防火墙规则C#的正确设置
[英]Right settings for firewall rule C#
问题描述
I got a new question, what firewall settings is needed for blocking an IP address ? 
我有一个新问题,阻止IP地址需要什么防火墙设置? I found the property "RemoteAddress", like firewallRule.RemoteAddress, but I dont know how to use it. 我找到了属性“ RemoteAddress”,例如firewallRule.RemoteAddress,但是我不知道如何使用它。 This is what I found on stackoverflow ( following code blocks all access to internet ), Thanks. 这就是我在stackoverflow上发现的(以下代码阻止所有对Internet的访问),谢谢。
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using NETCONLib;
using NATUPNPLib;
using NetFwTypeLib;
namespace WindowsFormsApplication1
{
public class Form1 : Form
{
public Form1()
{
InitializeComponent();
INetFwRule firewallRule = (INetFwRule)Activator.CreateInstance(
Type.GetTypeFromProgID("HNetCfg.FWRule"));
firewallRule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
firewallRule.Description = "Used to block all internet access.";
firewallRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT;
firewallRule.Enabled = true;
firewallRule.InterfaceTypes = "All";
firewallRule.Name = "Block Internet";
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(
Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(firewallRule);
}
}
}
2 个解决方案
解决方案1
0 2018-09-08 15:22:23
As far as I can tell, you have to retrieve the RemoteAddresses list first before adding to it. 据我所知,您必须先检索RemoteAddresses列表,然后再将其添加到列表中。 Otherwise, it just overwrites each IP with the next one. 否则,它只会用下一个覆盖每个IP。 The format needs to be as Jan described in his/her answer. 格式必须如Jan在他/她的答案中所述。 However, the subnet " /255.255.255.255 " is not needed when adding a single IP address. 但是,添加单个IP地址时,不需要子网“ /255.255.255.255 ”。 My app only blocks a single ip at a time, but you can put ranges in there as Jan describes. 我的应用一次只能阻止一个IP,但是您可以按照Jan的描述在其中放置范围。 Most the credit goes to others on SO with exception of the RemoteAddresses part. 除了RemoteAddresses部分外,大部分功劳都归功于SO。 If there's a better/cleaner way, I would love to hear it. 如果有更好/更干净的方法,我很想听听。 Here's how I ended up doing it: 这是我最终完成的方式:
private void BlockIp(string ip, string ruleName)
{
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
INetFwRule firewallRule = firewallPolicy.Rules.OfType<INetFwRule>().Where(x => x.Name == ruleName).FirstOrDefault();
if (firewallRule == null)
{
firewallRule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
firewallRule.Name = ruleName;
firewallPolicy.Rules.Add(firewallRule);
firewallRule.Description = "Block inbound traffic";
firewallRule.Profiles = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL;
firewallRule.Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP;
firewallRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN;
firewallRule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
//firewallRule.LocalPorts = "8080";
//firewallRule.Grouping = "@firewallapi.dll,-23255";
firewallRule.Enabled = true;
firewallRule.RemoteAddresses = ip;
//firewallPolicy.Rules.Add(firewallRule); //throws error, not needed
} else {
var remoteAddresses = firewallRule.RemoteAddresses;
firewallRule.RemoteAddresses = remoteAddresses + "," + ip;
}
}
解决方案2
0 2012-02-09 23:26:39
您可以使用以逗号分隔的IP地址列表(子网,别名)
$Rule.RemoteAddresses = RemoteAddresses = 'LocalSubnet,10.1.1.1/255.255.255.255,12.5.0.0/255.255.0.0'
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.