outboun; break; } switch (entry.Action) { case NET_FW_ACTION_.NET_FW_ACTION_ALLOW: rule.Action = FirewallRule.Actions.Allow; break; case NET_FW_ACTION_.NET_FW_ACTION_BLOCK: rule.Action = FirewallRule.Actions.Block; break; } rule.Profile = entry.Profiles; if (entry.InterfaceTypes.Equals("All", StringComparison.OrdinalIgnoreCase)) { rule.Interface = (int)FirewallRule.Interfaces.All; } else { rule.Interface = 0; if (entry.InterfaceTypes.IndexOf("Lan", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)FirewallRule.Interfaces.Lan; } if (entry.InterfaceTypes.IndexOf("Wireless", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)FirewallRule.Interfaces.Wireless; } if (entry.InterfaceTypes.IndexOf("RemoteAccess", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)FirewallRule.Interfaces.RemoteAccess; } } rule.Protocol = entry.Protocol; /*The localAddrs parameter consists of one or more comma-delimited tokens specifying the local addresses from which the application can listen for traffic. "*" is the default value. Valid tokens include: * * "*" indicates any local address. If present, this must be the only token included. * "Defaultgateway" * "DHCP" * "WINS" * "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive. * A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. * A valid IPv6 address. * An IPv4 address range in the format of "start address - end address" with no spaces included. * An IPv6 address range in the format of "start address - end address" with no spaces included.*/ switch (rule.Protocol) { case (int)FirewallRule.KnownProtocols.ICMP: case (int)FirewallRule.KnownProtocols.ICMPv6: rule.SetIcmpTypesAndCodes(entry.IcmpTypesAndCodes); break; case (int)FirewallRule.KnownProtocols.TCP: case (int)FirewallRule.KnownProtocols.UDP: // , separated number or range 123-456 rule.LocalPorts = entry.LocalPorts; rule.RemotePorts = entry.RemotePorts; break; } rule.LocalAddresses = entry.LocalAddresses; rule.RemoteAddresses = entry.RemoteAddresses; // https://docs.microsoft.com/de-de/windows/desktop/api/icftypes/ne-icftypes-net_fw_edge_traversal_type_ //EdgeTraversal = (int)(Entry.EdgeTraversal ? NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_ALLOW : NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY); rule.EdgeTraversal = entry.EdgeTraversalOptions; if (entry3 != null) { /* * string s0 = entry3.LocalAppPackageId // 8 * string s1 = entry3.RemoteUserAuthorizedList; // 7 * string s2 = entry3.RemoteMachineAuthorizedList; // 7 * string s3 = entry3.LocalUserAuthorizedList; // 8 * string s4 = entry3.LocalUserOwner; // 8 * int i1 = entry3.SecureFlags; // ?? */ } } catch (Exception err) { Priv10Logger.LogError("Reading Firewall Rule failed {0}", err.ToString()); return(false); } return(true); }
public static bool SaveRule(FirewallRule rule, INetFwRule2 entry) { try { entry.EdgeTraversalOptions = (int)NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY; INetFwRule3 entry3 = entry as INetFwRule3; entry.ApplicationName = rule.BinaryPath; entry.serviceName = rule.ServiceTag; if (entry3 != null) { entry3.LocalAppPackageId = rule.AppSID; } /* * switch (rule.ProgID.Type) * { * case ProgramID.Types.Global: * entry.ApplicationName = null; * break; * case ProgramID.Types.System: * entry.ApplicationName = "System"; * break; * default: * if (rule.ProgID.Path != null && rule.ProgID.Path.Length > 0) * entry.ApplicationName = rule.ProgID.Path; * break; * } * * if (rule.ProgID.Type == ProgramID.Types.App) * entry3.LocalAppPackageId = rule.ProgID.GetPackageSID(); * else * entry3.LocalAppPackageId = null; * * if (rule.ProgID.Type == ProgramID.Types.Service) * entry.serviceName = rule.ProgID.GetServiceId(); * else * entry.serviceName = null; */ entry.Name = rule.Name; entry.Grouping = rule.Grouping; entry.Description = rule.Description; entry.Enabled = rule.Enabled; switch (rule.Direction) { case FirewallRule.Directions.Inbound: entry.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN; break; case FirewallRule.Directions.Outboun: entry.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT; break; } switch (rule.Action) { case FirewallRule.Actions.Allow: entry.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW; break; case FirewallRule.Actions.Block: entry.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK; break; } entry.Profiles = rule.Profile; if (rule.Interface == (int)FirewallRule.Interfaces.All) { entry.InterfaceTypes = "All"; } else { List <string> interfaces = new List <string>(); if ((rule.Interface & (int)FirewallRule.Interfaces.Lan) != 0) { interfaces.Add("Lan"); } if ((rule.Interface & (int)FirewallRule.Interfaces.Wireless) != 0) { interfaces.Add("Wireless"); } if ((rule.Interface & (int)FirewallRule.Interfaces.RemoteAccess) != 0) { interfaces.Add("RemoteAccess"); } entry.InterfaceTypes = string.Join(",", interfaces.ToArray().Reverse()); } // Note: if this is not cleared protocol change may trigger an exception if (entry.LocalPorts != null) { entry.LocalPorts = null; } if (entry.RemotePorts != null) { entry.RemotePorts = null; } if (entry.IcmpTypesAndCodes != null) { entry.IcmpTypesAndCodes = null; } // Note: protocol must be set early enough or other sets will cause errors! entry.Protocol = rule.Protocol; switch (rule.Protocol) { case (int)FirewallRule.KnownProtocols.ICMP: case (int)FirewallRule.KnownProtocols.ICMPv6: entry.IcmpTypesAndCodes = rule.GetIcmpTypesAndCodes(); break; case (int)FirewallRule.KnownProtocols.TCP: case (int)FirewallRule.KnownProtocols.UDP: entry.LocalPorts = rule.LocalPorts; entry.RemotePorts = rule.RemotePorts; break; } if (rule.EdgeTraversal != (int)NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DEFER_TO_USER) { entry.LocalAddresses = rule.LocalAddresses; entry.RemoteAddresses = rule.RemoteAddresses; } entry.EdgeTraversalOptions = rule.EdgeTraversal; if (entry3 != null) { /* * string s0 = entry3.LocalAppPackageId // 8 * string s1 = entry3.RemoteUserAuthorizedList; // 7 * string s2 = entry3.RemoteMachineAuthorizedList; // 7 * string s3 = entry3.LocalUserAuthorizedList; // 8 * string s4 = entry3.LocalUserOwner; // 8 * int i1 = entry3.SecureFlags; // ?? */ } } catch (Exception err) { Priv10Logger.LogError("Firewall Rule Commit failed {0}", err.ToString()); return(false); } return(true); }
// ReSharper disable once SuggestBaseTypeForParameter internal FirewallWASRuleWin8(INetFwRule3 rule) : base(rule) { }
internal StandardRuleWin8(INetFwRule3 rule) : base(rule) { }
public static bool SaveRule(FirewallRule rule, INetFwRule2 entry) { try { entry.EdgeTraversalOptions = (int)NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY; #if win10 INetFwRule3 entry3 = entry as INetFwRule3; #endif switch (rule.mID.Type) { case ProgramList.Types.Global: entry.ApplicationName = null; break; case ProgramList.Types.System: entry.ApplicationName = "System"; break; default: if (rule.mID.Path != null && rule.mID.Path.Length > 0) { entry.ApplicationName = rule.mID.Path; } break; } if (rule.mID.Type == ProgramList.Types.Service) { entry.serviceName = rule.mID.Name; } else { entry.serviceName = null; } #if win10 if (rule.mID.Type == ProgramList.Types.App) { entry3.LocalAppPackageId = rule.mID.Name; } else { entry3.LocalAppPackageId = null; } #endif entry.Name = rule.Name; entry.Grouping = rule.Grouping; entry.Description = rule.Description; //entry.ApplicationName = rule.ProgramPath; //entry.serviceName = rule.ServiceName; entry.Enabled = rule.Enabled; switch (rule.Direction) { case Firewall.Directions.Inbound: entry.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN; break; case Firewall.Directions.Outboun: entry.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT; break; } switch (rule.Action) { case Firewall.Actions.Allow: entry.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW; break; case Firewall.Actions.Block: entry.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK; break; } entry.Profiles = rule.Profile; if (rule.Interface == (int)Firewall.Interfaces.All) { entry.InterfaceTypes = "All"; } else { List <string> interfaces = new List <string>(); if ((rule.Interface & (int)Firewall.Interfaces.Lan) != 0) { interfaces.Add("Lan"); } if ((rule.Interface & (int)Firewall.Interfaces.Wireless) != 0) { interfaces.Add("Wireless"); } if ((rule.Interface & (int)Firewall.Interfaces.RemoteAccess) != 0) { interfaces.Add("RemoteAccess"); } entry.InterfaceTypes = string.Join(",", interfaces.ToArray().Reverse()); } // Note: if this is not cleared protocol change may trigger an exception if (entry.LocalPorts != null) { entry.LocalPorts = null; } if (entry.RemotePorts != null) { entry.RemotePorts = null; } if (entry.IcmpTypesAndCodes != null) { entry.IcmpTypesAndCodes = null; } // Note: protocol must be set early enough or other sets will cause errors! entry.Protocol = rule.Protocol; switch (rule.Protocol) { case (int)FirewallRule.KnownProtocols.ICMP: case (int)FirewallRule.KnownProtocols.ICMPv6: entry.IcmpTypesAndCodes = rule.IcmpTypesAndCodes; break; case (int)FirewallRule.KnownProtocols.TCP: case (int)FirewallRule.KnownProtocols.UDP: entry.LocalPorts = rule.LocalPorts; entry.RemotePorts = rule.RemotePorts; break; } if (rule.EdgeTraversal != (int)NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DEFER_TO_USER) { entry.LocalAddresses = rule.LocalAddresses; entry.RemoteAddresses = rule.RemoteAddresses; } entry.EdgeTraversalOptions = rule.EdgeTraversal; #if win10 if (entry3 != null) { //entry3.LocalAppPackageId = rule.AppID; /*entry3.LocalAppPackageId; * entry3.RemoteMachineAuthorizedList; * entry3.LocalUserAuthorizedList; * entry3.LocalUserOwner; * entry3.SecureFlags;*/ } #endif } catch (Exception err) { AppLog.Line("Firewall Rule Commit failed {0}", err.ToString()); return(false); } return(true); }
public static bool LoadRule(FirewallRule rule, INetFwRule2 entry) { try { #if win10 INetFwRule3 entry3 = entry as INetFwRule3; #endif ProgramList.Types type; string path = entry.ApplicationName; string name = null; if (path != null && path.Equals("System", StringComparison.OrdinalIgnoreCase)) { type = ProgramList.Types.System; } else if (entry.serviceName != null) { type = ProgramList.Types.Service; name = entry.serviceName; } #if win10 else if (entry3 != null && entry3.LocalAppPackageId != null) { type = ProgramList.Types.App; name = entry3.LocalAppPackageId; } #endif else if (path != null) { type = ProgramList.Types.Program; } else { type = ProgramList.Types.Global; } rule.mID = new ProgramList.ID(type, path, name); // https://docs.microsoft.com/en-us/windows/desktop/api/netfw/nn-netfw-inetfwrule rule.Name = entry.Name; rule.Grouping = entry.Grouping; rule.Description = entry.Description; //rule.ProgramPath = entry.ApplicationName; //rule.ServiceName = entry.serviceName; rule.Enabled = entry.Enabled; switch (entry.Direction) { case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN: rule.Direction = Firewall.Directions.Inbound; break; case NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT: rule.Direction = Firewall.Directions.Outboun; break; } switch (entry.Action) { case NET_FW_ACTION_.NET_FW_ACTION_ALLOW: rule.Action = Firewall.Actions.Allow; break; case NET_FW_ACTION_.NET_FW_ACTION_BLOCK: rule.Action = Firewall.Actions.Block; break; } rule.Profile = entry.Profiles; if (entry.InterfaceTypes.Equals("All", StringComparison.OrdinalIgnoreCase)) { rule.Interface = (int)Firewall.Interfaces.All; } else { rule.Interface = (int)Firewall.Interfaces.None; if (entry.InterfaceTypes.IndexOf("Lan", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)Firewall.Interfaces.Lan; } if (entry.InterfaceTypes.IndexOf("Wireless", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)Firewall.Interfaces.Wireless; } if (entry.InterfaceTypes.IndexOf("RemoteAccess", StringComparison.OrdinalIgnoreCase) != -1) { rule.Interface |= (int)Firewall.Interfaces.RemoteAccess; } } rule.Protocol = entry.Protocol; /*The localAddrs parameter consists of one or more comma-delimited tokens specifying the local addresses from which the application can listen for traffic. "*" is the default value. Valid tokens include: * * "*" indicates any local address. If present, this must be the only token included. * "Defaultgateway" * "DHCP" * "WINS" * "LocalSubnet" indicates any local address on the local subnet. This token is not case-sensitive. * A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255. * A valid IPv6 address. * An IPv4 address range in the format of "start address - end address" with no spaces included. * An IPv6 address range in the format of "start address - end address" with no spaces included.*/ switch (rule.Protocol) { case (int)FirewallRule.KnownProtocols.ICMP: case (int)FirewallRule.KnownProtocols.ICMPv6: //The icmpTypesAndCodes parameter is a list of ICMP types and codes separated by semicolon. "*" indicates all ICMP types and codes. rule.IcmpTypesAndCodes = entry.IcmpTypesAndCodes; break; case (int)FirewallRule.KnownProtocols.TCP: case (int)FirewallRule.KnownProtocols.UDP: // , separated number or range 123-456 rule.LocalPorts = entry.LocalPorts; rule.RemotePorts = entry.RemotePorts; break; } rule.LocalAddresses = entry.LocalAddresses; rule.RemoteAddresses = entry.RemoteAddresses; // https://docs.microsoft.com/de-de/windows/desktop/api/icftypes/ne-icftypes-net_fw_edge_traversal_type_ //EdgeTraversal = (int)(Entry.EdgeTraversal ? NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_ALLOW : NET_FW_EDGE_TRAVERSAL_TYPE_.NET_FW_EDGE_TRAVERSAL_TYPE_DENY); rule.EdgeTraversal = entry.EdgeTraversalOptions; #if win10 if (entry3 != null) { //rule.AppID = entry3.LocalAppPackageId; /*string s1 = entry3.LocalAppPackageId; * string s2 = entry3.RemoteMachineAuthorizedList; * string s3 = entry3.LocalUserAuthorizedList; * string s4 = entry3.LocalUserOwner; * int i1 = entry3.SecureFlags;*/ } #endif } catch (Exception err) { AppLog.Line("Reading Firewall Rule failed {0}", err.ToString()); return(false); } return(true); }
internal StandardRuleWin8(INetFwRule3 rule) : base(rule) { UnderlyingObjectV3 = rule; }