windows VC 防火墙调用方式

最新推荐文章于 2024-10-02 10:19:33 发布

frankz61

最新推荐文章于 2024-10-02 10:19:33 发布

阅读量357

点赞数 7

分类专栏： windows VC 文章标签： windows c++

本文链接：https://blog.csdn.net/sevendemage/article/details/136599765

版权

windows 同时被 2 个专栏收录

36 篇文章 0 订阅

订阅专栏

19 篇文章 0 订阅

订阅专栏

防火墙控制

https://github.com/getlantern/winfirewall
为了使用 Windows 防火墙 API，您需要在您的 C++ 程序中包含相应的头文件，例如：

#include <windows.h>
#include <comutil.h>
#include <netfw.h>

接下来，您可以使用 API 来控制防火墙。例如，下面的代码段展示了如何打开防火墙：

// 创建防火墙管理器对象
INetFwMgr* fwMgr = NULL;
HRESULT hr = CoCreateInstance(
    __uuidof(NetFwMgr),
    NULL,
    CLSCTX_INPROC_SERVER,
    __uuidof(INetFwMgr),
    (void**)&fwMgr
);
if (FAILED(hr))
{
    // 创建失败，处理错误
}

// 打开防火墙
hr = fwMgr->put_FirewallEnabled(VARIANT_TRUE);
if (FAILED(hr))
{
    // 打开失败，处理错误
}

请注意，上面的代码仅作为示例，实际应用中还需要进行更多的错误处理和异常检查。
此外，还有很多其他的防火墙操作可以通过 Windows 防火墙 API 来实现，例如添加或删除防火墙规则、查询防火墙状态等。有关详细信息，您可以参考微软的官方文档或其他相关资料。

winapi操作防火墙增加入站规则

#include <string>


struct firewall_rule_st{
	std::string Name;
	std::string Description;
	std::string Group;
	std::string Application;
	std::string Port;
	bool Outbound;
};

#include <windows.h>
#include <comutil.h>
#include <netfw.h>
#include <strsafe.h>

#pragma comment( lib, "ole32.lib" )  
#pragma comment( lib, "oleaut32.lib" )  
#pragma comment(lib, "comsuppw.lib")
#pragma comment(lib, "kernel32.lib")

int FireWallAddApplication(firewall_rule_st* p_add_rule)
{
	HRESULT hr = S_OK;
	HRESULT com_init = E_FAIL;
	// 创建防火墙管理器对象
	INetFwPolicy2* pFwPolicy = NULL;
	INetFwServiceRestriction *pFwServiceRestriction = NULL;
	INetFwRules *pFwRules = NULL;
	INetFwRule* pFwRule = NULL;

	BSTR rule_name = _com_util::ConvertStringToBSTR(p_add_rule->Name.c_str());
	BSTR rule_desc = _com_util::ConvertStringToBSTR(p_add_rule->Description.c_str());
	BSTR rule_group = _com_util::ConvertStringToBSTR(p_add_rule->Group.c_str());
	BSTR rule_appname = _com_util::ConvertStringToBSTR(p_add_rule->Application.c_str());
	BSTR rule_ports = _com_util::ConvertStringToBSTR(p_add_rule->Port.c_str());

	// Initialize COM.
	com_init = CoInitializeEx(0, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
	if (FAILED(hr))
	{
		printf("CoInitializeEx failed: 0x%08lx\n", hr);
		goto Cleanup;
	}
	// Retrieve the firewall policy.
	hr = CoCreateInstance(
		__uuidof(NetFwPolicy2),
		NULL,
		CLSCTX_INPROC_SERVER,
		__uuidof(INetFwPolicy2),
		(void**)&pFwPolicy);
	if (FAILED(hr))
	{
		printf("CoCreateInstance failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Retrieve INetFwServiceRestriction  
	hr = pFwPolicy->get_ServiceRestriction(&pFwServiceRestriction);
	if (FAILED(hr))
	{
		printf("get_ServiceRestriction failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Get the collections of Windows Service Hardening networking rules first  
	hr = pFwPolicy->get_Rules(&pFwRules);
	if (FAILED(hr))
	{
		printf("get_Rules failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Create a new firewall rule object.
	hr = CoCreateInstance(
		__uuidof(NetFwRule),
		NULL,
		CLSCTX_INPROC_SERVER,
		__uuidof(INetFwRule),
		(void**)&pFwRule);
	if (FAILED(hr))
	{
		printf("CoCreateInstance failed: 0x%08lx\n", hr);
		goto Cleanup;
	}



	INetFwRule* pFwQueryRule = NULL;
	hr = pFwRules->Item(rule_name, &pFwQueryRule);
	if (pFwQueryRule != NULL)
	{
		printf("规则已存在！\n");
		VARIANT_BOOL flag;
		pFwQueryRule->get_Enabled(&flag);
		if (!flag) //如果规则没打开  
		{
			pFwQueryRule->put_Enabled(VARIANT_TRUE); //打开规则  
		}
		goto Cleanup;
	}

	// Populate the Rule Name  
	hr = pFwRule->put_Name(rule_name);
	if (FAILED(hr))
	{
		printf("put_Name failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the Rule Description  
	hr = pFwRule->put_Description(rule_desc);
	if (FAILED(hr))
	{
		printf("put_Description failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the Rule Group  
	hr = pFwRule->put_Grouping(rule_group);
	if (FAILED(hr))
	{
		printf("put_Grouping failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the Application Name  
	hr = pFwRule->put_ApplicationName(rule_appname);
	if (FAILED(hr))
	{
		printf("put_ApplicationName failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the Protocol  
	hr = pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_ANY);
	if (FAILED(hr))
	{
		printf("put_Protocol failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the Direction
	hr = pFwRule->put_Direction(p_add_rule->Outbound ? NET_FW_RULE_DIR_OUT : NET_FW_RULE_DIR_IN);
	if (FAILED(hr))
	{
		printf("put_Direction failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the rule Action  
	hr = pFwRule->put_Action(NET_FW_ACTION_ALLOW);
	if (FAILED(hr))
	{
		printf("put_Action failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the rule Enabled setting  
	hr = pFwRule->put_Enabled(VARIANT_TRUE);
	if (FAILED(hr))
	{
		printf("put_Enabled failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Populate the rule to all profiles
	hr = pFwRule->put_Profiles(NET_FW_PROFILE2_ALL);
	if (FAILED(hr))
	{
		printf("put_Profiles failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

	// Add the Rule to the collection of Windows Service Hardening(WSH) rules  
	hr = pFwRules->Add(pFwRule);
	if (FAILED(hr))
	{
		printf("Firewall Rule Add failed: 0x%08lx\n", hr);
		goto Cleanup;
	}

Cleanup:
	if (pFwRule != NULL)
	{
		pFwRule->Release();
	}
	if (pFwPolicy != NULL)
	{
		pFwPolicy->Release();
	}

	CoUninitialize();
	return 0;
}