当前位置: 文江博客话题详情

如何添加出站 Windows 防火墙例外?

发布于 2024-12-08 18:24:34 字数 763 浏览 0 评论 0原文

我需要为我正在编写的应用程序打开 Windows 防火墙的出站连接。

我能够找到的最佳答案在这里:

http://www.shafqatahmed.com/2008/01/controlling-win.html shafqatahmed.com/2008/01/controlling-win.html

http://www.vincenzo.net/isxkb/index.php?title=Adding_a_rule_to_the_Windows_firewall

问题在于该方法仅创建入站规则,而不创建出站规则。 (C# 和 InnoSetup 脚本都使用相同的方法。)这对我来说完全没用。

Windows 防火墙的默认行为是允许出站流量,但这并不能保证有人不会更改它。

我更愿意在安装程序中执行此操作(使用 InnoSetup),而不是在 C# 中执行此操作。

我错过了什么吗?

有谁知道如何创建出站规则?

原文

I need to open up the Windows Firewall for outbound connections for an application I'm writing.

The best answers I've been able to locate are here:

http://www.shafqatahmed.com/2008/01/controlling-win.html

http://www.vincenzo.net/isxkb/index.php?title=Adding_a_rule_to_the_Windows_firewall

The problem is that method only creates an inbound rule, and not an outbound rule. (Both the C# and InnoSetup script use the same method.) This is entirely useless for me.

The default behaviour for the Windows Firewall is to allow outbound traffic, but that doesn't guarantee that someone won't change that.

I would prefer to do this in the installer (using InnoSetup) rather than doing it in C#.

Did I miss something?

Does anyone know how to create an outbound rule?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(5

一场春暖 2024-12-15 18:24:35

如果您需要为应用程序添加一些例外,您可以使用netsh

在命令行中写入(对于 XP):

netsh firewall add allowedprogram ?

在命令行中写入(对于 W7):

netsh advfirewall firewall add rule ?

这种差异是因为 netshfirewall 命令已被弃用。相反,我们必须使用命令netsh advfirewall防火墙

有关使用命令 netsh advfirewall 防火墙而不是 netsh 防火墙命令的更多信息,我们可以在知识库中看到:http://go.microsoft.com/fwlink/?linkid=121488

示例:

为不带安全封装的Messenger.exe 的传入流量添加规则:

netsh advfirewall firewall add rule name="allow messenger" dir=in program="c:\programfiles\messenger\msmsgs.exe" security=authnoencap action=allow

为端口处的传出流量添加规则80:

netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block

为入站流量添加安全和安全规则通过端口 80 的 TCP 流量加密:

netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow

You can use netsh if you need add some exceptions for your application.

write in command line (for XP):

netsh firewall add allowedprogram ?

write in command line (for W7):

netsh advfirewall firewall add rule ?

This difference becouse netsh firewall command is deprecated. Instead, we have to use the command netsh advfirewall firewall.

More information about using the command netsh advfirewall firewall instead of the netsh firewall command we can see in Knowledge Base there: http://go.microsoft.com/fwlink/?linkid=121488

Examples:

Adding a rule for incoming traffic without security encapsulation for messenger.exe:

netsh advfirewall firewall add rule name="allow messenger" dir=in program="c:\programfiles\messenger\msmsgs.exe" security=authnoencap action=allow

Adding a rule for outgoing traffic at the port 80:

netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block

Adding rules to inbound traffic with safety & traffic encryption for TCP through port 80:

netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow
回复 原文
小巷里的女流氓 2024-12-15 18:24:35

TechNet 执行以下操作: 在 Windows 7、Windows 上创建出站端口规则Vista、Windows Server 2008 或 Windows Server 2008 R2

虽然我假设您打算以编程方式创建此类规则,但如果是这种情况,您可能会感兴趣在以编程方式使用组策略对象

最后,如果您计划在安装期间执行此操作,InnoSetup 应该能够在安装时合并必要的注册表项。

TechNet does: Create an Outbound Port Rule on Windows 7, Windows Vista, Windows Server 2008 or Windows Server 2008 R2

Although I assume you meant to create such rules programatically, if that's the case you might be interested in Working with Group Policy Objects Programmatically.

Finally if you're planning to do that during installation, InnoSetup should be able to merge the necessary registry keys at setup time.

回复 原文
我一直都在从未离去 2024-12-15 18:24:35

netsh 的问题是它无法在某些 Windows 版本(例如 Windows Vista Basic)上运行。这就是为什么最好不使用 netsh 添加异常。 本文包含示例 Inno Setup 代码

The problem with netsh is that it does not work on some Windows versions (e.g. Windows Vista Basic). That is why it is better to add the exception without using netsh. This article contains sample Inno Setup code.

回复 原文
情释 2024-12-15 18:24:35

这是可以传递给 Windows 命令行工具的众多任务之一。 netsh 做了适当的事情,但它(就像 netsh 所做的其他事情一样)几乎不可能找到。简单的版本是:
netsh 防火墙添加允许的程序<路径>; <名称>
欲了解更多详细信息,请运行:
netsh firewall add allowedprogram ?

这些可以在 [Run] 部分或通过调用 Exec 来完成。

请注意,这在 Windows 7 中已被弃用;如果您仅针对 Vista/2008 或更高版本,则应使用 netsh advfirewall 防火墙。微软有一篇文章关于从前者转换后者,但我仍然必须支持XP,所以我没有这样做。

This is one of the many tasks that can be passed off to the Windows command-line tools. netsh does the appropriate things, but it (like everything else netsh does) is next to impossible to find. The simple version is:
netsh firewall add allowedprogram <path> <name>
For more details, run:
netsh firewall add allowedprogram ?

These can be done either in the [Run] section or by calling Exec.

Note that this is depreciated in Windows 7; if you're only targeting Vista/2008 or later, you should use netsh advfirewall firewall instead. Microsoft has an article on converting from the former the latter, but I still have to support XP, so I haven't done this.

回复 原文
梦途 2024-12-15 18:24:35

您可以在安装程序的[Run]部分中执行netsh。此示例为任何可执行文件打开端口 80。

[Run]
; Remove firewall exception first when upgrading
Filename: "{sys}\netsh.exe"; Parameters: "advfirewall firewall delete rule name=""My WWW Server"" "; Flags: runhidden

; Add firewall exception
Filename: "{sys}\netsh.exe"; Parameters: "advfirewall firewall add rule name=""My WWW Server"" protocol=TCP dir=in localport=80 action=allow "; Flags: runhidden

[UninstallRun]
Filename: "{sys}\netsh.exe"; Parameters: "advfirewall firewall delete rule name=""My WWW Server"" "; Flags: runhidden; RunOnceId: "RemoveFirewallExc"

dir=in 更改为 dir=out 以创建出站规则。

You can execute netsh in [Run] section of the installer. This example opens port 80 for any executable.

[Run]
; Remove firewall exception first when upgrading
Filename: "{sys}\netsh.exe"; Parameters: "advfirewall firewall delete rule name=""My WWW Server"" "; Flags: runhidden

; Add firewall exception
Filename: "{sys}\netsh.exe"; Parameters: "advfirewall firewall add rule name=""My WWW Server"" protocol=TCP dir=in localport=80 action=allow "; Flags: runhidden

[UninstallRun]
Filename: "{sys}\netsh.exe"; Parameters: "advfirewall firewall delete rule name=""My WWW Server"" "; Flags: runhidden; RunOnceId: "RemoveFirewallExc"

Change dir=in to dir=out to create an outbound rule.

回复 原文
~没有更多了~

关于作者

肤浅与狂妄

暂无简介

0 文章
0 评论
24 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

離殇

文章 0 评论 0

小姐丶请自重

文章 0 评论 0

Aik

文章 0 评论 0

国产ˉ祖宗

文章 0 评论 0

猥琐帝

文章 0 评论 0

半仙

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文