Open Windows Firewall During Installation

Introduction

During the installation of my application, I need to add it to the Windows firewall as an allowed application and open 2 ports for another application.  So this code will function as a custom action during the install to open the firewall on install and close it on uninstall.  In trying to keep things as simple as possible; the following C# class library will be called from setup - openFirewall() and closeFirewall().

First, I generated FWSetupAction project as a C# class library.  After that use the properties page to switch the output type to a console application to step through it with the debugger.  When it's operational, switch back to class library for integration with MSI setup logic and incorporate it as a custom action.

After the initial project creation, rename Class1.cs to Firewall.cs in the Solution navigator.  If you're writing code anew, add the NetFwTypeLib reference first to allow intellisense to help you recognize the terms you'll be coding.  This reference will be required for correct compilation, so whether you put it in before coding or after doesn't matter but it will be needed.  To add the reference, right click on References and select browse.  Browse to %windir%\system32\hnetcfg.dll and select it - the NetFwTypeLib will be created. 

Edit the Firewall.cs class to have the following code

using System;
using System.Collections.Generic;
using System.Text;
using System.Reflection;
using NetFwTypeLib;
using Microsoft.Win32;
namespace FWSetupAction
{
public class Firewall
{
protected int[] discoPorts = { 0xD100, 0xD101 };
protected INetFwProfile fwProfile;
public void openFirewall()
{
///////////// Firewall Authorize Application ////////////
String imageFilename = getImageFilename();
setProfile();
INetFwAuthorizedApplications apps = fwProfile.AuthorizedApplications;
INetFwAuthorizedApplication app = ( INetFwAuthorizedApplication ) getInstance( "INetAuthApp" );
app.Name = "Application Name";
app.ProcessImageFileName = imageFilename;
apps.Add( app );
apps = null;
//////////////// Open Needed Ports /////////////////
INetFwOpenPorts openports = fwProfile.GloballyOpenPorts;
foreach( int port in discoPorts )
{
INetFwOpenPort openport = ( INetFwOpenPort ) getInstance( "INetOpenPort" );
openport.Port = port;
openport.Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP;
openport.Name = "New Open Port";
openports.Add( openport );
}
openports = null;
} // openFirewall
public void closeFirewall()
{
String imageFilename = getImageFilename();
setProfile();
INetFwAuthorizedApplications apps = fwProfile.AuthorizedApplications;
apps.Remove( imageFilename );
apps = null;
INetFwOpenPorts ports = fwProfile.GloballyOpenPorts;
ports.Remove( discoPorts[ 0 ], NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP );
ports.Remove( discoPorts[ 1 ], NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP );
ports = null;
}
protected string getImageFilename()
{
// Get install directory from the registry
RegistryKey pRegKey = Registry.LocalMachine;
pRegKey = pRegKey.OpenSubKey( "SOFTWARE\\Company Directory\\AppDir" );
Object insDir = pRegKey.GetValue( "InstallDir" );
return insDir + "RVP.exe";
}
protected void setProfile()
{
// Access INetFwMgr
INetFwMgr fwMgr = ( INetFwMgr ) getInstance( "INetFwMgr" );
INetFwPolicy fwPolicy = fwMgr.LocalPolicy;
fwProfile = fwPolicy.CurrentProfile;
fwMgr = null;
fwPolicy = null;
}
protected Object getInstance( String typeName )
{
if( typeName == "INetFwMgr" )
{
Type type = Type.GetTypeFromCLSID(
new Guid( "{304CE942-6E39-40D8-943A-B913C40C9CD4}" ) );
return Activator.CreateInstance( type );
}
else if( typeName == "INetAuthApp" )
{
Type type = Type.GetTypeFromCLSID(
new Guid( "{EC9846B3-2762-4A6B-A214-6ACB603462D2}" ) );
return Activator.CreateInstance( type );
}
else if( typeName == "INetOpenPort" )
{
Type type = Type.GetTypeFromCLSID(
new Guid( "{0CA545C6-37AD-4A6C-BF92-9F7610067EF5}" ) );
return Activator.CreateInstance( type );
}
else return null;
}
static void Main( string[] args )
{
Firewall fw = new Firewall();
fw.openFirewall();
fw.closeFirewall();
}
}
}

Once compiled, you're ready to test.  Set a break point on each of the firewall entry methods - openFirewall() and closeFirewall() and step through the program.  Use a DOS box to verify the operations.  The netsh firewall command will verify the operation of the code:

netsh fire show allowed - shows the programs that are allowed

netsh fire show port - shows the ports that are open

Thanks to Moah, Windows XP SP2 Firewall Controller, http://www.codeproject.com/w2k/WinXPSP2Firewall.asp

Thanks too to Dan Agonistes, Windows XP Service Pack 2 and the Windows Firewall, http://danagonistes.blogspot.com/2004/06/windows-xp-service-pack-2-and-windows.html