防火墙控制
https://github.com/getlantern/winfirewall
为了使用 Windows 防火墙 API,您需要在您的 C++ 程序中包含相应的头文件,例如:
#include <windows.h>
#include <comutil.h>
#include <netfw.h>
接下来,您可以使用 API 来控制防火墙。例如,下面的代码段展示了如何打开防火墙:
// 创建防火墙管理器对象
INetFwMgr* fwMgr = NULL;
HRESULT hr = CoCreateInstance(
__uuidof(NetFwMgr),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwMgr),
(void**)&fwMgr
);
if (FAILED(hr))
{
// 创建失败,处理错误
}
// 打开防火墙
hr = fwMgr->put_FirewallEnabled(VARIANT_TRUE);
if (FAILED(hr))
{
// 打开失败,处理错误
}
请注意,上面的代码仅作为示例,实际应用中还需要进行更多的错误处理和异常检查。
此外,还有很多其他的防火墙操作可以通过 Windows 防火墙 API 来实现,例如添加或删除防火墙规则、查询防火墙状态等。有关详细信息,您可以参考微软的官方文档或其他相关资料。
winapi操作防火墙增加入站规则
#include <string>
struct firewall_rule_st{
std::string Name;
std::string Description;
std::string Group;
std::string Application;
std::string Port;
bool Outbound;
};
#include <windows.h>
#include <comutil.h>
#include <netfw.h>
#include <strsafe.h>
#pragma comment( lib, "ole32.lib" )
#pragma comment( lib, "oleaut32.lib" )
#pragma comment(lib, "comsuppw.lib")
#pragma comment(lib, "kernel32.lib")
int FireWallAddApplication(firewall_rule_st* p_add_rule)
{
HRESULT hr = S_OK;
HRESULT com_init = E_FAIL;
// 创建防火墙管理器对象
INetFwPolicy2* pFwPolicy = NULL;
INetFwServiceRestriction *pFwServiceRestriction = NULL;
INetFwRules *pFwRules = NULL;
INetFwRule* pFwRule = NULL;
BSTR rule_name = _com_util::ConvertStringToBSTR(p_add_rule->Name.c_str());
BSTR rule_desc = _com_util::ConvertStringToBSTR(p_add_rule->Description.c_str());
BSTR rule_group = _com_util::ConvertStringToBSTR(p_add_rule->Group.c_str());
BSTR rule_appname = _com_util::ConvertStringToBSTR(p_add_rule->Application.c_str());
BSTR rule_ports = _com_util::ConvertStringToBSTR(p_add_rule->Port.c_str());
// Initialize COM.
com_init = CoInitializeEx(0, COINIT_APARTMENTTHREADED | COINIT_DISABLE_OLE1DDE);
if (FAILED(hr))
{
printf("CoInitializeEx failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Retrieve the firewall policy.
hr = CoCreateInstance(
__uuidof(NetFwPolicy2),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwPolicy2),
(void**)&pFwPolicy);
if (FAILED(hr))
{
printf("CoCreateInstance failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Retrieve INetFwServiceRestriction
hr = pFwPolicy->get_ServiceRestriction(&pFwServiceRestriction);
if (FAILED(hr))
{
printf("get_ServiceRestriction failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Get the collections of Windows Service Hardening networking rules first
hr = pFwPolicy->get_Rules(&pFwRules);
if (FAILED(hr))
{
printf("get_Rules failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Create a new firewall rule object.
hr = CoCreateInstance(
__uuidof(NetFwRule),
NULL,
CLSCTX_INPROC_SERVER,
__uuidof(INetFwRule),
(void**)&pFwRule);
if (FAILED(hr))
{
printf("CoCreateInstance failed: 0x%08lx\n", hr);
goto Cleanup;
}
INetFwRule* pFwQueryRule = NULL;
hr = pFwRules->Item(rule_name, &pFwQueryRule);
if (pFwQueryRule != NULL)
{
printf("规则已存在!\n");
VARIANT_BOOL flag;
pFwQueryRule->get_Enabled(&flag);
if (!flag) //如果规则没打开
{
pFwQueryRule->put_Enabled(VARIANT_TRUE); //打开规则
}
goto Cleanup;
}
// Populate the Rule Name
hr = pFwRule->put_Name(rule_name);
if (FAILED(hr))
{
printf("put_Name failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the Rule Description
hr = pFwRule->put_Description(rule_desc);
if (FAILED(hr))
{
printf("put_Description failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the Rule Group
hr = pFwRule->put_Grouping(rule_group);
if (FAILED(hr))
{
printf("put_Grouping failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the Application Name
hr = pFwRule->put_ApplicationName(rule_appname);
if (FAILED(hr))
{
printf("put_ApplicationName failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the Protocol
hr = pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_ANY);
if (FAILED(hr))
{
printf("put_Protocol failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the Direction
hr = pFwRule->put_Direction(p_add_rule->Outbound ? NET_FW_RULE_DIR_OUT : NET_FW_RULE_DIR_IN);
if (FAILED(hr))
{
printf("put_Direction failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the rule Action
hr = pFwRule->put_Action(NET_FW_ACTION_ALLOW);
if (FAILED(hr))
{
printf("put_Action failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the rule Enabled setting
hr = pFwRule->put_Enabled(VARIANT_TRUE);
if (FAILED(hr))
{
printf("put_Enabled failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Populate the rule to all profiles
hr = pFwRule->put_Profiles(NET_FW_PROFILE2_ALL);
if (FAILED(hr))
{
printf("put_Profiles failed: 0x%08lx\n", hr);
goto Cleanup;
}
// Add the Rule to the collection of Windows Service Hardening(WSH) rules
hr = pFwRules->Add(pFwRule);
if (FAILED(hr))
{
printf("Firewall Rule Add failed: 0x%08lx\n", hr);
goto Cleanup;
}
Cleanup:
if (pFwRule != NULL)
{
pFwRule->Release();
}
if (pFwPolicy != NULL)
{
pFwPolicy->Release();
}
CoUninitialize();
return 0;
}