VB.NET code adding Windows firewall exception just under private categorie, not public

1
votes

I have a VB.NET routine that can add firewall exception, the problem is that I must add an exception under all types of network, be it private or public. But this routine add an exception just under the private category of Windows Firewall.

My code:

Private Sub AddApp()
        Dim appType As Type = Type.GetTypeFromProgID("HnetCfg.FwAuthorizedApplication")
        Dim app As INetFwAuthorizedApplication
        app = DirectCast(Activator.CreateInstance(appType), INetFwAuthorizedApplication)

        ' Set the application properties
        app.Name = "My App"
        app.ProcessImageFileName = "C:\Users\klein\AppData\Roaming\Microsoft\Windows\MyApp.exe"
        app.Enabled = True

        ' Get the firewall manager, so we can get the list of authorized apps
        Dim fwMgrType As Type = Type.GetTypeFromProgID("HnetCfg.FwMgr")
        Dim fwMgr As INetFwMgr
        fwMgr = DirectCast(Activator.CreateInstance(fwMgrType), INetFwMgr)

        ' Get the list of authorized applications from the Firewall Manager, so we can add our app to that list
        Dim apps As INetFwAuthorizedApplications
        apps = fwMgr.LocalPolicy.CurrentProfile.AuthorizedApplications
        apps.Add(app)
    End Sub
3
vb.netwindows-firewall-api

3 Answers

0
votes

Have you tried modifying the scope of your rule?

Something along the lines of;

app.Scope = 0;

which should defined the scope to be ALL

0
votes

Instead of adding the application to the CurrentProfile try using GetProfileByType

    apps = fwMgr.LocalPolicy.GetProfileByType(NET_FW_PROFILE_TYPE_.NET_FW_PROFILE_CURRENT).AuthorizedApplications   ' PUBLIC
    apps = fwMgr.LocalPolicy.GetProfileByType(NET_FW_PROFILE_TYPE_.NET_FW_PROFILE_DOMAIN).AuthorizedApplications    ' DOMAIN
    apps = fwMgr.LocalPolicy.GetProfileByType(NET_FW_PROFILE_TYPE_.NET_FW_PROFILE_STANDARD).AuthorizedApplications  ' PRIVATE

I use the following code and it works fine.

Imports NetFwTypeLib
Module modMain

    Sub Main()

        AddApp(NET_FW_PROFILE_TYPE_.NET_FW_PROFILE_CURRENT)  'public
        AddApp(NET_FW_PROFILE_TYPE_.NET_FW_PROFILE_STANDARD) 'private

    End Sub

    Private Sub AddApp(ProfileType As NET_FW_PROFILE_TYPE_)

        Dim app As INetFwAuthorizedApplication = DirectCast(Activator.CreateInstance(Type.GetTypeFromProgID("HnetCfg.FwAuthorizedApplication")), INetFwAuthorizedApplication)
        app.Name = Application.ProductName
        app.ProcessImageFileName = Application.ExecutablePath
        app.Enabled = True
        Dim fwMgr As INetFwMgr = DirectCast(Activator.CreateInstance(Type.GetTypeFromProgID("HnetCfg.FwMgr")), INetFwMgr)
        fwMgr.LocalPolicy.GetProfileByType(ProfileType).AuthorizedApplications.Add(app)

    End Sub 
End Module
0
votes

Use the INetFwPolicy2 interface. The code is c# but shouldn't be hard to port.

public class Firewall
{
    public enum ProtocolType
    {
        Tcp = 6,
        Udp = 17, 
        Any = 256
    }

    public static bool CheckAddPortRule(String FwRuleTitle, string Ports, ProtocolType Protcol, NET_FW_PROFILE_TYPE2_ Profile2Types)
    {
        try
        {
            Type Tpolicy2Class = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
            INetFwPolicy2 policy2Class = (INetFwPolicy2)Activator.CreateInstance(Tpolicy2Class);
            foreach (INetFwRule itm in policy2Class.Rules)
            {
                try
                {
                    if (itm.Name.ToLower() == FwRuleTitle.ToLower())
                    {
                        itm.Profiles = (int)Profile2Types;
                        itm.Protocol = (int)Protcol;
                        itm.LocalPorts = Ports;
                        return true;
                    }
                }
                catch (Exception ex)
                {
                }
            }
            INetFwRule fwRule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
            fwRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
            fwRule.Name = FwRuleTitle;
            fwRule.Profiles = (int)Profile2Types;
            fwRule.Protocol = (int)Protcol;
            fwRule.LocalPorts = Ports;
            fwRule.Enabled = true;
            fwRule.InterfaceTypes = "All"; //Acceptable values for this property are "RemoteAccess", "Wireless", "Lan", and "All". 
            policy2Class.Rules.Add(fwRule);
            return true;
        }
        catch (Exception ex)
        {
        }
        return false;
    }
}

You can call it like this.

    NET_FW_PROFILE_TYPE2_ Profile2Types = NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_DOMAIN | NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_PUBLIC;
Firewall.CheckAddPortRule("Rule title", "1234", Firewall.ProtocolType.Tcp, Profile2Types);