日常人工配置防火墙
日常部署接口服务后经常需要人工配置防火墙的特定端口(也可能多个)开放给程序调用,人工操作起来就比较繁琐,其实也是可以偷懒交给程序来执行 以下是c#自动设置防火墙端口白名单的一段代码,可简化服务器配置防火墙端口的操作。
C#设置防火墙代码
/// <summary>
/// 防火墙管理
/// </summary>
public class FirewallManager
{
/// <summary>
/// 防火墙管理
/// </summary>
private static NetFwTypeLib.INetFwMgr NetFwMgr
{
get
{
return (INetFwMgr)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwMgr"));
}
}
/// <summary>
/// 防火墙策略
/// </summary>
private static NetFwTypeLib.INetFwPolicy2 FirewallPolicy
{
get
{
return (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
}
}
/// <summary>
/// 防火墙启用状态
/// </summary>
public static bool FirewallEnabled
{
get
{
return NetFwMgr.LocalPolicy.CurrentProfile.FirewallEnabled;
}
}
/// <summary>
/// 开启防火墙
/// </summary>
/// <returns></returns>
public static bool OpenFirewall() {
try
{
//INetFwPolicy2 firewallPolicy =
(INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
// 启用<高级安全Windows防火墙> - 专有配置文件的防火墙
FirewallPolicy.set_FirewallEnabled(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PRIVATE, true);
// 启用<高级安全Windows防火墙> - 公用配置文件的防火墙
FirewallPolicy.set_FirewallEnabled(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PUBLIC, true);
// 启用<高级安全Windows防火墙> - 域配置文件的防火墙
FirewallPolicy.set_FirewallEnabled(NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_DOMAIN, true);
return true;
}
catch (Exception e)
{
string error = $"防火墙修改出错:{e.Message}";
throw new Exception(error);
}
}
/// <summary>
/// 通用规则命名 方便查询
/// </summary>
/// <param name="appPath"></param>
/// <returns></returns>
private static string DesignAppRuleName(string appPath)
{
string ruleName = $"通信权限_{System.IO.Path.GetFileNameWithoutExtension(appPath)}";
return ruleName;
}
/// <summary>
/// 允许应用程序通过防火墙
/// </summary>
/// <param name="appPath">应用程序的绝对路径</param>
/// <exception cref="FileNotFoundException">未找到程序文件</exception>
public static void AllowAppUseFirewall(string appPath)
{
if (System.IO.File.Exists(appPath) == false)
{
throw new System.IO.FileNotFoundException("未找到程序文件");
}
//创建firewall管理类的实例: Type的GetTypeFromProgID是通过注册表信息项目创建实例类型
//以程序名为规则名创建规则,以便查询
string name = DesignAppRuleName(appPath);
INetFwAuthorizedApplication appAuthorized = FindFirewallRule(appPath);
if (appAuthorized != null)
{
RemoveAppUseFirewall(name);
}
//创建一个认证程序类的实例
INetFwAuthorizedApplication app =
(INetFwAuthorizedApplication)Activator.CreateInstance
(Type.GetTypeFromProgID("HNetCfg.FwAuthorizedApplication"));
//在例外列表里,程序显示的名称
app.Name = name;
//程序的绝对路径,这里使用程序本身
app.ProcessImageFileName = appPath;
//端口的范围,针对哪类或哪个IP地址
//objPort.Scope = NET_FW_SCOPE_.NET_FW_SCOPE_ALL;
//此处可以指定IP地址版本信息
//objPort.IpVersion = NET_FW_IP_VERSION_.NET_FW_IP_VERSION_V4;
//是否启用该规则
app.Enabled = true;
//加入到防火墙的管理策略
NetFwMgr.LocalPolicy.CurrentProfile.AuthorizedApplications.Add(app);
}
/// <summary>
/// 查找特定程序防火墙对应规则
/// </summary>
/// <param name="appPath"></param>
/// <returns></returns>
public static INetFwAuthorizedApplication FindFirewallRule(string appPath)
{
NET_FW_PROFILE_TYPE_ currentProfileType = NetFwMgr.CurrentProfileType;
//查找防火墙规则中是否已有同名规则存在
foreach (INetFwAuthorizedApplication item in
NetFwMgr.LocalPolicy.GetProfileByType(currentProfileType).AuthorizedApplications)
{
if (item.Name == DesignAppRuleName(appPath))
{
return item;
}
}
return null;
}
/// <summary>
/// 移除应用程序通过防火墙
/// </summary>
/// <param name="appPath">应用程序的绝对路径</param>
public static void RemoveAppUseFirewall(string appPath)
{
//参数为程序的绝对路径
NetFwMgr.LocalPolicy.CurrentProfile.AuthorizedApplications.Remove(appPath);
}
/// <summary>
/// 通用规则命名 方便查询
/// </summary>
/// <param name="appPath"></param>
/// <returns></returns>
private static string DesignPortRuleName(int Port)
{
string ruleName = $"管理通信权限_{Port} 端口";
return ruleName;
}
/// <summary>
/// 添加防火墙例外端口
/// </summary>
/// <param name="name">名称</param>
/// <param name="port">端口</param>
public static void AllowPortUseFirewall(int port)
{
string name = DesignPortRuleName(port);
INetFwOpenPort objPort =
(INetFwOpenPort)Activator.CreateInstance(
Type.GetTypeFromProgID("HNetCfg.FwOpenPort"));
objPort.Name = name;
objPort.Port = port;
objPort.Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP;
objPort.Scope = NET_FW_SCOPE_.NET_FW_SCOPE_ALL;
objPort.Enabled = true;
INetFwOpenPort openPort = FindFirewallRule(port);
if (openPort != null)
{
RemovePortUseFirewall(port);
}
NetFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts.Add(objPort);
}
/// <summary>
/// 删除防火墙例外端口
/// </summary>
/// <param name="port">端口</param>
public static void RemovePortUseFirewall(int port)
{
NetFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts.Remove
(port, NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP);
}
/// <summary>
/// 查找特定端口防火墙对应规则
/// </summary>
/// <param name="appPath"></param>
/// <returns></returns>
public static INetFwOpenPort FindFirewallRule(int Port)
{
foreach (INetFwOpenPort mPort in NetFwMgr.LocalPolicy.CurrentProfile.GloballyOpenPorts)
{
if (mPort.Name== DesignPortRuleName(Port))
{
return mPort;
}
}
return null;
}
}
