Windows中通过C++添加防火墙规则

#include <iostream>
#include <Windows.h>
#include <netfw.h>
 
int main() {
    HRESULT hr = CoInitializeEx(0, COINIT_APARTMENTTHREADED);// 初始化 COM
    if (SUCCEEDED(hr)) {
        INetFwPolicy2* pFwPolicy2 = NULL;
        //创建防火墙策略
        hr = CoCreateInstance(__uuidof(NetFwPolicy2), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwPolicy2), (void**)&pFwPolicy2);
        if (SUCCEEDED(hr)) {
            INetFwRules* pFwRules = NULL;
            //获取防火墙规则
            hr = pFwPolicy2->get_Rules(&pFwRules);
            if (SUCCEEDED(hr)) {            
                INetFwRule* pFwRule = NULL;
                // 在这里你可以通过遍历 pFwRules 获取并修改你想要的规则
               // 例如，假设我们要修改名为 "MyFirewallRule" 的规则
                BSTR ruleName = SysAllocString(L"MyFirewallRule");
                //从规则集合中获取指定名称的规则
                hr = pFwRules->Item(ruleName, &pFwRule);
                if (SUCCEEDED(hr)) {
                    std::cout << "Firewall rule is exist" << std::endl;
                    pFwRules->Remove(ruleName);//删除名为""MyFirewallRule"的防火墙
                    SysFreeString(ruleName);
                    pFwRules->Release();
                    pFwPolicy2->Release();<br>                    
                    CoUninitialize();//反初始化COM
 
                    return -1;
                }
                //创建一个新的防火墙规则
                hr = CoCreateInstance(__uuidof(NetFwRule), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwRule),(void**)&pFwRule);
                if (SUCCEEDED(hr)) {
                    // 设置规则的属性
                    pFwRule->put_Name(ruleName);
                    pFwRule->put_Description(SysAllocString(L"My Firewall Rule"));
                    pFwRule->put_Action(NET_FW_ACTION_ALLOW); // 允许连接
                    pFwRule->put_Direction(NET_FW_RULE_DIR_IN); // 入站规则
                    pFwRule->put_Enabled(VARIANT_TRUE); // 启用规则                   
                    pFwRule->put_Protocol(NET_FW_IP_PROTOCOL_TCP); // TCP 协议
                    pFwRule->put_LocalPorts(SysAllocString(L"83")); // 本地端口 83
                    pFwRule->put_InterfaceTypes(SysAllocString(L"All")); // 适用于所有网络接口
 
                    // 将规则添加到规则集合中
                    hr = pFwRules->Add(pFwRule);
 
                    if (SUCCEEDED(hr)) {
                        std::cout << "Firewall rule added successfully." << std::endl;
                    }
                    else {
                        std::cout << "Failed to add firewall rule: " << hr << std::endl;
                    }
 
                    pFwRule->Release();
                }
                SysFreeString(ruleName);
                pFwRules->Release();
            }
            pFwPolicy2->Release();
        }
        CoUninitialize();//反初始化COM
    }
 
    return 0;
}

添加到防火墙之前：

添加到防火墙之后：

防火墙的基本状态设置

# 查看当前防火墙状态：
netsh advfirewall show allprofiles
netsh advfirewall show allprofiles state

# 恢复初始防火墙设置：
netsh advfirewall reset
 
# 设置默认输入和输出策略：
# 设置为允许
netsh advfirewall set allprofiles firewallpolicy allowinbound,allowoutbound
# 设置为拒绝
netsh advfirewall set allprofiles firewallpolicy blockinbound,blockoutbound
 
# 显示默认的入站和出站防火墙行为。
netsh advfirewall show allprofiles firewallpolicy
 
# 显示日志记录设置。
netsh advfirewall show allprofiles logging
 
# 开启防火墙
netsh advfirewall set allprofiles state on
 
#关闭防火墙：
netsh advfirewall set allprofiles state off

防火墙的入站规则设置：

# 允许
netsh advfirewall firewall add rule name=test dir=in action=allow protocol=tcp localport=8080
 
# 阻止
netsh advfirewall firewall add rule name=test dir=in action=block protocol=tcp localport=8080　

防火墙的出站规则设置：

# 允许
netsh advfirewall firewall add rule name=test dir=out action=allow protocol=tcp localport=8080
 
# 阻止
netsh advfirewall firewall add rule name=test dir=out action=block protocol=tcp localport=8080

删除入站出站规则：

# 删除入站允许
netsh advfirewall firewall delete rule name=test dir=in action=allow protocol=tcp localport=8080
 
# 删除出站允许
netsh advfirewall firewall delete rule name=test dir=out action=allow protocol=tcp localport=8080

防火墙的其他设置：

允许并阻止ping：可以使用netsh来控制给定系统如何响应ping请求以及是否响应。以下两个netsh命令显示了如何阻止然后打开Windows防火墙来ping请求：

1 2	`netsh advfirewall firewall add rule name="All ICMP V4"` `dir=in action=block protocol=icmpv4` `netsh advfirewall firewall add rule name="All ICMP V4"` `dir=in action=allow protocol=icmpv4`

启用程序：另一个常见任务是为给定程序打开Windows防火墙。以下示例说明了如何添加使Windows Live Messenger通过Windows防火墙工作的规则：