Adding a rule to the Windows firewall

From ISXKB

(Difference between revisions)
Jump to: navigation, search
Line 1: Line 1:
-
If you want to add your application to the white list of the Windows firewall (Windows XP SP2, Vista, etc.), you can use the Net.exe application which is shipped with Windows:
+
If you want to add your application to the white list of the Windows firewall, do the following:
-
This goes all into one line in Inno Setup:
+
<pre>
 +
// Utility functions for Inno Setup
 +
//  used to add/remove programs from the windows firewall rules
 +
// Code originally from http://news.jrsoftware.org/news/innosetup/msg43799.html
-
    Filename: "{sys}\netsh.exe"; Parameters: "firewall add allowedprogram ""{app}\app.exe"" ""My App desc"" ENABLE ALL";
+
const
-
    StatusMsg: "My status msg..."; Flags: runhidden; MinVersion: 0,5.01.2600sp2;
+
  NET_FW_SCOPE_ALL = 0;
 +
  NET_FW_IP_VERSION_ANY = 2;
-
MinVersion will make sure that it only runs on Windows XP with SP2 or higher.
+
procedure SetFirewallException(AppName,FileName:string);
 +
var
 +
  FirewallObject: Variant;
 +
  FirewallManager: Variant;
 +
  FirewallProfile: Variant;
 +
begin
 +
  try
 +
    FirewallObject := CreateOleObject('HNetCfg.FwAuthorizedApplication');
 +
    FirewallObject.ProcessImageFileName := FileName;
 +
    FirewallObject.Name := AppName;
 +
    FirewallObject.Scope := NET_FW_SCOPE_ALL;
 +
    FirewallObject.IpVersion := NET_FW_IP_VERSION_ANY;
 +
    FirewallObject.Enabled := True;
 +
    FirewallManager := CreateOleObject('HNetCfg.FwMgr');
 +
    FirewallProfile := FirewallManager.LocalPolicy.CurrentProfile;
 +
    FirewallProfile.AuthorizedApplications.Add(FirewallObject);
 +
  except
 +
  end;
 +
end;
-
Ideally you should let the user decide whether he/she wants to add your application to the white list of the firewall with a [Tasks} entry:
+
procedure RemoveFirewallException( FileName:string );
 +
var
 +
  FirewallManager: Variant;
 +
  FirewallProfile: Variant;
 +
begin
 +
  try
 +
    FirewallManager := CreateOleObject('HNetCfg.FwMgr');
 +
    FirewallProfile := FirewallManager.LocalPolicy.CurrentProfile;
 +
    FireWallProfile.AuthorizedApplications.Remove(FileName);
 +
  except
 +
  end;
 +
end;
-
    [Tasks]
+
procedure CurStepChanged(CurStep: TSetupStep);
-
    ; Firewall starting from Windows XP SP2 (5.01.2600sp2)
+
begin
-
    Name: Firewall; Description: "Add an exception to the Windows Firewall"; GroupDescription: "Other tasks:"; MinVersion: 0,5.01.2600sp2;  
+
  if CurStep=ssPostInstall then
-
    ...
+
    SetFirewallException('My Server', ExpandConstant('{app}')+'\TCPServer.exe');
-
    ...
+
end;
-
    ...
+
-
    [Run]
+
-
    Filename: "{sys}\netsh.exe"; .........; Tasks: Firewall;
+
-
Finally don't forget to remove your program's firewall entry when you uninstall it with something like
+
procedure CurUninstallStepChanged(CurUninstallStep: TUninstallStep);
 +
begin
 +
  if CurUninstallStep=usPostUninstall then
 +
    RemoveFirewallException(ExpandConstant('{app}')+'\TCPServer.exe');
 +
end;
 +
</pre>
-
    [UninstallRun]
+
Alternatively you could want to use Net.exe.<BR>
-
    Filename: {sys}\netsh.exe; Parameters: "firewall delete allowedprogram program=""{app}\app.exe"""; Flags: runhidden;
+
The article at
-
    MinVersion: 0,5.01.2600sp2; Tasks: Firewall;
+
http://support.microsoft.com/kb/949543
 +
mentions that this method doesn't work for some Windows Editions like e.g. Vista Basic.
[[Category:Windows firewall]]
[[Category:Windows firewall]]

Revision as of 09:19, 22 February 2010

If you want to add your application to the white list of the Windows firewall, do the following:

// Utility functions for Inno Setup
//   used to add/remove programs from the windows firewall rules
// Code originally from http://news.jrsoftware.org/news/innosetup/msg43799.html

const
  NET_FW_SCOPE_ALL = 0;
  NET_FW_IP_VERSION_ANY = 2;

procedure SetFirewallException(AppName,FileName:string);
var
  FirewallObject: Variant;
  FirewallManager: Variant;
  FirewallProfile: Variant;
begin
  try
    FirewallObject := CreateOleObject('HNetCfg.FwAuthorizedApplication');
    FirewallObject.ProcessImageFileName := FileName;
    FirewallObject.Name := AppName;
    FirewallObject.Scope := NET_FW_SCOPE_ALL;
    FirewallObject.IpVersion := NET_FW_IP_VERSION_ANY;
    FirewallObject.Enabled := True;
    FirewallManager := CreateOleObject('HNetCfg.FwMgr');
    FirewallProfile := FirewallManager.LocalPolicy.CurrentProfile;
    FirewallProfile.AuthorizedApplications.Add(FirewallObject);
  except
  end;
end;

procedure RemoveFirewallException( FileName:string );
var
  FirewallManager: Variant;
  FirewallProfile: Variant;
begin
  try
    FirewallManager := CreateOleObject('HNetCfg.FwMgr');
    FirewallProfile := FirewallManager.LocalPolicy.CurrentProfile;
    FireWallProfile.AuthorizedApplications.Remove(FileName);
  except
  end;
end;

procedure CurStepChanged(CurStep: TSetupStep);
begin
  if CurStep=ssPostInstall then
     SetFirewallException('My Server', ExpandConstant('{app}')+'\TCPServer.exe');
end;

procedure CurUninstallStepChanged(CurUninstallStep: TUninstallStep);
begin
  if CurUninstallStep=usPostUninstall then
     RemoveFirewallException(ExpandConstant('{app}')+'\TCPServer.exe');
end;

Alternatively you could want to use Net.exe.
The article at http://support.microsoft.com/kb/949543 mentions that this method doesn't work for some Windows Editions like e.g. Vista Basic.

Personal tools
Ads: