6.3. Adding a New Application Rule
This section describes how to create a new
application rule. The approach works equally well for a port or service
with a little tweaking of the example code. Rules generally provide a
basis for creating an exception to the baseline rules. A rule is
inbound or outbound and it either allows or blocks an action. The rule
is focused on a specific port and could include addresses and specific
application information. Listing 11 shows the code used to perform this task.
Example 11. Adding a new application rule to the public profile
private void btnAdd_Click(object sender, EventArgs e)
{
// Define a GPO policy type.
Type PolicyType = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
// Create the policy object.
dynamic Policy = Activator.CreateInstance(PolicyType);
// Define a rule type for the policy.
Type RuleType = Type.GetTypeFromProgID("HNetCfg.FwRule");
// Create the rule object.
dynamic Rule = Activator.CreateInstance(RuleType);
// Define the rule specifics.
Rule.Name = Application.ProductName;
Rule.ApplicationName = Application.ExecutablePath;
Rule.Description = "This is a sample GPO entry.";
Rule.Profiles = NET_FW_PROFILE2_PUBLIC;
Rule.Direction = NET_FW_RULE_DIR_IN;
Rule.Action = NET_FW_ACTION_ALLOW;
Rule.Protocol = NET_FW_IP_PROTOCOL_TCP;
Rule.RemoteAddresses = "10.1.1.1/255.255.255.255";
Rule.RemotePorts = "*";
Rule.LocalAddresses = "*";
Rule.LocalPorts = "*";
Rule.Enabled = true;
Rule.InterfaceTypes = "All";
try
{
// Add the rule to the list.
Policy.Rules.Add(Rule);
// Display a success message.
MessageBox.Show("Application successfully added!");
}
catch (Exception err)
{
// Display an error message.
MessageBox.Show("Couldn't add the Application!\n" +
err.Message);
}
}
|
It then creates a RuleType object using the Type.GetTypeFromProgID() method with HNetCfg.FwRule as an argument. The next step is to create the Rule object using Activator.CreateInstance() with RuleType as the argument.
This example shows typical entries for an
application exception. Notice that you must define the rule's
direction, the action it performs, and which profile it appears in. As
with any other Windows Firewall entry, you must provide a protocol for
the rule and any addresses it requires. A rule has both local and
remote addresses and ports, so you need to define both. After the code
defines the rule, it calls Policy.Rules.Add() to perform the task within a try...catch
statement. If you make a mistake in defining the rule, the system will
still accept it in many cases without any error (the errors will come
later when you try to use the faulty rule to perform useful work). Figure 11 shows the result of this example.
Notice that the output is a single rule. If you want
an application exception for both TCP and UDP, then you must create two
separate rules to do it. Unlike older Windows Firewall techniques, the
rule technique doesn't assume that you want both protocols, which
actually makes this approach a little safer, albeit more time-consuming
and code-intensive.
6.4. Removing an Application Rule
However, there are some subtle differences that could get you into trouble, as shown in Listing 12.
Example 12. Removing an application rule from the public profile
private void btnRemove_Click(object sender, EventArgs e)
{
// Define a GPO policy type.
Type PolicyType = Type.GetTypeFromProgID("HNetCfg.FwPolicy2");
// Create the policy object.
dynamic Policy = Activator.CreateInstance(PolicyType);
try
{
// Delete the application based on the application path.
Policy.Rules.Remove(Application.ProductName);
// Display a success message.
MessageBox.Show("Application successfully removed!");
}
catch (Exception err)
{
// Display an error message.
MessageBox.Show("Couldn't remove the application!\n" +
err.Message);
}
}
|
The first difference is that you create a policy; the Windows Firewall Manager doesn't do it. You still use the Remove()
method to perform the task, but notice that you use the rule name — not
the application path. Some developers confuse the two techniques and
later find that the rules they thought were gone are still entered in
the Windows Firewall listing.
