对于某些程序,我们只允许它使用某些特定端口、网络类型或者特定IP类型等信息。这时候,需要使用到防火墙里面的“高级设置”,创建某些特定的入站或者出栈规则,以规避其程序使用允许端口等意外的信息。
下面以创建出站规则为例,编写一条出站规则,规避除允许规则以外的通过防火墙。创建规则时,会使用到接口INetFwRule,其有关介绍参照MSDN文档。
创建规则的方法:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
/// <summary>/// 为WindowsDefender防火墙添加一条通信端口出站规则/// </summary>/// <param name="type">规则类型</param>/// <param name="ruleName">规则名称</param>/// <param name="appPath">应用程序完整路径</param>/// <param name="localAddresses">本地地址</param>/// <param name="localPorts">本地端口</param>/// <param name="remoteAddresses">远端地址</param>/// <param name="remotePorts">远端端口</param>public static bool CreateOutRule(NET_FW_IP_PROTOCOL_ type, string ruleName, string appPath, string localAddresses = null, string localPorts = null, string remoteAddresses = null, string remotePorts = null){ //创建防火墙策略类的实例 INetFwPolicy2 policy2 = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); //检查是否有同名规则 foreach (INetFwRule item in policy2.Rules) { if (item.Name == ruleName) { return true; } } //创建防火墙规则类的实例: 有关该接口的详细介绍:https://docs.microsoft.com/zh-cn/windows/win32/api/netfw/nn-netfw-inetfwrule INetFwRule rule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwRule")); //为规则添加名称 rule.Name = ruleName; //为规则添加描述 rule.Description = "禁止程序访问非指定端口"; //选择入站规则还是出站规则,IN为入站,OUT为出站 rule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT; //为规则添加协议类型 rule.Protocol = (int)type; //为规则添加应用程序(注意这里是应用程序的绝对路径名) rule.ApplicationName = appPath; //为规则添加本地IP地址 if (!string.IsNullOrEmpty(localAddresses)) { rule.LocalAddresses = localAddresses; } //为规则添加本地端口 if (!string.IsNullOrEmpty(localPorts)) { //需要移除空白字符(不能包含空白字符,下同) rule.LocalPorts = localPorts.Replace(" ", "");// "1-29999, 30003-33332, 33334-55554, 55556-60004, 60008-65535"; } //为规则添加远程IP地址 if (!string.IsNullOrEmpty(remoteAddresses)) { rule.RemoteAddresses = remoteAddresses; } //为规则添加远程端口 if (!string.IsNullOrEmpty(remotePorts)) { rule.RemotePorts = remotePorts.Replace(" ", ""); } //设置规则是阻止还是允许(ALLOW=允许,BLOCK=阻止) rule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK; //分组 名 rule.Grouping = "GroupsName"; rule.InterfaceTypes = "All"; //是否启用规则 rule.Enabled = true; try { //添加规则到防火墙策略 policy2.Rules.Add(rule); } catch (Exception e) { string error = $"防火墙添加规则出错:{ruleName} {e.Message}"; AppLog.Error(error); throw new Exception(error); } return true;} |
创建TCP的出站规则
使用上述代码,为创建一条TCP类型的出站规则:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
/// <summary> /// 为WindowsDefender防火墙添加一条U3D通信TCP端口出站规则 /// </summary> /// <param name="appPath">应用程序完整路径</param> /// <param name="localAddresses">本地地址</param> /// <param name="localPorts">本地端口</param> /// <param name="remoteAddresses">远端地址</param> /// <param name="remotePorts">远端端口</param> public static bool CreateTCPOutRule(string appPath, string localAddresses = null, string localPorts = null, string remoteAddresses = null, string remotePorts = null) { try { string ruleName = $"{System.IO.Path.GetFileNameWithoutExtension(appPath)}TCP"; CreateOutRule(NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP, ruleName, appPath, localAddresses, localPorts, remoteAddresses, remotePorts); } catch (Exception e) { AppLog.Error(e.Message); throw new Exception(e.Message); } return true; } |
创建UDP的出站规则
和TCP的出站规则类似,只是传入的类型不一样。使用前面的代码,创建一条UDP的出站规则:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
/// <summary>/// 为WindowsDefender防火墙添加一条通信UDP端口出站规则/// </summary>/// <param name="appPath">应用程序完整路径</param>/// <param name="localAddresses">本地地址</param>/// <param name="localPorts">本地端口</param>/// <param name="remoteAddresses">远端地址</param>/// <param name="remotePorts">远端端口</param>public static bool CreateUDPOutRule(string appPath, string localAddresses = null, string localPorts = null, string remoteAddresses = null, string remotePorts = null){ try { string ruleName = $"{System.IO.Path.GetFileNameWithoutExtension(appPath)}UDP"; CreateOutRule(NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP, ruleName, appPath, localAddresses, localPorts, remoteAddresses, remotePorts); } catch (Exception e) { AppLog.Error(e.Message); throw new Exception(e.Message); } return true;} |
删除出入站规则
注意出入站规则的名称,前面我创建出站规则的时候,使用的“应用程序名+网络类型”创建的,所以删除时,传入的名称也应一样,并且还可以判断网络类型是否一致,一致才删除。
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
|
/// <summary>/// 删除WindowsDefender防火墙规则/// <summary>/// <param name="appPath">应用程序完整路径</param>public static bool DeleteRule(string appPath){ //创建防火墙策略类的实例 INetFwPolicy2 policy2 = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")); string ruleName = System.IO.Path.GetFileNameWithoutExtension(appPath); try { //根据规则名称移除规则 policy2.Rules.Remove(ruleName); } catch (Exception e) { string error = $"防火墙删除规则出错:{ruleName} {e.Message}"; AppLog.Error(error); throw new Exception(error); } return true;} |
以上就是C# 设置防火墙的创建规则的详细内容,更多关于c# 防火墙的资料请关注服务器之家其它相关文章!
原文链接:https://www.cnblogs.com/pilgrim/p/11173507.html
