开启服务时:1 需要开放对外的端口设置,需要设置防火墙入站规则。2 或则将整个服务程序排除到防火墙之外
在设置入站时有如下
1 编码添加COM操作组件
2 入站信息类
/// <summary>
/// 防火墙入站
/// </summary>
public class FirewallInbound
{
public string Name { get; set; }
public string Port { get; set; }
public string Protocol { get; set; }
}
3 入站操作
public class FireWallManger
{
/// <summary>
/// 通过对象防火墙操作
/// </summary>
/// <param name="isOpenDomain">域网络防火墙(禁用:false;启用(默认):true)</param>
/// <param name="isOpenPublicState">公共网络防火墙(禁用:false;启用(默认):true)</param>
/// <param name="isOpenStandard">专用网络防火墙(禁用: false;启用(默认):true)</param>
/// <returns></returns>
public bool FirewallOperateByObject(bool isOpenDomain = true, bool isOpenPublicState = true, bool isOpenStandard = true)
{
try
{
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
// 启用<高级安全Windows防火墙> - 专有配置文件的防火墙
firewallPolicy.set_FirewallEnabled(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PRIVATE, isOpenStandard);
// 启用<高级安全Windows防火墙> - 公用配置文件的防火墙
firewallPolicy.set_FirewallEnabled(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PUBLIC, isOpenPublicState);
// 启用<高级安全Windows防火墙> - 域配置文件的防火墙
firewallPolicy.set_FirewallEnabled(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_DOMAIN, isOpenDomain);
}
catch (Exception e)
{
string error = $"防火墙修改出错:{e.Message}";
}
return true;
}
/// <summary>
/// 添加防火墙例外端口
/// </summary>
/// <param name="firewallInbounds"></param>
public void NetFwAddPorts(List<FirewallInbound> firewallInbounds)
{
//创建firewall管理类的实例
INetFwMgr netFwMgr = (INetFwMgr)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwMgr"));
var objPorts = GetNetFwOpenPorts(firewallInbounds);
//加入到防火墙的管理策略
IList<INetFwOpenPort> needSetFwOpenPorts = new List<INetFwOpenPort>();
//获取防火墙已入站的协议
var globallyOpenPorts = netFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts;
foreach (var objPort in objPorts)
{
bool exist = false;
foreach (INetFwOpenPort globallyOpenPort in globallyOpenPorts)
{
if (objPort.Name.Equals(globallyOpenPort.Name, StringComparison.CurrentCultureIgnoreCase) && objPort.Port == globallyOpenPort.Port)
{
exist = true;
break;
}
}
if (!exist)
needSetFwOpenPorts.Add(objPort);
}
AddRules(needSetFwOpenPorts);
}
private IList<INetFwOpenPort> GetNetFwOpenPorts(List<FirewallInbound> firewallInbounds)
{
IList<INetFwOpenPort> objPorts = new List<INetFwOpenPort>();
foreach (var firewallInbound in firewallInbounds)
{
INetFwOpenPort objPort = (INetFwOpenPort)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwOpenPort"));
objPort.Name = firewallInbound.Name;
objPort.Port = Int32.Parse(firewallInbound.Port);
objPort.Protocol = firewallInbound.Protocol.ToUpper() == "TCP" ? NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP : NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP;
objPort.Scope = NET_FW_SCOPE_.NET_FW_SCOPE_ALL;
objPort.Enabled = true;
objPorts.Add(objPort);
}
return objPorts;
}
/// <summary>
/// 将指定端口添加到防火墙外
/// </summary>
/// <param name="objPorts"></param>
private void AddRules(IList<INetFwOpenPort> objPorts)
{
if (objPorts == null || !objPorts.Any()) return;
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
foreach (var objPort in objPorts)
{
INetFwRule2 rule = (INetFwRule2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
rule.Protocol = (int)objPort.Protocol;
rule.Profiles = (int)(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL);
rule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN;
rule.Name = objPort.Name;
rule.LocalPorts = objPort.Port.ToString();
rule.Enabled = true;
firewallPolicy.Rules.Add(rule);
//netFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts.Add(objPort);
}
}
/// <summary>
/// 将应用程序添加到防火墙例外
/// </summary>
/// <param name="name">应用程序名称</param>
/// <param name="executablePath">应用程序可执行文件全路径</param>
public void NetFwAddApps(string name, string executablePath)
{
//创建firewall管理类的实例
INetFwMgr netFwMgr = (INetFwMgr)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwMgr"));
INetFwAuthorizedApplication app = (INetFwAuthorizedApplication)Activator.CreateInstance(
Type.GetTypeFromProgID("HNetCfg.FwAuthorizedApplication"));
//在例外列表里,程序显示的名称
app.Name = name;
//程序的路径及文件名
app.ProcessImageFileName = executablePath;
//是否启用该规则
app.Enabled = true;
bool exist = false;
//加入到防火墙的管理策略
foreach (INetFwAuthorizedApplication mApp in netFwMgr.LocalPolicy.CurrentProfile.AuthorizedApplications)
{
if (app == mApp)
{
exist = true;
break;
}
}
if (!exist) netFwMgr.LocalPolicy.CurrentProfile.AuthorizedApplications.Add(app);
}
/// <summary>
/// 删除防火墙例外端口
/// </summary>
/// <param name="port">端口</param>
/// <param name="protocol">协议(TCP、UDP)</param>
public void NetFwDelApps(int port, string protocol)
{
INetFwMgr netFwMgr = (INetFwMgr)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwMgr"));
netFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts.Remove(port,
protocol == "TCP"
? NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP
: NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP);
}
/// <summary>
/// 删除防火墙例外中应用程序
/// </summary>
/// <param name="executablePath">程序的绝对路径</param>
public void NetFwDelApps(string executablePath)
{
INetFwMgr netFwMgr = (INetFwMgr)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwMgr"));
netFwMgr.LocalPolicy.CurrentProfile.AuthorizedApplications.Remove(executablePath);
}
}
4 入站调用
/// <summary>
/// 设置防火墙入站
/// </summary>
private void SetFirewallInbound(string[] args)
{
var fireWallManger = new FireWallManger();
List<FirewallInbound> firewallInbounds = new List<FirewallInbound>
{
new FirewallInbound() {Name = "测试名字", Port = "45000", Protocol = "Tcp"}
};
fireWallManger.NetFwAddPorts(firewallInbounds);
}