Click here to Skip to main content
15,867,308 members
Articles / Programming Languages / C#
Article

The managed classes to read Windows Firewall configuration on Vista using Advanced Security Interfaces

Rate me:
Please Sign up or sign in to vote.
4.96/5 (24 votes)
30 May 20072 min read 97.4K   2.6K   40   12
Provides a read-only access to Windows Firewall status, settings and rules on Windows Vista.

Screenshot - Firewall1.jpg

Introduction

Have you ever experienced problems deploying your .NET distributed applications because of Windows Firewall configuration? Did you come up with an idea to write a service that needs to receive unsolicited traffic and can detect if a firewall is running and which exceptions are allowed? Perhaps even let your service find a suitable port to perform the communication?

My initial intention was just to detect if there is a firewall running on the target system. After exploring the Windows Firewall with Advanced Security, I realised that there are unlimited possibilities to query firewall information and even modify its configuration.

The problem was that there were no managed classes to use from C# or VB.NET. So I took the first step. My classes cover perhaps 5% of API functionality, but they show an approach to be used in order to implement further features. Maybe it is a good idea to start a project which will wrap the whole C# API? Your reactions to this article will show.

Approach

The library NetFwTypeLib (C:\windows\system32\FirewallAPI.dll) includes classes and interfaces making it possible to programmatically read and manage Windows Firewall settings by allowing applications to create, enable, and disable firewall exceptions. There are actually two APIs, the "Windows Firewall" and "Windows Firewall with Advanced Security". The first one is supported under Windows XP SP2 or Vista and the second one is supported only under Windows Vista.

Detailed information can be found in MSDN under http://msdn2.microsoft.com/en-us/library/aa366453.aspx.

The difference is that the Vista API is more convenient and transparent. For example I did not find an equivalent of the Vista interface INetFwRule which describes a restriction in Windows XP API. My classes are based on Windows Firewall with Advanced Security so this is a Vista only solution.

Using the code

First of all, ensure that you are running Windows Vista. You can reference the assembly or the project or just include my classes in your project. In this case (only when copying classes) you need to set a COM reference to the library NetFwTypeLib (C:\windows\system32\FirewallAPI.dll).

Screenshot - Firewall0.jpg

Using the code consists basically of instantiation of the class Policy and calling its Properties.

C#
...
Policy policy = new Policy();
Console.WriteLine(string.Format("Firewal enabled? - {0}", policy.Enabled));
Console.WriteLine(string.Format("Inbound traffic allowd? - {0}", 
                    policy.DefaultInboundAction ));
...

To demonstrate this class, I wrote a small Windows application showing all available properties in PropertyGrid and all rules in DataGrid (see the screenshot above).

At the end I will just note some techniques used which can generate some questions. Let's take a look at the class Rules.

C#
public class Rules : ReadOnlyCollection<Rule>
{
    internal Rules(INetFwRules rules)
    : base(RulesToList(rules))
    {
    }

    private static IList<Rule> RulesToList(INetFwRules rules)
    {
        List<Rule> list = new List<Rule>(rules.Count);
        foreach (INetFwRule currentFwRule in rules)
        list.Add(new Rule(currentFwRule));
        return list;
    }
}

Some constructors in my classes are internal to prevent the user from creating instances. Also using internal methods, I hide the COM interfaces to keep the component interface 100% managed. To keep the Interface consistent and allow typed access to the rules list without enabling its modification, I derived the Rules class from the generic ReadOnlyCollection<>.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Software Developer
Germany Germany
Tweeter: @gmamaladze
Google+: gmamaladze
Blog: gmamaladze.wordpress.com

Comments and Discussions

 
QuestionErrors on passing fwCurrentProfileTypes as an argument Pin
freddie200017-Mar-19 3:58
freddie200017-Mar-19 3:58 
GeneralWorks as expected Pin
SinnerG24-Feb-14 4:41
SinnerG24-Feb-14 4:41 
We're using this code now as part of an automated way to restart one of our sites (that requires that access is blocked until the restart is completed).

Thanks!
QuestionHow to read firewall configuration for windows xp [modified] Pin
Amol_B31-Mar-11 2:14
professionalAmol_B31-Mar-11 2:14 
GeneralDetect all Firewalls Pin
Karunish14-Jun-08 2:21
Karunish14-Jun-08 2:21 
GeneralRe: Detect all Firewalls Pin
reddragon15-Jun-08 3:18
reddragon15-Jun-08 3:18 
GeneralRe: Detect all Firewalls Pin
Karunish16-Jun-08 0:08
Karunish16-Jun-08 0:08 
GeneralRe: Detect all Firewalls Pin
reddragon16-Jun-08 4:46
reddragon16-Jun-08 4:46 
GeneralRe: Detect all Firewalls Pin
karunisharora8517-Jun-08 8:55
karunisharora8517-Jun-08 8:55 
GeneralRe: Detect all Firewalls [modified] Pin
reddragon17-Jun-08 9:23
reddragon17-Jun-08 9:23 
Questionis it possible [modified] Pin
reddragon8-Jun-08 5:50
reddragon8-Jun-08 5:50 
GeneralDefinitely useful Pin
paoloden5-Jun-07 9:13
paoloden5-Jun-07 9:13 
GeneralRe: Definitely useful Pin
Arthur Kahwa13-Jul-08 19:52
Arthur Kahwa13-Jul-08 19:52 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.