在程序中给windows firewall添加例外，不弹警告

Exercising the Windows Firewall using C++, PowerShell and nsis.   프로그래밍  2009/12/29 03:45 http://blog.naver.com/ships95/120098138849 The following code example exercises the Windows Firewall profile; displays the current profile, turns off the firewall, turns on the firewall, and adds an application. Copy Code /* Copyright (c) Microsoft Corporation SYNOPSIS Sample code for the Windows Firewall COM interface. */ #include <windows.h> #include <crtdbg.h> #include <netfw.h> #include <objbase.h> #include <oleauto.h> #include <stdio.h> #pragma comment( lib, "ole32.lib" ) #pragma comment( lib, "oleaut32.lib" ) HRESULT WindowsFirewallInitialize(OUT INetFwProfile** fwProfile) { HRESULT hr = S_OK; INetFwMgr* fwMgr = NULL; INetFwPolicy* fwPolicy = NULL; _ASSERT(fwProfile != NULL); *fwProfile = NULL; // Create an instance of the firewall settings manager. hr = CoCreateInstance( __uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&fwMgr ); if (FAILED(hr)) { printf("CoCreateInstance failed: 0x%08lx\n", hr); goto error; } // Retrieve the local firewall policy. hr = fwMgr->get_LocalPolicy(&fwPolicy); if (FAILED(hr)) { printf("get_LocalPolicy failed: 0x%08lx\n", hr); goto error; } // Retrieve the firewall profile currently in effect. hr = fwPolicy->get_CurrentProfile(fwProfile); if (FAILED(hr)) { printf("get_CurrentProfile failed: 0x%08lx\n", hr); goto error; } error: // Release the local firewall policy. if (fwPolicy != NULL) { fwPolicy->Release(); } // Release the firewall settings manager. if (fwMgr != NULL) { fwMgr->Release(); } return hr; } void WindowsFirewallCleanup(IN INetFwProfile* fwProfile) { // Release the firewall profile. if (fwProfile != NULL) { fwProfile->Release(); } } HRESULT WindowsFirewallIsOn(IN INetFwProfile* fwProfile, OUT BOOL* fwOn) { HRESULT hr = S_OK; VARIANT_BOOL fwEnabled; _ASSERT(fwProfile != NULL); _ASSERT(fwOn != NULL); *fwOn = FALSE; // Get the current state of the firewall. hr = fwProfile->get_FirewallEnabled(&fwEnabled); if (FAILED(hr)) { printf("get_FirewallEnabled failed: 0x%08lx\n", hr); goto error; } // Check to see if the firewall is on. if (fwEnabled != VARIANT_FALSE) { *fwOn = TRUE; printf("The firewall is on.\n"); } else { printf("The firewall is off.\n"); } error: return hr; } HRESULT WindowsFirewallTurnOn(IN INetFwProfile* fwProfile) { HRESULT hr = S_OK; BOOL fwOn; _ASSERT(fwProfile != NULL); // Check to see if the firewall is off. hr = WindowsFirewallIsOn(fwProfile, &fwOn); if (FAILED(hr)) { printf("WindowsFirewallIsOn failed: 0x%08lx\n", hr); goto error; } // If it is, turn it on. if (!fwOn) { // Turn the firewall on. hr = fwProfile->put_FirewallEnabled(VARIANT_TRUE); if (FAILED(hr)) { printf("put_FirewallEnabled failed: 0x%08lx\n", hr); goto error; } printf("The firewall is now on.\n"); } error: return hr; } HRESULT WindowsFirewallTurnOff(IN INetFwProfile* fwProfile) { HRESULT hr = S_OK; BOOL fwOn; _ASSERT(fwProfile != NULL); // Check to see if the firewall is on. hr = WindowsFirewallIsOn(fwProfile, &fwOn); if (FAILED(hr)) { printf("WindowsFirewallIsOn failed: 0x%08lx\n", hr); goto error; } // If it is, turn it off. if (fwOn) { // Turn the firewall off. hr = fwProfile->put_FirewallEnabled(VARIANT_FALSE); if (FAILED(hr)) { printf("put_FirewallEnabled failed: 0x%08lx\n", hr); goto error; } printf("The firewall is now off.\n"); } error: return hr; } HRESULT WindowsFirewallAppIsEnabled( IN INetFwProfile* fwProfile, IN const wchar_t* fwProcessImageFileName, OUT BOOL* fwAppEnabled ) { HRESULT hr = S_OK; BSTR fwBstrProcessImageFileName = NULL; VARIANT_BOOL fwEnabled; INetFwAuthorizedApplication* fwApp = NULL; INetFwAuthorizedApplications* fwApps = NULL; _ASSERT(fwProfile != NULL); _ASSERT(fwProcessImageFileName != NULL); _ASSERT(fwAppEnabled != NULL); *fwAppEnabled = FALSE; // Retrieve the authorized application collection. hr = fwProfile->get_AuthorizedApplications(&fwApps); if (FAILED(hr)) { printf("get_AuthorizedApplications failed: 0x%08lx\n", hr); goto error; } // Allocate a BSTR for the process image file name. fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName); if (fwBstrProcessImageFileName == NULL) { hr = E_OUTOFMEMORY; printf("SysAllocString failed: 0x%08lx\n", hr); goto error; } // Attempt to retrieve the authorized application. hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp); if (SUCCEEDED(hr)) { // Find out if the authorized application is enabled. hr = fwApp->get_Enabled(&fwEnabled); if (FAILED(hr)) { printf("get_Enabled failed: 0x%08lx\n", hr); goto error; } if (fwEnabled != VARIANT_FALSE) { // The authorized application is enabled. *fwAppEnabled = TRUE; printf( "Authorized application %lS is enabled in the firewall.\n", fwProcessImageFileName ); } else { printf( "Authorized application %lS is disabled in the firewall.\n", fwProcessImageFileName ); } } else { // The authorized application was not in the collection. hr = S_OK; printf( "Authorized application %lS is disabled in the firewall.\n", fwProcessImageFileName ); } error: // Free the BSTR. SysFreeString(fwBstrProcessImageFileName); // Release the authorized application instance. if (fwApp != NULL) { fwApp->Release(); } // Release the authorized application collection. if (fwApps != NULL) { fwApps->Release(); } return hr; } HRESULT WindowsFirewallAddApp( IN INetFwProfile* fwProfile, IN const wchar_t* fwProcessImageFileName, IN const wchar_t* fwName ) { HRESULT hr = S_OK; BOOL fwAppEnabled; BSTR fwBstrName = NULL; BSTR fwBstrProcessImageFileName = NULL; INetFwAuthorizedApplication* fwApp = NULL; INetFwAuthorizedApplications* fwApps = NULL; _ASSERT(fwProfile != NULL); _ASSERT(fwProcessImageFileName != NULL); _ASSERT(fwName != NULL); // First check to see if the application is already authorized. hr = WindowsFirewallAppIsEnabled( fwProfile, fwProcessImageFileName, &fwAppEnabled ); if (FAILED(hr)) { printf("WindowsFirewallAppIsEnabled failed: 0x%08lx\n", hr); goto error; } // Only add the application if it isn't already authorized. if (!fwAppEnabled) { // Retrieve the authorized application collection. hr = fwProfile->get_AuthorizedApplications(&fwApps); if (FAILED(hr)) { printf("get_AuthorizedApplications failed: 0x%08lx\n", hr); goto error; } // Create an instance of an authorized application. hr = CoCreateInstance( __uuidof(NetFwAuthorizedApplication), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwAuthorizedApplication), (void**)&fwApp ); if (FAILED(hr)) { printf("CoCreateInstance failed: 0x%08lx\n", hr); goto error; } // Allocate a BSTR for the process image file name. fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName); if (fwBstrProcessImageFileName == NULL) { hr = E_OUTOFMEMORY; printf("SysAllocString failed: 0x%08lx\n", hr); goto error; } // Set the process image file name. hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName); if (FAILED(hr)) { printf("put_ProcessImageFileName failed: 0x%08lx\n", hr); goto error; } // Allocate a BSTR for the application friendly name. fwBstrName = SysAllocString(fwName); if (SysStringLen(fwBstrName) == 0) { hr = E_OUTOFMEMORY; printf("SysAllocString failed: 0x%08lx\n", hr); goto error; } // Set the application friendly name. hr = fwApp->put_Name(fwBstrName); if (FAILED(hr)) { printf("put_Name failed: 0x%08lx\n", hr); goto error; } // Add the application to the collection. hr = fwApps->Add(fwApp); if (FAILED(hr)) { printf("Add failed: 0x%08lx\n", hr); goto error; } printf( "Authorized application %lS is now enabled in the firewall.\n", fwProcessImageFileName ); } error: // Free the BSTRs. SysFreeString(fwBstrName); SysFreeString(fwBstrProcessImageFileName); // Release the authorized application instance. if (fwApp != NULL) { fwApp->Release(); } // Release the authorized application collection. if (fwApps != NULL) { fwApps->Release(); } return hr; } HRESULT WindowsFirewallPortIsEnabled( IN INetFwProfile* fwProfile, IN LONG portNumber, IN NET_FW_IP_PROTOCOL ipProtocol, OUT BOOL* fwPortEnabled ) { HRESULT hr = S_OK; VARIANT_BOOL fwEnabled; INetFwOpenPort* fwOpenPort = NULL; INetFwOpenPorts* fwOpenPorts = NULL; _ASSERT(fwProfile != NULL); _ASSERT(fwPortEnabled != NULL); *fwPortEnabled = FALSE; // Retrieve the globally open ports collection. hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts); if (FAILED(hr)) { printf("get_GloballyOpenPorts failed: 0x%08lx\n", hr); goto error; } // Attempt to retrieve the globally open port. hr = fwOpenPorts->Item(portNumber, ipProtocol, &fwOpenPort); if (SUCCEEDED(hr)) { // Find out if the globally open port is enabled. hr = fwOpenPort->get_Enabled(&fwEnabled); if (FAILED(hr)) { printf("get_Enabled failed: 0x%08lx\n", hr); goto error; } if (fwEnabled != VARIANT_FALSE) { // The globally open port is enabled. *fwPortEnabled = TRUE; printf("Port %ld is open in the firewall.\n", portNumber); } else { printf("Port %ld is not open in the firewall.\n", portNumber); } } else { // The globally open port was not in the collection. hr = S_OK; printf("Port %ld is not open in the firewall.\n", portNumber); } error: // Release the globally open port. if (fwOpenPort != NULL) { fwOpenPort->Release(); } // Release the globally open ports collection. if (fwOpenPorts != NULL) { fwOpenPorts->Release(); } return hr; } HRESULT WindowsFirewallPortAdd( IN INetFwProfile* fwProfile, IN LONG portNumber, IN NET_FW_IP_PROTOCOL ipProtocol, IN const wchar_t* name ) { HRESULT hr = S_OK; BOOL fwPortEnabled; BSTR fwBstrName = NULL; INetFwOpenPort* fwOpenPort = NULL; INetFwOpenPorts* fwOpenPorts = NULL; _ASSERT(fwProfile != NULL); _ASSERT(name != NULL); // First check to see if the port is already added. hr = WindowsFirewallPortIsEnabled( fwProfile, portNumber, ipProtocol, &fwPortEnabled ); if (FAILED(hr)) { printf("WindowsFirewallPortIsEnabled failed: 0x%08lx\n", hr); goto error; } // Only add the port if it isn't already added. if (!fwPortEnabled) { // Retrieve the collection of globally open ports. hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts); if (FAILED(hr)) { printf("get_GloballyOpenPorts failed: 0x%08lx\n", hr); goto error; } // Create an instance of an open port. hr = CoCreateInstance( __uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&fwOpenPort ); if (FAILED(hr)) { printf("CoCreateInstance failed: 0x%08lx\n", hr); goto error; } // Set the port number. hr = fwOpenPort->put_Port(portNumber); if (FAILED(hr)) { printf("put_Port failed: 0x%08lx\n", hr); goto error; } // Set the IP protocol. hr = fwOpenPort->put_Protocol(ipProtocol); if (FAILED(hr)) { printf("put_Protocol failed: 0x%08lx\n", hr); goto error; } // Allocate a BSTR for the friendly name of the port. fwBstrName = SysAllocString(name); if (SysStringLen(fwBstrName) == 0) { hr = E_OUTOFMEMORY; printf("SysAllocString failed: 0x%08lx\n", hr); goto error; } // Set the friendly name of the port. hr = fwOpenPort->put_Name(fwBstrName); if (FAILED(hr)) { printf("put_Name failed: 0x%08lx\n", hr); goto error; } // Opens the port and adds it to the collection. hr = fwOpenPorts->Add(fwOpenPort); if (FAILED(hr)) { printf("Add failed: 0x%08lx\n", hr); goto error; } printf("Port %ld is now open in the firewall.\n", portNumber); } error: // Free the BSTR. SysFreeString(fwBstrName); // Release the open port instance. if (fwOpenPort != NULL) { fwOpenPort->Release(); } // Release the globally open ports collection. if (fwOpenPorts != NULL) { fwOpenPorts->Release(); } return hr; } int __cdecl wmain(int argc, wchar_t* argv[]) { HRESULT hr = S_OK; HRESULT comInit = E_FAIL; INetFwProfile* fwProfile = NULL; // Initialize COM. comInit = CoInitializeEx( 0, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE ); // Ignore RPC_E_CHANGED_MODE; this just means that COM has already been // initialized with a different mode. Since we don't care what the mode is, // we'll just use the existing mode. if (comInit != RPC_E_CHANGED_MODE) { hr = comInit; if (FAILED(hr)) { printf("CoInitializeEx failed: 0x%08lx\n", hr); goto error; } } // Retrieve the firewall profile currently in effect. hr = WindowsFirewallInitialize(&fwProfile); if (FAILED(hr)) { printf("WindowsFirewallInitialize failed: 0x%08lx\n", hr); goto error; } // Turn off the firewall. hr = WindowsFirewallTurnOff(fwProfile); if (FAILED(hr)) { printf("WindowsFirewallTurnOff failed: 0x%08lx\n", hr); goto error; } // Turn on the firewall. hr = WindowsFirewallTurnOn(fwProfile); if (FAILED(hr)) { printf("WindowsFirewallTurnOn failed: 0x%08lx\n", hr); goto error; } // Add Windows Messenger to the authorized application collection. hr = WindowsFirewallAddApp( fwProfile, L"%ProgramFiles%\\Messenger\\msmsgs.exe", L"Windows Messenger" ); if (FAILED(hr)) { printf("WindowsFirewallAddApp failed: 0x%08lx\n", hr); goto error; } // Add TCP::80 to list of globally open ports. hr = WindowsFirewallPortAdd(fwProfile, 80, NET_FW_IP_PROTOCOL_TCP, L"WWW"); if (FAILED(hr)) { printf("WindowsFirewallPortAdd failed: 0x%08lx\n", hr); goto error; } error: // Release the firewall profile. WindowsFirewallCleanup(fwProfile); // Uninitialize COM. if (SUCCEEDED(comInit)) { CoUninitialize(); } return 0; } Send comments about this topic to Microsoft Build date: 10/8/2009   예전에 이런 내용을 찾아본 적이 있었는데 검색 중 우연히 걸려 그냥 모셔둠 (확인 안했음).   --------------------------------------------------------------------------------------------------------------------------   PowerShell Snipets. Add an Authorized Application Adds Freecell.exe to the list of authorized applications in the current Windows Firewall profile.    Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication") objApplication.Name = "Free Cell" objApplication.IPVersion = 2 objApplication.ProcessImageFileName = "c:\windows\system32\freecell.exe" objApplication.RemoteAddresses = "*" objApplication.Scope = 0 objApplication.Enabled = True Set colApplications = objPolicy.AuthorizedApplications colApplications.Add(objApplication) Add an Application to the Standard Profile Adds Freecell.exe to the list of authorized applications in the Windows Firewall standard profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy Set objProfile = objPolicy.GetProfileByType(1) Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication") objApplication.Name = "Free Cell" objApplication.IPVersion = 2 objApplication.ProcessImageFileName = "c:\windows\system32\freecell.exe" objApplication.RemoteAddresses = "*" objApplication.Scope = 0 objApplication.Enabled = True Set colApplications = objProfile.AuthorizedApplications colApplications.Add(objApplication) Create a New Port Opens port 9999 in the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objPort = CreateObject("HNetCfg.FwOpenPort") objPort.Port = 9999 objPort.Name = "Test Port" objPort.Enabled = FALSE Set colPorts = objPolicy.GloballyOpenPorts errReturn = colPorts.Add(objPort) Delete an Authorized Application Deletes Freecell.exe from the list of authorized applications in the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colApplications = objPolicy.AuthorizedApplications errReturn = colApplications.Remove("c:\windows\system32\freecell.exe") Disable the Firewall Disables the Windows Firewall for the current profile. Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile objPolicy.FirewallEnabled = FALSE Delete an Open Port Closes port 9999 in the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colPorts = objPolicy.GloballyOpenPorts errReturn = colPorts.Remove(9999,6) Disable Remote Administration Disable Windows Firewall remote administration.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objAdminSettings = objPolicy.RemoteAdminSettings objAdminSettings.Enabled = FALSE Enable the Firewall Enables Windows Firewall for the current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile objPolicy.FirewallEnabled = TRUE Enable File and Printer Sharing Through Windows Firewall Enables File and Printer Sharing on a computer running Windows XP Service Pack 2.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colServices = objPolicy.Services Set objService = colServices.Item(0) objService.Enabled = TRUE Enable Remote Administration Enables remote administration of Windows Firewall fro the current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objAdminSettings = objPolicy.RemoteAdminSettings objAdminSettings.Enabled = TRUE List Authorized Applications Lists all authorized applications for the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colApplications = objPolicy.AuthorizedApplications For Each objApplication in colApplications Wscript.Echo "Authorized application: " & objApplication.Name Wscript.Echo "Application enabled: " & objApplication.Enabled Wscript.Echo "Application IP version: " & objApplication.IPVersion Wscript.Echo "Application process image file name: " & _ objApplication.ProcessImageFileName Wscript.Echo "Application remote addresses: " & _ objApplication.RemoteAddresses Wscript.Echo "Application scope: " & objApplication.Scope Wscript.Echo Next List Authorized Applications in the Standard Profile Lists all authorized applications for the Windows Firewall standard profile. Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy Set objProfile = objPolicy.GetProfileByType(1) Set colApplications = objProfile.AuthorizedApplications For Each objApplication in colApplications Wscript.Echo "Authorized application: " & objApplication.Name Wscript.Echo "Application enabled: " & objApplication.Enabled Wscript.Echo "Application IP version: " & objApplication.IPVersion Wscript.Echo "Application process image file name: " & _ objApplication.ProcessImageFileName Wscript.Echo "Application remote addresses: " & _ objApplication.RemoteAddresses Wscript.Echo "Application scope: " & objApplication.Scope Wscript.Echo Next List All Globally-Open Ports Lists all globally-open ports for the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colPorts = objPolicy.GloballyOpenPorts For Each objPort in colPorts Wscript.Echo "Port name: " & objPort.Name Wscript.Echo "Port number: " & objPort.Port Wscript.Echo "Port IP version: " & objPort.IPVersion Wscript.Echo "Port protocol: " & objPort.Protocol Wscript.Echo "Port scope: " & objPort.Scope Wscript.Echo "Port remote addresses: " & objPort.RemoteAddresses Wscript.Echo "Port enabled: " & objPort.Enabled Wscript.Echo "Port built-in: " & objPort.Builtin Next List Firewall Properties Lists Windows Firewall properties for the current profile. Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Wscript.Echo "Current profile type: " & objFirewall.CurrentProfileType Wscript.Echo "Firewall enabled: " & objPolicy.FirewallEnabled Wscript.Echo "Exceptions not allowed: " & objPolicy.ExceptionsNotAllowed Wscript.Echo "Notifications disabled: " & objPolicy.NotificationsDisabled Wscript.Echo "Unicast responses to multicast broadcast disabled: " & _ objPolicy.UnicastResponsestoMulticastBroadcastDisabled List Firewall Service Properties Lists service properties for the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colServices = objPolicy.Services For Each objService in colServices Wscript.Echo "Service name: " & objService.Name Wscript.Echo "Service enabled: " & objService.Enabled Wscript.Echo "Service type: " & objService.Type Wscript.Echo "Service IP version: " & objService.IPVersion Wscript.Echo "Service scope: " & objService.Scope Wscript.Echo "Service remote addresses: " & objService.RemoteAddresses Wscript.Echo "Service customized: " & objService.Customized Set colPorts = objService.GloballyOpenPorts For Each objPort in colPorts Wscript.Echo "Port name: " & objPort.Name Wscript.Echo "Port number: " & objPort.Port Wscript.Echo "Port enabled: " & objPort.Enabled Wscript.Echo "Port built-in: " & objPort.BuiltIn Wscript.Echo "Port IP version: " & objPort.IPVersion Wscript.Echo "Port protocol: " & objPort.Protocol Wscript.Echo "Port remote addresses: " & objPort.RemoteAddresses Wscript.Echo "Port scope: " & objPort.Scope Next Wscript.Echo Next List ICMP Settings Lists ICMP settings for the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objICMPSettings = objPolicy.ICMPSettings Wscript.Echo "Allow inbound echo request: " & _ objICMPSettings.AllowInboundEchoRequest Wscript.Echo "Allow inbound mask request: " & _ objICMPSettings.AllowInboundMaskRequest Wscript.Echo "Allow inbound router request: " & _ objICMPSettings.AllowInboundRouterRequest Wscript.Echo "Allow inbound timestamp request: " & _ objICMPSettings.AllowInboundTimestampRequest Wscript.Echo "Allow outbound destination unreachable: " & _ objICMPSettings.AllowOutboundDestinationUnreachable Wscript.Echo "Allow outbound packet too big: " & _ objICMPSettings.AllowOutboundPacketTooBig Wscript.Echo "Allow outbound parameter problem: " & _ objICMPSettings.AllowOutboundParameterProblem Wscript.Echo "Allow outbound source quench: " & _ objICMPSettings.AllowOutboundSourceQuench Wscript.Echo "Allow outbound time exceeded: " & _ objICMPSettings.AllowOutboundTimeExceeded Wscript.Echo "Allow redirect: " & objICMPSettings.AllowRedirect List Remote Administration Settings Lists remote administration settings for the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objAdminSettings = objPolicy.RemoteAdminSettings Wscript.Echo "Remote administration settings enabled: " & _ objAdminSettings.Enabled Wscript.Echo "Remote administration addresses: " & _ objAdminSettings.RemoteAddresses Wscript.Echo "Remote administration scope: " & objAdminSettings.Scope Wscript.Echo "Remote administration IP version: " & objAdminSettings.IPVersion List Standard Profile Properties Demonstration script that connects to and returns information about the Windows Firewall standard profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy Set objProfile = objPolicy.GetProfileByType(1) Wscript.Echo "Firewall enabled: " & objProfile.FirewallEnabled Wscript.Echo "Exceptions not allowed: " & objProfile.ExceptionsNotAllowed Wscript.Echo "Notifications disabled: " & objProfile.NotificationsDisabled Wscript.Echo "Unicast responses to multicast broadcast disabled: " & - objProfile.UnicastResponsestoMulticastBroadcastDisabled Modify an ICMP Setting Demonstration script that modifies a Windows Firewall ICMP setting for the current profile. Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set objICMPSettings = objPolicy.ICMPSettings objICMPSettings.AllowRedirect = TRUE Modify a Firewall Property Demonstration script that modifies Windows Firewall properties for the current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile objPolicy.ExceptionsNotAllowed = TRUE objPolicy.NotificationsDisabled = TRUE objPolicy.UnicastResponsestoMulticastBroadcastDisabled = TRUE Open a Closed Port Opens closed port 9999 for the Windows Firewall current profile.  Set objFirewall = CreateObject("HNetCfg.FwMgr") Set objPolicy = objFirewall.LocalPolicy.CurrentProfile Set colPorts = objPolicy.GloballyOpenPorts Set objPort = colPorts.Item(9999,6) objPort.Enabled = TRUE Restore the Default Settings Restore the Windows Firewall default settings.  Set objFirewall = CreateObject("HNetCfg.FwMgr") objFirewall.RestoreDefaults() 출처 : http://www.activexperts.com/activmonitor/windowsmanagement/scripts/networking/windowsfirewall/ 잘 동작하는 것으로 확인됨. ------------------------------------------------------------------------------------------------------------------------ nsis firewall plugin. http://nsis.sourceforge.net/NSIS_Simple_Firewall_Plugin [출처] Exercising the Windows Firewall using C++, PowerShell and nsis.|작성자 비우꺼