防火墙 Win7 XP MFC

已于 2022-10-18 09:51:52 修改
阅读量159 收藏 1
点赞数
分类专栏: COM 文章标签: windows 服务器 运维
于 2022-10-18 09:51:08 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qicaiyuwu/article/details/127382111
版权

//防火墙本质是你开辟一个端口侦听,即作为服务器的时候,系统为了防止对它造成伤害,特意开出的隔离墙。

//所以如果希望系统不自动弹出询问添加防火墙,就应该在端口侦听的地方提前把exe文件的全路径加入防火墙规则。

//win7系统默认添加防火墙规则名称是 资源视图-Version-FileDescription
 

#include "stdafx.h"
 
#include <windows.h>
#include <stdio.h>
#include <netfw.h>
 
#pragma comment( lib, "ole32.lib" )
#pragma comment( lib, "oleaut32.lib" )
 
 
// Forward declarations
HRESULT     WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2);
 
 
int __cdecl main()
{
	HRESULT hrComInit = S_OK;
	HRESULT hr = S_OK;
 
	INetFwRules *pFwRules = NULL;
	INetFwRule *pFwRule = NULL;
	INetFwRule *pTmpFwRule = NULL;
 
	VARIANT_BOOL isServiceRestricted = FALSE;
 
	INetFwPolicy2 *pNetFwPolicy2 = NULL;
	INetFwServiceRestriction *pFwServiceRestriction = NULL;
 
	// The Service and App name to use
	BSTR bstrServiceName = SysAllocString(L"SampleService");   // provide a valid service short name here.
	BSTR bstrAppName = SysAllocString(L"E:\\DownCode\\13114500790\\ServiceTest.exe");
	// The rule name, description should be provided as indirect strings '@appfullpath,-resource index' for
	// localization purposes. 
	// Using the strings directly for illustration here.
	BSTR bstrRuleName = SysAllocString(L"Allow TCP 12345 to sampleservice");
	BSTR bstrRuleDescription = SysAllocString(L"Allow only TCP 12345 traffic to sampleservice service, block everything else");
	BSTR bstrRuleLPorts = SysAllocString(L"12345");
 
	// Error checking for BSTR allocations
	if (NULL == bstrServiceName) { printf("Failed to allocate bstrServiceName\n"); goto Cleanup; }
	if (NULL == bstrAppName) { printf("Failed to allocate bstrAppName\n"); goto Cleanup; }
	if (NULL == bstrRuleName) { printf("Failed to allocate bstrRuleName\n"); goto Cleanup; }
	if (NULL == bstrRuleDescription) { printf("Failed to allocate bstrRuleDescription\n"); goto Cleanup; }
	if (NULL == bstrRuleLPorts) { printf("Failed to allocate bstrRuleLPorts\n"); goto Cleanup; }
 
	// Initialize COM.
	hrComInit = CoInitializeEx(
		0,
		COINIT_APARTMENTTHREADED
		);
 
	// Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
	// initialized with a different mode. Since we don't care what the mode is,
	// we'll just use the existing mode.
	if (hrComInit != RPC_E_CHANGED_MODE)
	{
		if (FAILED(hrComInit))
		{
			printf("CoInitializeEx failed: 0x%08lx\n", hrComInit);
			goto Cleanup;
		}
	}
 
	// Retrieve INetFwPolicy2
	hr = WFCOMInitialize(&pNetFwPolicy2);
	if (FAILED(hr))
	{
		goto Cleanup;
	}
 
	
	// Retrieve INetFwServiceRestriction
	hr = pNetFwPolicy2->get_ServiceRestriction(&pFwServiceRestriction);
	if (FAILED(hr))
	{
		printf("get_ServiceRestriction failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Restrict the sampleservice Service.
	// This will add two WSH rules -
	//    - a default block all inbound traffic to the service
	//    - a default block all outbound traffic from the service
	/*
	hr = pFwServiceRestriction->RestrictService(bstrServiceName, bstrAppName, TRUE, FALSE);
	if (FAILED(hr))
	{
		printf("RestrictService failed: 0x%08lx\nMake sure you specified a valid service shortname.\n", hr);
		goto Cleanup;
	}
	*/
 
	// If the service does not send/receive any network traffic then you are done. You can skip adding the allow WSH rules below.
 
	// If the service requires sending/receiving certain traffic, then add 'allow' WSH rules as follows
 
	// Get the collections of Windows Service Hardening networking rules first
	hr = pNetFwPolicy2->get_Rules(&pFwRules);
	//hr = pFwServiceRestriction->get_Rules(&pFwRules);
	if (FAILED(hr))
	{
		wprintf(L"get_Rules failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Add inbound WSH allow rule for allowing TCP 12345 to the service
	// Create a new Rule object.
	hr = CoCreateInstance(
		__uuidof(NetFwRule),
		NULL,
		CLSCTX_INPROC_SERVER,
		__uuidof(INetFwRule),
		(void**)&pFwRule);
	if (FAILED(hr))
	{
		printf("CoCreateInstance for Firewall Rule failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the Rule Name
	hr = pFwRule->put_Name(bstrRuleName);
	if (FAILED(hr))
	{
		printf("put_Name failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the Rule Description
	hr = pFwRule->put_Description(bstrRuleDescription);
	if (FAILED(hr))
	{
		printf("put_Description failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the Application Name
	hr = pFwRule->put_ApplicationName(bstrAppName);
	if (FAILED(hr))
	{
		printf("put_ApplicationName failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the Service Name
	hr = pFwRule->put_ServiceName(bstrServiceName);
	if (FAILED(hr))
	{
		printf("put_ServiceName failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the Protocol
	hr = pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
	if (FAILED(hr))
	{
		printf("put_Protocol failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the Local Ports
	hr = pFwRule->put_LocalPorts(bstrRuleLPorts);
	if (FAILED(hr))
	{
		printf("put_LocalPorts failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the rule Action
	hr = pFwRule->put_Action(NET_FW_ACTION_ALLOW);
	if (FAILED(hr))
	{
		printf("put_Action failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the rule Enabled setting
	hr = pFwRule->put_Enabled(VARIANT_TRUE);
	if (FAILED(hr))
	{
		printf("put_Enabled failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
//------------------------------------------------------------------------------------------
	BSTR bstrPPLiveRuleName = SysAllocString(L"PPLive");
	hr = pFwRules->Item(bstrRuleName, &pTmpFwRule);
	/*
	if (FAILED(hr))
	{
		printf("Item failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
	*/
 
	if (pTmpFwRule != NULL)
	{
		printf("规则已存在!\n");
		VARIANT_BOOL flag;
		pTmpFwRule->get_Enabled(&flag);
		if (!flag) //如果规则没打开
		{
			pTmpFwRule->put_Enabled(VARIANT_TRUE); //打开规则
		}
		int a;
		a = 3;
		goto Cleanup;
	}
 
	// Add the Rule to the collection of Windows Service Hardening(WSH) rules
	hr = pFwRules->Add(pFwRule);
	if (FAILED(hr))
	{
		printf("Firewall Rule Add failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	Sleep(3000);
 
	// Check to see if the Service is Restricted
	hr = pFwServiceRestriction->ServiceRestricted(bstrServiceName, bstrAppName, &isServiceRestricted);
	if (FAILED(hr))
	{
		printf("ServiceRestricted failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	if (isServiceRestricted)
	{
		printf ("Service was successfully restricted in WSH.\nExcept for TCP 12345 inbound traffic and its responses, all other inbound and outbound connections to and from the service will be blocked.\n");
	}
	else
	{
		printf ("The Service could not be properly restricted.\n");
	}
 
 
Cleanup:
 
	// Free BSTR's
	SysFreeString(bstrServiceName);
	SysFreeString(bstrAppName);
	SysFreeString(bstrRuleName);
	SysFreeString(bstrRuleDescription);
	SysFreeString(bstrRuleLPorts);
	SysFreeString(bstrPPLiveRuleName);
 
	// Release the INetFwRule object
	if (pFwRule != NULL)
	{
		pFwRule->Release();
	}
 
	// Release the INetFwRules object
	if (pFwRules != NULL)
	{
		pFwRules->Release();
	}
 
	// Release INetFwPolicy2
	if (pNetFwPolicy2 != NULL)
	{
		pNetFwPolicy2->Release();
	}
 
	// Uninitialize COM.
	if (SUCCEEDED(hrComInit))
	{
		CoUninitialize();
	}
 
	getchar();
	return 0;
}
 
 
// Instantiate INetFwPolicy2
HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2)
{
	HRESULT hr = S_OK;
 
	hr = CoCreateInstance(
		__uuidof(NetFwPolicy2), 
		NULL, 
		CLSCTX_INPROC_SERVER, 
		__uuidof(INetFwPolicy2), 
		(void**)ppNetFwPolicy2);
 
	if (FAILED(hr))
	{
		printf("CoCreateInstance for INetFwPolicy2 failed: 0x%08lx\n", hr);
		goto Cleanup;        
	}
 
Cleanup:
	return hr;
}

XP

#include <windows.h>
#include <crtdbg.h>
#include <netfw.h>
#include <objbase.h>
#include <oleauto.h>
#include <stdio.h>
 
#pragma comment( lib, "ole32.lib" )
#pragma comment( lib, "oleaut32.lib" )
 
 
HRESULT WindowsFirewallInitialize(OUT INetFwProfile** fwProfile)
{
	HRESULT hr = S_OK;
	INetFwMgr* fwMgr = NULL;
	INetFwPolicy* fwPolicy = NULL;
 
	_ASSERT(fwProfile != NULL);
 
	*fwProfile = NULL;
 
	// Create an instance of the firewall settings manager.
	hr = CoCreateInstance(
		__uuidof(NetFwMgr),
		NULL,
		CLSCTX_INPROC_SERVER,
		__uuidof(INetFwMgr),
		(void**)&fwMgr
		);
	if (FAILED(hr))
	{
		printf("CoCreateInstance failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Retrieve the local firewall policy.
	hr = fwMgr->get_LocalPolicy(&fwPolicy);
	if (FAILED(hr))
	{
		printf("get_LocalPolicy failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Retrieve the firewall profile currently in effect.
	hr = fwPolicy->get_CurrentProfile(fwProfile);
	if (FAILED(hr))
	{
		printf("get_CurrentProfile failed: 0x%08lx\n", hr);
		goto error;
	}
 
error:
 
	// Release the local firewall policy.
	if (fwPolicy != NULL)
	{
		fwPolicy->Release();
	}
 
	// Release the firewall settings manager.
	if (fwMgr != NULL)
	{
		fwMgr->Release();
	}
 
	return hr;
}
 
 
void WindowsFirewallCleanup(IN INetFwProfile* fwProfile)
{
	// Release the firewall profile.
	if (fwProfile != NULL)
	{
		fwProfile->Release();
	}
}
 
 
HRESULT WindowsFirewallIsOn(IN INetFwProfile* fwProfile, OUT BOOL* fwOn)
{
	HRESULT hr = S_OK;
	VARIANT_BOOL fwEnabled;
 
	_ASSERT(fwProfile != NULL);
	_ASSERT(fwOn != NULL);
 
	*fwOn = FALSE;
 
	// Get the current state of the firewall.
	hr = fwProfile->get_FirewallEnabled(&fwEnabled);
	if (FAILED(hr))
	{
		printf("get_FirewallEnabled failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Check to see if the firewall is on.
	if (fwEnabled != VARIANT_FALSE)
	{
		*fwOn = TRUE;
		printf("The firewall is on.\n");
	}
	else
	{
		printf("The firewall is off.\n");
	}
 
error:
 
	return hr;
}
 
 
HRESULT WindowsFirewallTurnOn(IN INetFwProfile* fwProfile)
{
	HRESULT hr = S_OK;
	BOOL fwOn;
 
	_ASSERT(fwProfile != NULL);
 
	// Check to see if the firewall is off.
	hr = WindowsFirewallIsOn(fwProfile, &fwOn);
	if (FAILED(hr))
	{
		printf("WindowsFirewallIsOn failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// If it is, turn it on.
	if (!fwOn)
	{
		// Turn the firewall on.
		hr = fwProfile->put_FirewallEnabled(VARIANT_TRUE);
		if (FAILED(hr))
		{
			printf("put_FirewallEnabled failed: 0x%08lx\n", hr);
			goto error;
		}
 
		printf("The firewall is now on.\n");
	}
 
error:
 
	return hr;
}
 
 
HRESULT WindowsFirewallTurnOff(IN INetFwProfile* fwProfile)
{
	HRESULT hr = S_OK;
	BOOL fwOn;
 
	_ASSERT(fwProfile != NULL);
 
	// Check to see if the firewall is on.
	hr = WindowsFirewallIsOn(fwProfile, &fwOn);
	if (FAILED(hr))
	{
		printf("WindowsFirewallIsOn failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// If it is, turn it off.
	if (fwOn)
	{
		// Turn the firewall off.
		hr = fwProfile->put_FirewallEnabled(VARIANT_FALSE);
		if (FAILED(hr))
		{
			printf("put_FirewallEnabled failed: 0x%08lx\n", hr);
			goto error;
		}
 
		printf("The firewall is now off.\n");
	}
 
error:
 
	return hr;
}
 
 
HRESULT WindowsFirewallAppIsEnabled(
									IN INetFwProfile* fwProfile,
									IN const wchar_t* fwProcessImageFileName,
									OUT BOOL* fwAppEnabled
									)
{
	HRESULT hr = S_OK;
	BSTR fwBstrProcessImageFileName = NULL;
	VARIANT_BOOL fwEnabled;
	INetFwAuthorizedApplication* fwApp = NULL;
	INetFwAuthorizedApplications* fwApps = NULL;
 
	_ASSERT(fwProfile != NULL);
	_ASSERT(fwProcessImageFileName != NULL);
	_ASSERT(fwAppEnabled != NULL);
 
	*fwAppEnabled = FALSE;
 
	// Retrieve the authorized application collection.
	hr = fwProfile->get_AuthorizedApplications(&fwApps);
	if (FAILED(hr))
	{
		printf("get_AuthorizedApplications failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Allocate a BSTR for the process image file name.
	fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
	if (fwBstrProcessImageFileName == NULL)
	{
		hr = E_OUTOFMEMORY;
		printf("SysAllocString failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Attempt to retrieve the authorized application.
	hr = fwApps->Item(fwBstrProcessImageFileName, &fwApp);
	if (SUCCEEDED(hr))
	{
		// Find out if the authorized application is enabled.
		hr = fwApp->get_Enabled(&fwEnabled);
		if (FAILED(hr))
		{
			printf("get_Enabled failed: 0x%08lx\n", hr);
			goto error;
		}
 
		if (fwEnabled != VARIANT_FALSE)
		{
			// The authorized application is enabled.
			*fwAppEnabled = TRUE;
 
			printf(
				"Authorized application %lS is enabled in the firewall.\n",
				fwProcessImageFileName
				);
		}
		else
		{
			printf(
				"Authorized application %lS is disabled in the firewall.\n",
				fwProcessImageFileName
				);
		}
	}
	else
	{
		// The authorized application was not in the collection.
		hr = S_OK;
 
		printf(
			"Authorized application %lS is disabled in the firewall.\n",
			fwProcessImageFileName
			);
	}
 
error:
 
	// Free the BSTR.
	SysFreeString(fwBstrProcessImageFileName);
 
	// Release the authorized application instance.
	if (fwApp != NULL)
	{
		fwApp->Release();
	}
 
	// Release the authorized application collection.
	if (fwApps != NULL)
	{
		fwApps->Release();
	}
 
	return hr;
}
 
 
HRESULT WindowsFirewallAddApp(
							  IN INetFwProfile* fwProfile,
							  IN const wchar_t* fwProcessImageFileName,
							  IN const wchar_t* fwName
							  )
{
	HRESULT hr = S_OK;
	BOOL fwAppEnabled;
	BSTR fwBstrName = NULL;
	BSTR fwBstrProcessImageFileName = NULL;
	INetFwAuthorizedApplication* fwApp = NULL;
	INetFwAuthorizedApplications* fwApps = NULL;
 
	_ASSERT(fwProfile != NULL);
	_ASSERT(fwProcessImageFileName != NULL);
	_ASSERT(fwName != NULL);
 
	// First check to see if the application is already authorized.
	hr = WindowsFirewallAppIsEnabled(
		fwProfile,
		fwProcessImageFileName,
		&fwAppEnabled
		);
	if (FAILED(hr))
	{
		printf("WindowsFirewallAppIsEnabled failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Only add the application if it isn't already authorized.
	if (!fwAppEnabled)
	{
		// Retrieve the authorized application collection.
		hr = fwProfile->get_AuthorizedApplications(&fwApps);
		if (FAILED(hr))
		{
			printf("get_AuthorizedApplications failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Create an instance of an authorized application.
		hr = CoCreateInstance(
			__uuidof(NetFwAuthorizedApplication),
			NULL,
			CLSCTX_INPROC_SERVER,
			__uuidof(INetFwAuthorizedApplication),
			(void**)&fwApp
			);
		if (FAILED(hr))
		{
			printf("CoCreateInstance failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Allocate a BSTR for the process image file name.
		fwBstrProcessImageFileName = SysAllocString(fwProcessImageFileName);
		if (fwBstrProcessImageFileName == NULL)
		{
			hr = E_OUTOFMEMORY;
			printf("SysAllocString failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Set the process image file name.
		hr = fwApp->put_ProcessImageFileName(fwBstrProcessImageFileName);
		if (FAILED(hr))
		{
			printf("put_ProcessImageFileName failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Allocate a BSTR for the application friendly name.
		fwBstrName = SysAllocString(fwName);
		if (SysStringLen(fwBstrName) == 0)
		{
			hr = E_OUTOFMEMORY;
			printf("SysAllocString failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Set the application friendly name.
		hr = fwApp->put_Name(fwBstrName);
		if (FAILED(hr))
		{
			printf("put_Name failed: 0x%08lx\n", hr);
			goto error;
		}
 
 
		// Add the application to the collection.
		hr = fwApps->Add(fwApp);
		if (FAILED(hr))
		{
			printf("Add failed: 0x%08lx\n", hr);
			goto error;
		}
 
		printf(
			"Authorized application %lS is now enabled in the firewall.\n",
			fwProcessImageFileName
			);
	}
 
error:
 
	// Free the BSTRs.
	SysFreeString(fwBstrName);
	SysFreeString(fwBstrProcessImageFileName);
 
	// Release the authorized application instance.
	if (fwApp != NULL)
	{
		fwApp->Release();
	}
 
	// Release the authorized application collection.
	if (fwApps != NULL)
	{
		fwApps->Release();
	}
 
	return hr;
}
 
 
HRESULT WindowsFirewallPortIsEnabled(
									 IN INetFwProfile* fwProfile,
									 IN LONG portNumber,
									 IN NET_FW_IP_PROTOCOL ipProtocol,
									 OUT BOOL* fwPortEnabled
									 )
{
	HRESULT hr = S_OK;
	VARIANT_BOOL fwEnabled;
	INetFwOpenPort* fwOpenPort = NULL;
	INetFwOpenPorts* fwOpenPorts = NULL;
 
	_ASSERT(fwProfile != NULL);
	_ASSERT(fwPortEnabled != NULL);
 
	*fwPortEnabled = FALSE;
 
	// Retrieve the globally open ports collection.
	hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts);
	if (FAILED(hr))
	{
		printf("get_GloballyOpenPorts failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Attempt to retrieve the globally open port.
	hr = fwOpenPorts->Item(portNumber, ipProtocol, &fwOpenPort);
	if (SUCCEEDED(hr))
	{
		// Find out if the globally open port is enabled.
		hr = fwOpenPort->get_Enabled(&fwEnabled);
		if (FAILED(hr))
		{
			printf("get_Enabled failed: 0x%08lx\n", hr);
			goto error;
		}
 
		if (fwEnabled != VARIANT_FALSE)
		{
			// The globally open port is enabled.
			*fwPortEnabled = TRUE;
 
			printf("Port %ld is open in the firewall.\n", portNumber);
		}
		else
		{
			printf("Port %ld is not open in the firewall.\n", portNumber);
		}
	}
	else
	{
		// The globally open port was not in the collection.
		hr = S_OK;
 
		printf("Port %ld is not open in the firewall.\n", portNumber);
	}
 
error:
 
	// Release the globally open port.
	if (fwOpenPort != NULL)
	{
		fwOpenPort->Release();
	}
 
	// Release the globally open ports collection.
	if (fwOpenPorts != NULL)
	{
		fwOpenPorts->Release();
	}
 
	return hr;
}
 
 
HRESULT WindowsFirewallPortAdd(
							   IN INetFwProfile* fwProfile,
							   IN LONG portNumber,
							   IN NET_FW_IP_PROTOCOL ipProtocol,
							   IN const wchar_t* name
							   )
{
	HRESULT hr = S_OK;
	BOOL fwPortEnabled;
	BSTR fwBstrName = NULL;
	INetFwOpenPort* fwOpenPort = NULL;
	INetFwOpenPorts* fwOpenPorts = NULL;
 
	_ASSERT(fwProfile != NULL);
	_ASSERT(name != NULL);
 
	// First check to see if the port is already added.
	hr = WindowsFirewallPortIsEnabled(
		fwProfile,
		portNumber,
		ipProtocol,
		&fwPortEnabled
		);
	if (FAILED(hr))
	{
		printf("WindowsFirewallPortIsEnabled failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Only add the port if it isn't already added.
	if (!fwPortEnabled)
	{
		// Retrieve the collection of globally open ports.
		hr = fwProfile->get_GloballyOpenPorts(&fwOpenPorts);
		if (FAILED(hr))
		{
			printf("get_GloballyOpenPorts failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Create an instance of an open port.
		hr = CoCreateInstance(
			__uuidof(NetFwOpenPort),
			NULL,
			CLSCTX_INPROC_SERVER,
			__uuidof(INetFwOpenPort),
			(void**)&fwOpenPort
			);
		if (FAILED(hr))
		{
			printf("CoCreateInstance failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Set the port number.
		hr = fwOpenPort->put_Port(portNumber);
		if (FAILED(hr))
		{
			printf("put_Port failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Set the IP protocol.
		hr = fwOpenPort->put_Protocol(ipProtocol);
		if (FAILED(hr))
		{
			printf("put_Protocol failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Allocate a BSTR for the friendly name of the port.
		fwBstrName = SysAllocString(name);
		if (SysStringLen(fwBstrName) == 0)
		{
			hr = E_OUTOFMEMORY;
			printf("SysAllocString failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Set the friendly name of the port.
		hr = fwOpenPort->put_Name(fwBstrName);
		if (FAILED(hr))
		{
			printf("put_Name failed: 0x%08lx\n", hr);
			goto error;
		}
 
		// Opens the port and adds it to the collection.
		hr = fwOpenPorts->Add(fwOpenPort);
		if (FAILED(hr))
		{
			printf("Add failed: 0x%08lx\n", hr);
			goto error;
		}
 
		printf("Port %ld is now open in the firewall.\n", portNumber);
	}
 
error:
 
	// Free the BSTR.
	SysFreeString(fwBstrName);
 
	// Release the open port instance.
	if (fwOpenPort != NULL)
	{
		fwOpenPort->Release();
	}
 
	// Release the globally open ports collection.
	if (fwOpenPorts != NULL)
	{
		fwOpenPorts->Release();
	}
 
	return hr;
}
 
 
int  main(int argc, TCHAR* argv[])
{
	HRESULT hr = S_OK;
	HRESULT comInit = E_FAIL;
	INetFwProfile* fwProfile = NULL;
 
	// Initialize COM.
	comInit = CoInitializeEx(
		0,
		COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE
		);
 
	// Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
	// initialized with a different mode. Since we don't care what the mode is,
	// we'll just use the existing mode.
	if (comInit != RPC_E_CHANGED_MODE)
	{
		hr = comInit;
		if (FAILED(hr))
		{
			printf("CoInitializeEx failed: 0x%08lx\n", hr);
			goto error;
		}
	}
 
	INetFwRules *fwRules;
 
 
 
	// Retrieve the firewall profile currently in effect.
	hr = WindowsFirewallInitialize(&fwProfile);
	if (FAILED(hr))
	{
		printf("WindowsFirewallInitialize failed: 0x%08lx\n", hr);
		goto error;
	}
 
 
	// Turn off the firewall.
	hr = WindowsFirewallTurnOff(fwProfile);
	if (FAILED(hr))
	{
		printf("WindowsFirewallTurnOff failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Turn on the firewall.
	hr = WindowsFirewallTurnOn(fwProfile);
	if (FAILED(hr))
	{
		printf("WindowsFirewallTurnOn failed: 0x%08lx\n", hr);
		goto error;
	}
	
 
	// Add Windows Messenger to the authorized application collection.
	hr = WindowsFirewallAddApp(
		fwProfile,
		L"E:\\Code_Factory\\NetDemo\\NetDemo V1.0-UDP\\Release\\NetDemo.exe",
		L"NetDemo"
		);
	if (FAILED(hr))
	{
		printf("WindowsFirewallAddApp failed: 0x%08lx\n", hr);
		goto error;
	}
 
	// Add TCP::80 to list of globally open ports.
	hr = WindowsFirewallPortAdd(fwProfile, 80, NET_FW_IP_PROTOCOL_TCP, L"WWW");
	if (FAILED(hr))
	{
		printf("WindowsFirewallPortAdd failed: 0x%08lx\n", hr);
		goto error;
	}
 
error:
 
	// Release the firewall profile.
	WindowsFirewallCleanup(fwProfile);
 
	// Uninitialize COM.
	if (SUCCEEDED(comInit))
	{
		CoUninitialize();
	}
 
	getchar();
	return 0;
}

win7 实现本地阻止访问远程的某个IP和端口

代码参考的MSDN

链接

SRC:

目录

XP

win7 实现本地阻止访问远程的某个IP和端口

// MicroFireExample.cpp : 定义控制台应用程序的入口点。
//
 
#include "stdafx.h"
 
#include <windows.h>
#include <stdio.h>
#include <netfw.h>
 
#pragma comment( lib, "ole32.lib" )
#pragma comment( lib, "oleaut32.lib" )
 
 
// Forward declarations
HRESULT     WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2);
 
 
 
int _tmain(int argc, _TCHAR* argv[])
{
	HRESULT hrComInit = S_OK;
	HRESULT hr = S_OK;
 
	INetFwPolicy2 *pNetFwPolicy2 = NULL;
	INetFwRules *pFwRules = NULL;
	INetFwRule *pFwRule = NULL;
 
	long CurrentProfilesBitMask = 0;
 
	BSTR bstrRuleName = SysAllocString(L"OUTBOUND_RULE");
	BSTR bstrRuleDescription = SysAllocString(L"Disable outbound network traffic to Dst IP 112.80.248.73 and dst port 80");
	BSTR bstrRuleGroup = SysAllocString(L"Sample Rule Group");
	//BSTR bstrRuleApplication = SysAllocString(L"%programfiles%\\MyApplication.exe");
	BSTR bstrRuleRIP = SysAllocString(L"112.80.248.73");
	BSTR bstrRuleRPorts = SysAllocString(L"80");
 
	// Initialize COM.
	hrComInit = CoInitializeEx(
		0,
		COINIT_APARTMENTTHREADED
		);
 
	// Ignore RPC_E_CHANGED_MODE; this just means that COM has already been
	// initialized with a different mode. Since we don't care what the mode is,
	// we'll just use the existing mode.
	if (hrComInit != RPC_E_CHANGED_MODE)
	{
		if (FAILED(hrComInit))
		{
			printf("CoInitializeEx failed: 0x%08lx\n", hrComInit);
			goto Cleanup;
		}
	}
 
	// Retrieve INetFwPolicy2
	hr = WFCOMInitialize(&pNetFwPolicy2);
	if (FAILED(hr))
	{
		goto Cleanup;
	}
 
	// Retrieve INetFwRules
	hr = pNetFwPolicy2->get_Rules(&pFwRules);
	if (FAILED(hr))
	{
		printf("get_Rules failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Retrieve Current Profiles bitmask
	hr = pNetFwPolicy2->get_CurrentProfileTypes(&CurrentProfilesBitMask);
	if (FAILED(hr))
	{
		printf("get_CurrentProfileTypes failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// When possible we avoid adding firewall rules to the Public profile.
	// If Public is currently active and it is not the only active profile, we remove it from the bitmask
	if ((CurrentProfilesBitMask & NET_FW_PROFILE2_PUBLIC) &&
		(CurrentProfilesBitMask != NET_FW_PROFILE2_PUBLIC))
	{
		CurrentProfilesBitMask ^= NET_FW_PROFILE2_PUBLIC;
	}
 
	// Create a new Firewall Rule object.
	hr = CoCreateInstance(
		__uuidof(NetFwRule),
		NULL,
		CLSCTX_INPROC_SERVER,
		__uuidof(INetFwRule),
		(void**)&pFwRule);
	if (FAILED(hr))
	{
		printf("CoCreateInstance for Firewall Rule failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
	// Populate the Firewall Rule object
	pFwRule->put_Name(bstrRuleName);
	pFwRule->put_Description(bstrRuleDescription);
	//pFwRule->put_ApplicationName(bstrRuleApplication);
	pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP);
	pFwRule->put_RemoteAddresses(bstrRuleRIP);
	pFwRule->put_RemotePorts(bstrRuleRPorts);
	pFwRule->put_Direction(NET_FW_RULE_DIR_OUT);
	pFwRule->put_Grouping(bstrRuleGroup);
	pFwRule->put_Profiles(CurrentProfilesBitMask);
	pFwRule->put_Action(NET_FW_ACTION_BLOCK);
	pFwRule->put_Enabled(VARIANT_TRUE);
 
	// Add the Firewall Rule
	hr = pFwRules->Add(pFwRule);
	if (FAILED(hr))
	{
		printf("Firewall Rule Add failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
 
Cleanup:
 
	// Free BSTR's
	SysFreeString(bstrRuleName);
	SysFreeString(bstrRuleDescription);
	SysFreeString(bstrRuleGroup);
	//SysFreeString(bstrRuleApplication);
	SysFreeString(bstrRuleRIP);
	SysFreeString(bstrRuleRPorts);
 
	// Release the INetFwRule object
	if (pFwRule != NULL)
	{
		pFwRule->Release();
	}
 
	// Release the INetFwRules object
	if (pFwRules != NULL)
	{
		pFwRules->Release();
	}
 
	// Release the INetFwPolicy2 object
	if (pNetFwPolicy2 != NULL)
	{
		pNetFwPolicy2->Release();
	}
 
	// Uninitialize COM.
	if (SUCCEEDED(hrComInit))
	{
		CoUninitialize();
	}
 
	return 0;
}
 
 
// Instantiate INetFwPolicy2
HRESULT WFCOMInitialize(INetFwPolicy2** ppNetFwPolicy2)
{
	HRESULT hr = S_OK;
 
	hr = CoCreateInstance(
		__uuidof(NetFwPolicy2), 
		NULL, 
		CLSCTX_INPROC_SERVER, 
		__uuidof(INetFwPolicy2), 
		(void**)ppNetFwPolicy2);
 
	if (FAILED(hr))
	{
		printf("CoCreateInstance for INetFwPolicy2 failed: 0x%08lx\n", hr);
		goto Cleanup;        
	}
 
Cleanup:
	return hr;
}

weekbo
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
VC++常用功能开发汇总
dvlinker的技术专栏
04-19 12万+
VC++常用功能开发汇总
简易防火墙(VC++)
10-23
一个简易的防火墙程序,VC编写,已有项目文件了,学习用非常好。
VC++ 防火墙 Win7 XP MFC
tajon1226的专栏
09-20 2252
// Firewall.cpp : Defines the entry point for the console application. // #include "stdafx.h" #include #include #include #pragma comment( lib, "ole32.lib" ) #pragma comment( lib, "oleaut32.lib"
基于VC++包过滤技术防火墙设计与实现
最新发布
毕业作品网站
10-27 1397
这种技术是在网络中适当的位置对数据包实施有选择的通过,选择依据,即为系统内设置的过滤规则(通常称为访问控制表-----Access Control List),只有满足过滤规则的数据包才被转发至相应的网络接口,其余数据包则被从数据流中删除。本文主要研究个人安全防御系统中包过滤系统的设计与实现,通过对现有包过滤技术深入的研究与分析,发现其中的不足之处,并在设计实现的过程中对其进行改进和完善。1全面深入的研究现有的包过滤技术,分析比较每一种包过滤技术的优缺点,结合个人安全防御系统的特点确定所要使用的技术。
VC++6.0 MFC做的防火墙系统设计
05-30
VC++6.0 MFC做的防火墙 1.添加规则 用户通过添加规则可以根据用户自己需要添加防火墙规则. 2.删除规则 用户通过删除规则删除不需要的防火墙规则. 3.安装规则 用户在添加好规则之后需要启用该规则的话就要使用该功能,即安装启用该规则. 4.卸载规则 用户卸载安装好的防火墙规则.
Visual C++ 6.0 win7完美版
03-05
《Visual C++ 6.0在Win7系统中的完美应用指南》 Visual C++ 6.0是一款由Microsoft公司推出的经典编程环境,尤其对于初学者和老程序员来说,它具有极高的价值。这款软件虽然发布于20世纪末,但其稳定性和强大的MFC...
WIN7下VC6.0调试程序终止进程不能关闭exe
03-30
总之,"WIN7下VC6.0调试程序终止进程不能关闭exe"这个问题需要综合考虑多种因素,通过逐步排除法和尝试不同的解决方案来找出问题的根源。同时,由于VC6.0已经较为老旧,升级到更现代的开发工具,如Visual Studio ...
WIN7可安装VC++6.0
04-20
Win7系统中安装和使用VC++6.0需要一些额外的注意事项,但一旦成功设置,开发者就能充分利用它进行软件设计,尤其是使用MFC进行控件操作和用户界面开发。不过,对于新项目,建议使用更新的开发工具以获得更好的性能...
最好的开源项目的一些的在VC + +和MFC
MeのC++
01-19 2756
简介<br />This article lists of some of the best Open Source projects written in VC++/MFC. 本文列出了最好的开放源码在VC + + / MFC编写的一些项目。Background 背景<br />CodeProject has the best source code repository for VC++ developers. CodeProject上有最好的源代码的VC + +开发库。But another
VC++防火墙源代码
09-11
VC++防火墙源代码
基于VC++的防火墙NetDefender
10-18
基于VC++的防火墙NetDefender 不错的网络编程实例
VC++网络防火墙综合实例
06-24
使用VC++进行编写的防火墙,是对VC++的一个综合练习,尤其是网络方面的。
简单个人防火墙VC原代码
03-20
一个很简单的vc防火墙程序里面只实现了部分功能适合初学者使用,可自行添加功能。
VC实现的简易防火墙
旧雨绵绵的专栏
05-26 2425
、  一、实验目的(1)  修改代码,完成下述功能:a) 由本机登录ftp服务器成功(通过用户名、密码验证);b) 无法将ftp内容列表或上传、下载数据;(2) 作业要求:a) 明确提出自己的方案设计,即通过何原理实现上述功能;b) 纸版作业只需要粘贴自己撰写的代码部分;c) 实验结果需要截图证明;二、实验过程1, 学习FTP应用的相关知识FTP(File Transfer Protocal),是
VC:windows自带的防火墙的相关编程
nemo2011的专栏
09-08 5455
VC:windows自带的防火墙的相关编程   (VC#.net)在Vista中编程控制防火墙设定——http://www.enet.com.cn/article/2007/0712/A20070712718695.shtml (VB.net)Progra
基于VC++的包过滤防火墙系统设计与实现
毕业作品网站
09-09 1873
该工具最大优点就是提供了功能强大的MFC类库,MFC是一个很大的C++类层次结构,其中封装了大量的类及其函数,很多Windows程序所共有的标准内容可以由M-FC的类来提供,MFC类为这些内容提供了用户接口的标准实现方法,程序员所要做的就是通过预定义的接口把具体应用程序特有的东西填入这个轮廓,这将简化编程工作,大大地减少程序员编写的代码数量,使编程工作变得更加轻松容易。这样程序的功能模块应该有:过滤规则添加删除功能模块,过滤规则显示功能模块,过滤规则存储功能模块,文件储存功能模块,安装卸载规则功能模块。
VC代码添加防火墙规则
深之JohnChen的专栏
05-20 2606
一、VC代码添加防火墙规则(调用netsh命令)BOOL DealExecCmd(CString strCommandLine) { USES_CONVERSION; STARTUPINFO StartInfo; memset(&amp;StartInfo, '\0', sizeof(StartInfo)); StartInfo.cb = sizeof(StartInfo); ...
VC++检测防火墙是否开启、判断程序是否加入防火墙白名单(附源码)
热门推荐
dvlinker的技术专栏
03-27 1万+
检测Windows防火墙是否开启、判断程序是否加入Windows防火墙白名单
Win32 API与MFC深度解析
"Win32 API 和 MFCWindows 应用程序开发中两个重要的组件。Win32 API 是微软操作系统提供的编程接口,定义了开发者创建 Windows 应用程序的功能和能力。MFC(Microsoft Foundation Classes)是微软提供的类库,...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值