Click here to Skip to main content
Click here to Skip to main content

Open Windows Firewall During Installation

, 23 Jul 2006 CPOL
Rate this:
Please Sign up or sign in to vote.
This test code will serve as an MSI custom action to open the Windows firewall after installation.


During the installation of my application, I needed to add it to the Windows firewall as an allowed application and open two ports for another application. This code will function as a custom action during the install to open the firewall on install and close it on uninstall. In trying to keep things as simple as possible, the following C# class library will be called from the setup - openFirewall() and closeFirewall().

First, I generated the FWSetupAction project as a C# class library. After that, I use the properties page to switch the output type to a console application to step through it with the debugger. When it's operational, switch back to the class library for integration with the MSI setup logic and incorporate it as a custom action.

After the initial project creation, rename Class1.cs to Firewall.cs in the Solution Navigator. If you're writing code anew, add the NetFwTypeLib reference first to allow intellisense to help you recognize the terms you'll be coding. This reference will be required for correct compilation, so whether you put it in before coding or after doesn't matter, but it will be needed. To add the reference, right click on References and select Browse. Browse to %windir%\system32\hnetcfg.dll and select it - the NetFwTypeLib will be created.

Edit the Firewall.cs class to have the following code:

using System;
using System.Collections.Generic;
using System.Text;
using System.Reflection;
using NetFwTypeLib;
using Microsoft.Win32;
namespace FWSetupAction
public class Firewall
    protected int[] discoPorts = { 0xD100, 0xD101 };
    protected INetFwProfile fwProfile;

    public void openFirewall()
        ///////////// Firewall Authorize Application ////////////
        String imageFilename = getImageFilename();
        NetFwAuthorizedApplications apps = fwProfile.AuthorizedApplications;
        INetFwAuthorizedApplication app = 
          ( INetFwAuthorizedApplication ) getInstance( "INetAuthApp" );
        app.Name = "Application Name";
        app.ProcessImageFileName = imageFilename;
        apps.Add( app );
        apps = null;

        //////////////// Open Needed Ports /////////////////
        INetFwOpenPorts openports = fwProfile.GloballyOpenPorts;
        foreach( int port in discoPorts )
            INetFwOpenPort openport = 
              ( INetFwOpenPort ) getInstance( "INetOpenPort" );
            openport.Port = port;
            openport.Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP;
            openport.Name = "New Open Port";
            openports.Add( openport );
        openports = null;
    } // openFirewall

    public void closeFirewall()
        String imageFilename = getImageFilename();
        INetFwAuthorizedApplications apps = fwProfile.AuthorizedApplications;
        apps.Remove( imageFilename );
        apps = null;
        INetFwOpenPorts ports = fwProfile.GloballyOpenPorts;
        ports.Remove( discoPorts[ 0 ], NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP );
        ports.Remove( discoPorts[ 1 ], NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP );
        ports = null;

    protected string getImageFilename()
        // Get install directory from the registry
        RegistryKey pRegKey = Registry.LocalMachine;
        pRegKey = pRegKey.OpenSubKey( "SOFTWARE\\Company Directory\\AppDir" );
        Object insDir = pRegKey.GetValue( "InstallDir" );
        return insDir + "RVP.exe";

    protected void setProfile()
        // Access INetFwMgr
        INetFwMgr fwMgr = ( INetFwMgr ) getInstance( "INetFwMgr" );
        INetFwPolicy fwPolicy = fwMgr.LocalPolicy;
        fwProfile = fwPolicy.CurrentProfile;
        fwMgr = null;
        fwPolicy = null;

    protected Object getInstance( String typeName )
        if( typeName == "INetFwMgr" )
            Type type = Type.GetTypeFromCLSID(
            new Guid( "{304CE942-6E39-40D8-943A-B913C40C9CD4}" ) );
            return Activator.CreateInstance( type );
        else if( typeName == "INetAuthApp" )
            Type type = Type.GetTypeFromCLSID(
            new Guid( "{EC9846B3-2762-4A6B-A214-6ACB603462D2}" ) );
            return Activator.CreateInstance( type );
        else if( typeName == "INetOpenPort" )
            Type type = Type.GetTypeFromCLSID(
            new Guid( "{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" ) );
            return Activator.CreateInstance( type );
        else return null;

    static void Main( string[] args )
        Firewall fw = new Firewall();

Once compiled, you're ready to test. Set a breakpoint on each of the firewall entry methods - openFirewall() and closeFirewall(), and step through the program. Use a DOS box to verify the operations. The netsh firewall command will verify the operation of the code:

  • netsh fire show allowed - shows the programs that are allowed
  • netsh fire show port - shows the ports that are open



This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Don Hamson
Web Developer
United States United States
No Biography provided

Comments and Discussions

GeneralNetFwAuthorizedApplications type Pinmembertriplebit25-Sep-09 7:10 
GeneralRe: NetFwAuthorizedApplications type PinmemberDonsw27-Oct-09 11:36 
Generalgood for xp PinmemberDonsw18-Sep-09 8:00 
QuestionDoes it work on vista? PinmemberDavid Engler29-May-08 11:10 
AnswerRe: Does it work on vista? PinmemberJmgxu21-Dec-08 4:57 
GeneralHelp anybody - very peculiar bug PinmemberDave Midgley28-Nov-07 9:13 
GeneralRe: Help anybody - very peculiar bug [modified] PinmemberDon Hamson29-Nov-07 0:31 
GeneralSetting things back to null PinmemberDave Midgley28-Nov-07 8:16 
GeneralRe: Setting things back to null PinmemberDon Hamson28-Nov-07 23:33 
GeneralError checking PinmemberDave Midgley26-Nov-07 6:40 
AnswerRe: Error checking PinmemberDon Hamson26-Nov-07 17:51 
GeneralRe: Error checking PinmemberDave Midgley28-Nov-07 8:14 
GeneralRe: Error checking PinmemberDon Hamson28-Nov-07 23:19 
Questionnecessary privs PinmemberAleRanza25-May-07 6:11 
AnswerRe: necessary privs PinmemberDon Hamson25-May-07 14:48 
GeneralA different way of doing things PinmemberYiogi11-Jan-07 6:04 
GeneralRe: A different way of doing things Pinmembershysan24-Apr-07 3:29 
Generalsecurity caveat Pinmemberkckn4fun26-Jul-06 3:03 
GeneralRe: security caveat PinmemberDon Hamson26-Jul-06 9:34 
GeneralRe: security caveat Pinmembertverweij26-Jul-06 22:17 
GeneralRe: security caveat [modified] PinmemberDon Hamson27-Jul-06 4:36 
GeneralRe: security caveat PinmemberJason Barry26-Jun-08 14:20 
GeneralThis is not a feature, but a security leak [modified] Pinmembertverweij25-Jul-06 8:04 
GeneralRe: This is not a feature, but a security leak PinmemberDon Hamson26-Jul-06 2:36 
GeneralRe: This is not a feature, but a security leak Pinmembertverweij26-Jul-06 22:20 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

| Advertise | Privacy | Terms of Use | Mobile
Web03 | 2.8.150326.1 | Last Updated 23 Jul 2006
Article Copyright 2006 by Don Hamson
Everything else Copyright © CodeProject, 1999-2015
Layout: fixed | fluid