diff --git a/.gitignore b/.gitignore index e6b8faba..51b5380f 100644 --- a/.gitignore +++ b/.gitignore @@ -253,3 +253,4 @@ ModelManifest.xml UndefinedMethods.txt /1.1.0 Changes.txt ~*.cs +*.zip diff --git a/Directory.Build.targets b/Directory.Build.targets index 4c9dc9ec..224b61c4 100644 --- a/Directory.Build.targets +++ b/Directory.Build.targets @@ -1,6 +1,7 @@ - $(MSBuildProjectDirectory)\bin\$(Configuration)\$(TargetFramework)\$(AssemblyName).xml + \bin\$(Configuration)\$(TargetFramework)\$(AssemblyName).xml + diff --git a/PInvoke/FirewallApi/IcfTypes.vb b/PInvoke/FirewallApi/IcfTypes.vb new file mode 100644 index 00000000..053f61a2 --- /dev/null +++ b/PInvoke/FirewallApi/IcfTypes.vb @@ -0,0 +1,313 @@ +Partial Public Module FirewallApi + + ''' The NET_FW_ACTION enumerated type specifies the action for a rule or default setting. + + Public Enum NET_FW_ACTION + + ''' Block traffic. + NET_FW_ACTION_BLOCK + + ''' Allow traffic. + NET_FW_ACTION_ALLOW + + ''' Maximum traffic. + NET_FW_ACTION_MAX + + End Enum + + ''' + ''' The NET_FW_AUTHENTICATE_TYPE enumerated type specifies the type of authentication which must occur in order for traffic to be allowed.. + ''' + + Public Enum NET_FW_AUTHENTICATE_TYPE + + ''' No security check is performed. + NET_FW_AUTHENTICATE_NONE + + ''' + ''' The traffic is allowed if it is IPsec-protected with authentication and no encapsulation protection. This means that the peer is + ''' authenticated, but there is no integrity protection on the data. + ''' + NET_FW_AUTHENTICATE_NO_ENCAPSULATION + + ''' The traffic is allowed if it is IPsec-protected with authentication and integrity protection. + NET_FW_AUTHENTICATE_WITH_INTEGRITY + + ''' + ''' The traffic is allowed if its is IPsec-protected with authentication and integrity protection. In addition, negotiation of + ''' encryption protections on subsequent packets is requested. + ''' + NET_FW_AUTHENTICATE_AND_NEGOTIATE_ENCRYPTION + + ''' + ''' The traffic is allowed if it is IPsec-protected with authentication, integrity and encryption protection since the very first packet. + ''' + NET_FW_AUTHENTICATE_AND_ENCRYPT + + End Enum + + ''' + ''' The NET_FW_EDGE_TRAVERSAL_TYPE enumerated type specifies the conditions under which edge traversal traffic is allowed. + ''' + ''' + ''' In order for Windows Firewall to dynamically allow edge traversal traffic, the application must use the IPV6_PROTECTION_LEVEL socket + ''' option on the listening socket and set it to PROTECTION_LEVEL_UNRESTRICTED only in the cases where edge traversal traffic + ''' should be allowed. The Windows Firewall rule added for the application must then set its edge traversal option to + ''' NET_FW_EDGE_TRAVERSAL_TYPE_DEFER_TO_APP or NET_FW_EDGE_TRAVERSAL_TYPE_DEFER_TO_USER. + ''' + + Public Enum NET_FW_EDGE_TRAVERSAL_TYPE + + ''' + ''' Edge traversal traffic is always blocked.This is the same as setting the EdgeTraversal property using INetFwRule to VARIANT_FALSE. + ''' + NET_FW_EDGE_TRAVERSAL_TYPE_DENY + + ''' + ''' Edge traversal traffic is always allowed.This is the same as setting the EdgeTraversal property using INetFwRule to VARIANT_TRUE. + ''' + NET_FW_EDGE_TRAVERSAL_TYPE_ALLOW + + ''' + ''' Edge traversal traffic is allowed when the application sets the IPV6_PROTECTION_LEVEL socket option to + ''' PROTECTION_LEVEL_UNRESTRICTED. Otherwise, it is blocked. + ''' + NET_FW_EDGE_TRAVERSAL_TYPE_DEFER_TO_APP + + ''' + ''' The user is prompted whether to allow edge traversal traffic when the application sets the IPV6_PROTECTION_LEVEL socket option + ''' to PROTECTION_LEVEL_UNRESTRICTED. If the user chooses to allow edge traversal traffic, the rule is modified to defer to the + ''' application's settings.If the application has not set the IPV6_PROTECTION_LEVEL socket option to PROTECTION_LEVEL_UNRESTRICTED, + ''' edge traversal traffic is blocked.In order to use this option, the firewall rule must have both the application path and + ''' protocol scopes specified. This option cannot be used if port(s) are defined. + ''' + NET_FW_EDGE_TRAVERSAL_TYPE_DEFER_TO_USER + + End Enum + + ''' + ''' + ''' [The Windows Firewall API is available for use in the operating systems specified in the Requirements section. It may be altered or + ''' unavailable in subsequent versions. For Windows Vista and later, use of the Windows Firewall with Advanced Security API is recommended.] + ''' + ''' + ''' [The Windows Firewall API is available for use in the operating systems specified in the Requirements section. It may be altered or + ''' unavailable in subsequent versions. For Windows Vista and later, use of the Windows Firewall with Advanced Security API is recommended.] + ''' + ''' The NET_FW_IP_PROTOCOL enumeration type specifies the Internet protocol. + ''' + + Public Enum NET_FW_IP_PROTOCOL + + ''' + NET_FW_IP_PROTOCOL_ANY = &H100 + + ''' Transmission Control Protocol. + NET_FW_IP_PROTOCOL_TCP = 6 + + ''' User Datagram Protocol. + NET_FW_IP_PROTOCOL_UDP = &H11 + + End Enum + + ''' + ''' + ''' [The Windows Firewall API is available for use in the operating systems specified in the Requirements section. It may be altered or + ''' unavailable in subsequent versions. For Windows Vista and later, use of the Windows Firewall with Advanced Security API is recommended.] + ''' + ''' The NET_FW_IP_VERSION enumerated type specifies the IP version for a port. + ''' + + Public Enum NET_FW_IP_VERSION + + ''' The port supports IPv4. + NET_FW_IP_VERSION_V4 + + ''' The port supports IPv6. + NET_FW_IP_VERSION_V6 + + ''' The port supports either version of IP. + NET_FW_IP_VERSION_ANY + + ''' This value is used for boundary checking only and is not valid for application programming. + NET_FW_IP_VERSION_MAX + + End Enum + + ''' The NET_FW_MODIFY_STATE enumerated type specifies the effect of modifications to the current policy. + + Public Enum NET_FW_MODIFY_STATE + + ''' Changing or adding a firewall rule or firewall group to the current profile will take effect. + NET_FW_MODIFY_STATE_OK + + ''' + ''' Changing or adding a firewall rule or firewall group to the current profile will not take effect because the profile is + ''' controlled by the group policy. + ''' + NET_FW_MODIFY_STATE_GP_OVERRIDE + + ''' + ''' Changing or adding a firewall rule or firewall group to the current profile will not take effect because unsolicited inbound + ''' traffic is not allowed. + ''' + NET_FW_MODIFY_STATE_INBOUND_BLOCKED + + End Enum + + ''' + ''' + ''' [The Windows Firewall API is available for use in the operating systems specified in the Requirements section. It may be altered or + ''' unavailable in subsequent versions. For Windows Vista and later, use of the Windows Firewall with Advanced Security API is recommended.] + ''' + ''' The NET_FW_POLICY_TYPE enumerated type specifies the type of policy. + ''' + + Public Enum NET_FW_POLICY_TYPE + + ''' Policy type is group. + NET_FW_POLICY_GROUP + + ''' Policy type is local. + NET_FW_POLICY_LOCAL + + ''' Policy type is effective. + NET_FW_POLICY_EFFECTIVE + + ''' Used for boundary checking only. Not valid for application programming. + NET_FW_POLICY_TYPE_MAX + + End Enum + + ''' + ''' + ''' [The Windows Firewall API is available for use in the operating systems specified in the Requirements section. It may be altered or + ''' unavailable in subsequent versions. For Windows Vista and later, use of the Windows Firewall with Advanced Security API is recommended.] + ''' + ''' The NET_FW_PROFILE_TYPE enumerated type specifies the type of profile. + ''' + + Public Enum NET_FW_PROFILE_TYPE + + ''' Profile type is domain. + NET_FW_PROFILE_DOMAIN + + ''' Profile type is standard. + NET_FW_PROFILE_STANDARD + + ''' Profile type is current. + NET_FW_PROFILE_CURRENT + + ''' Used for boundary checking only. Not valid for application programming. + NET_FW_PROFILE_TYPE_MAX + + End Enum + + ''' The NET_FW_PROFILE_TYPE2 enumerated type specifies the type of profile. + + + Public Enum NET_FW_PROFILE_TYPE2 + + ''' + NET_FW_PROFILE2_ALL = &H7FFFFFFF + + ''' Profile type is domain. + NET_FW_PROFILE2_DOMAIN = 1 + + ''' Profile type is private. This profile type is used for home and other private network types. + NET_FW_PROFILE2_PRIVATE = 2 + + ''' Profile type is public. This profile type is used for public Internet access points. + NET_FW_PROFILE2_PUBLIC = 4 + + End Enum + + ''' The NET_FW_RULE_CATEGORY enumerated type specifies the firewall rule category. + ''' For more information about using NET_FW_RULE_CATEGORY, download the Windows Firewall and User Facing Impact document. + + Public Enum NET_FW_RULE_CATEGORY + + ''' Specifies boot time filters. + NET_FW_RULE_CATEGORY_BOOT + + ''' Specifies stealth filters. + NET_FW_RULE_CATEGORY_STEALTH + + ''' Specifies firewall filters. + NET_FW_RULE_CATEGORY_FIREWALL + + ''' Specifies connection security filters. + NET_FW_RULE_CATEGORY_CONSEC + + ''' Maximum value for testing purposes. + NET_FW_RULE_CATEGORY_MAX + + End Enum + + ''' The NET_FW_RULE_DIRECTION enumerated type specifies the direction of traffic to which a rule applies. + + Public Enum NET_FW_RULE_DIRECTION + + ''' The rule applies to inbound traffic. + NET_FW_RULE_DIR_IN = 1 + + ''' The rule applies to outbound traffic. + NET_FW_RULE_DIR_OUT = 2 + + ''' This value is used for boundary checking only and is not valid for application programming. + NET_FW_RULE_DIR_MAX = 3 + + End Enum + + ''' + ''' + ''' [The Windows Firewall API is available for use in the operating systems specified in the Requirements section. It may be altered or + ''' unavailable in subsequent versions. For Windows Vista and later, use of the Windows Firewall with Advanced Security API is recommended.] + ''' + ''' The NET_FW_SCOPE enumerated type specifies the scope of addresses from which a port can listen. + ''' + + Public Enum NET_FW_SCOPE + + ''' Scope is all. + NET_FW_SCOPE_ALL + + ''' Scope is local subnet only. + NET_FW_SCOPE_LOCAL_SUBNET + + ''' Scope is custom. + NET_FW_SCOPE_CUSTOM + + ''' Used for boundary checking only. Not valid for application programming. + NET_FW_SCOPE_MAX + + End Enum + + ''' + ''' + ''' [The Windows Firewall API is available for use in the operating systems specified in the Requirements section. It may be altered or + ''' unavailable in subsequent versions. For Windows Vista and later, use of the Windows Firewall with Advanced Security API is recommended.] + ''' + ''' The NET_FW_SERVICE_TYPE enumerated type specifies the type of service. + ''' + + Public Enum NET_FW_SERVICE_TYPE + + ''' Service type is File and Print Sharing. + NET_FW_SERVICE_FILE_AND_PRINT + + ''' Service type is UPnP Framework. + NET_FW_SERVICE_UPNP + + ''' Service type is Remote Desktop. + NET_FW_SERVICE_REMOTE_DESKTOP + + ''' Not a valid service type. This is used to indicate that a port is not part of a service. + NET_FW_SERVICE_NONE + + ''' Used for boundary checking only. Not valid for application programming. + NET_FW_SERVICE_TYPE_MAX + + End Enum + +End Module \ No newline at end of file diff --git a/PInvoke/FirewallApi/NetFW.Funcs.vb b/PInvoke/FirewallApi/NetFW.Funcs.vb new file mode 100644 index 00000000..86bf633b --- /dev/null +++ b/PInvoke/FirewallApi/NetFW.Funcs.vb @@ -0,0 +1,381 @@ +Imports System.Runtime.InteropServices +Imports System.Runtime.InteropServices.CustomMarshalers + +Partial Public Module FirewallApi + + Friend Const Lib_Firewallapi As String = "firewallapi.dll" + + ''' + ''' The PAC_CHANGES_CALLBACK_FN function is used to add custom behavior to the app container change notification process. + ''' + ''' TOptional context pointer. + ''' + ''' Call NetworkIsolationRegisterForAppContainerChanges to register this callback function. + + + Public Delegate Sub PAC_CHANGES_CALLBACK_FN(<[In], Out, [Optional]> ByVal context As IntPtr, <[In]> ByRef pChange As INET_FIREWALL_AC_CHANGE) + + ''' Callback used by . + ''' TOptional context pointer. + ''' The WSZ enterprise identifier. + ''' The dw error. + + + Public Delegate Sub PNETISO_EDP_ID_CALLBACK_FN(<[In], Out, [Optional]> ByVal context As IntPtr, <[In], [Optional], MarshalAs(UnmanagedType.LPWStr)> ByVal wszEnterpriseId As String, ByVal dwErr As Win32Error) + + ''' + ''' The INET_FIREWALL_AC_CREATION_TYPE enumeration specifies the type of app container creation events for which notifications + ''' will be delivered. + ''' + + + Public Enum INET_FIREWALL_AC_CREATION_TYPE + + ''' This value is reserved for system use. + INET_FIREWALL_AC_NONE = &H0 + + ''' Notifications will be delivered when an app container is created with a package identifier. + INET_FIREWALL_AC_PACKAGE_ID_ONLY = &H1 + + ''' Notifications will be delivered when an app container is created with a binary path. + INET_FIREWALL_AC_BINARY = &H2 + + ''' Maximum value for testing purposes. + INET_FIREWALL_AC_MAX = &H4 + + End Enum + + ''' The NETISO_ERROR_TYPE enumerated type specifies the type of error related to a network isolation operation. + + Public Enum NETISO_ERROR_TYPE + + ''' No error. + NETISO_ERROR_TYPE_NONE + + ''' The failure was caused because the privateNetworkClientServer capability is missing. + NETISO_ERROR_TYPE_PRIVATE_NETWORK + + ''' The failure was caused because the internetClient capability is missing. + NETISO_ERROR_TYPE_INTERNET_CLIENT + + ''' The failure was caused because the internetClientServer capability is missing. + NETISO_ERROR_TYPE_INTERNET_CLIENT_SERVER + + ''' Maximum value for testing purposes. + NETISO_ERROR_TYPE_MAX + + End Enum + + ''' The NETISO_FLAG enumerated type specifies whether binaries should be returned for app containers. + ''' + ''' By default, binaries are not returned. NETISO_FLAG_FORCE_COMPUTE_BINARIES must be set in order for these to be returned. + ''' + + + Public Enum NETISO_FLAG + + ''' + ''' Specifies that all binaries will be computed before the app container is returned.This flag should be set if the caller requires + ''' up-to-date and complete information on app container binaries. If this flag is not set, returned data may be stale or incomplete. + ''' + NETISO_FLAG_FORCE_COMPUTE_BINARIES = &H1 + + ''' Maximum value for testing purposes. + NETISO_FLAG_MAX = &H2 + + End Enum + + ''' A bitmask value of control flags which specify the context of . + + Public Enum NETISO_GEID + + ''' + ''' Default API behavior. Returns the Enterprise ID for Enterprise resources. Returns NULL for Personal resources. For Neutral + ''' resources, returns Enterprise ID if it is called from an Enterprise context, or returns NULL if it is called from a Personal context. + ''' + NETISO_GEID_DEFAULT = &H0 + + ''' Used in the context of the Windows Defender Application Guard (WDAG) scenario. + NETISO_GEID_FOR_WDAG = &H1 + + ''' + ''' Used by applications that are aware of neutral resources. For Neutral resources the API will return L”*”. For Enterprise + ''' resources the API will return the Enterprise ID. For Personal resources the API will return NULL. + ''' + NETISO_GEID_FOR_NEUTRAL_AWARE = &H2 + + ''' + ''' Forces API to check the resource even in cases when neither Windows Information Protection nor Windows Defender Application + ''' Guard are enabled. + ''' + NETISO_GEID_FORCE_TO_CHECK = &H4 + + End Enum + + ''' + ''' The NetworkIsolationEnumAppContainers function enumerates all of the app containers that have been created in the system. + ''' + ''' + ''' Type: DWORD + ''' + ''' May be set to NETISO_FLAG_FORCE_COMPUTE_BINARIES to ensure that all binaries are computed before the app container is + ''' returned. This flag should be set if the caller requires up-to-date and complete information on app container binaries. If this flag + ''' is not set, returned data may be stale or incomplete. + ''' + ''' See NETISO_FLAG for more information. + ''' + ''' + ''' Type: DWORD* + ''' The number of app containers in the ppPublicAppCs member. + ''' + ''' + ''' Type: PINET_FIREWALL_APP_CONTAINER* + ''' The list of app container structure elements. + ''' + ''' + ''' Type: DWORD + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + ''' ERROR_OUTOFMEMORY will be returned if memory is unavailable. + ''' + ''' If no app containers are installed on the system, ERROR_SUCCESS will still be returned (and ppPublicAppCs will be empty). + + + Public Function NetworkIsolationEnumAppContainers(ByVal Flags As NETISO_FLAG, ByRef pdwNumPublicAppCs As UInteger, ByRef ppPublicAppCs As IntPtr) As Win32Error + End Function + + ''' The NetworkIsolationEnumerateAppContainerRules function enumerates all of the rules related to app containers. + ''' + ''' Type: IEnumVARIANT** + ''' Enumerator interface of an INetFwRule3 object that represents the rules enforcing app containers. + ''' + ''' + ''' Type: HRESULT + ''' If this function succeeds, it returns S_OK. Otherwise, it returns an HRESULT error code. + ''' + + + Public Function NetworkIsolationEnumerateAppContainerRules( ByRef newEnum As IEnumerable) As HRESULT + End Function + + ''' + ''' + ''' Gets the Enterprise ID based on Network Isolation endpoints in the context of the Windows Information Protection (WIP) or the + ''' Windows Defender Application Guard (WDAG) scenarios. If neither WIP nor WDAG are on, the API returns NULL, unless the flag + ''' NETISO_GEID_FORCE_TO_CHECK is passed. The Enterprise ID can be any string different from NULL or “*”. + ''' + ''' Example of NetworkIsolationGetEnterpriseIdAsync usage: https://github.com/microsoft/EnterpriseStateClassify + ''' + ''' The name of the Enterprise Data Protection Server. + ''' + ''' A bitmask value of control flags which specify the context of the API call. May contain one or more of the following flags. + ''' + ''' + ''' Value + ''' Meaning + ''' + ''' + ''' NETISO_GEID_DEFAULT 0x00 + ''' + ''' Default API behavior. Returns the Enterprise ID for Enterprise resources. Returns NULL for Personal resources. For Neutral + ''' resources, returns Enterprise ID if it is called from an Enterprise context, or returns NULL if it is called from a Personal context. + ''' + ''' + ''' + ''' NETISO_GEID_FOR_WDAG 0x01 + ''' Used in the context of the Windows Defender Application Guard (WDAG) scenario. + ''' + ''' + ''' NETISO_GEID_FOR_NEUTRAL_AWARE 0x02 + ''' + ''' Used by applications that are aware of neutral resources. For Neutral resources the API will return L”*”. For Enterprise resources + ''' the API will return the Enterprise ID. For Personal resources the API will return NULL. + ''' + ''' + ''' + ''' NETISO_GEID_FORCE_TO_CHECK 0x04 + ''' + ''' Forces API to check the resource even in cases when neither Windows Information Protection nor Windows Defender Application Guard + ''' are enabled. + ''' + ''' + ''' + ''' + ''' Optional context pointer. + ''' Function pointer that will be invoked when a notification is ready for delivery. + ''' The handle for the Enterprise Data Protection Server endpoints. + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + + + Public Function NetworkIsolationGetEnterpriseIdAsync( ByVal wszServerName As String, ByVal dwFlags As NETISO_GEID, + <[In], [Optional]> ByVal context As IntPtr, ByVal callback As PNETISO_EDP_ID_CALLBACK_FN, ByRef hOperation As HANDLE) As Win32Error + End Function + + ''' + ''' + ''' This API is used for closing the handle returned by NetworkIsolationGetEnterpriseIdAsync as well as for synchronizing the operation. + ''' + ''' Example of NetworkIsolationGetEnterpriseIdClose usage: https://github.com/microsoft/EnterpriseStateClassify + ''' + ''' The handle to release. + ''' Indicates whether to wait for synchronization. + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + + + Public Function NetworkIsolationGetEnterpriseIdClose(ByVal hOperation As HANDLE, ByVal bWaitForOperation As Boolean) As Win32Error + End Function + + ''' The NetworkIsolationSetAppContainerConfig function is used to set the configuration of one or more app containers. + ''' + ''' Type: DWORD + ''' The number of app containers in the appContainerSids member. + ''' + ''' + ''' Type: PSID_AND_ATTRIBUTES + ''' The security identifiers (SIDs) of app containers that are allowed to send loopback traffic. Used for debugging purposes. + ''' + ''' + ''' Type: DWORD + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + ''' + ''' + ''' Note that it is the calling program's responsibility to first call the NetworkIsolationGetAppContainerConfig function in + ''' order to retrieve and preserve the app container SIDs already configured to send loopback traffic. + ''' + + + Public Function NetworkIsolationSetAppContainerConfig(ByVal dwNumPublicAppCs As UInteger, <[In]> ByVal appContainerSids As IntPtr) As Win32Error + End Function + + ''' + ''' The NetworkIsolationSetupAppContainerBinaries function is used by software installers to provide information about the image + ''' paths of applications that are running in an app container. This information is provided to third-party firewall applications about + ''' the applications in order to enhance user experience and security decisions. + ''' + ''' + ''' Type: PSID + ''' The package identifier of the app container. + ''' + ''' + ''' Type: LPCWSTR + ''' + ''' A string representing the package identity of the app that owns this app container. Contains the 5-part tuple as individual fields + ''' (name, version, architecture, resourceid, publisher). + ''' + ''' + ''' + ''' Type: LPCWSTR + ''' The file location of the app that owns this app container. + ''' + ''' + ''' Type: LPCWSTR + ''' The friendly name of the app container. + ''' + ''' + ''' Type: BOOL + ''' True if the binary files are being provided by the caller; otherwise, false. + ''' + ''' + ''' Type: LPCWSTR* + ''' An array of paths to the applications running in the app container. + ''' + ''' + ''' Type: DWORD + ''' The number of paths contained in the binaries parameter. + ''' + ''' + ''' Type: HRESULT + ''' If the function succeeds, it returns S_OK. + ''' + ''' If the function fails, it returns an HRESULT value that indicates the error. For a list of common error codes, see Common + ''' HRESULT Values. + ''' + ''' + ''' + ''' Applications creating an app container can use NetworkIsolationSetupAppContainerBinaries to provide third-party firewall + ''' applications with the direct path to applications running inside that app container. + ''' + + + Public Function NetworkIsolationSetupAppContainerBinaries(ByVal applicationContainerSid As PSID, ByVal packageFullName As String, + ByVal packageFolder As String, + ByVal displayName As String, + ByVal bBinariesFullyComputed As Boolean, + <[In], MarshalAs(UnmanagedType.LPArray, ArraySubType:=UnmanagedType.LPWStr)> ByVal binaries As String(), + ByVal binariesCount As UInteger) As HRESULT + End Function + + ''' The INET_FIREWALL_AC_BINARIES structure contains the binary paths to applications running in an app container. + + + Public Structure INET_FIREWALL_AC_BINARIES + + ''' The number of paths in the binaries member. + Public count As UInteger + + ''' Paths to the applications running in the app container. + Public binaries As IntPtr + + End Structure + + ''' The INET_FIREWALL_AC_CHANGE structure contains information about a change made to an app container. + + + Public Structure INET_FIREWALL_AC_CHANGE + + ''' + ''' Type: INET_FIREWALL_AC_CHANGE_TYPE + ''' The type of change made. + ''' + Public changeType As INET_FIREWALL_AC_CHANGE_TYPE + + ''' + ''' Type: INET_FIREWALL_AC_CREATION_TYPE + ''' The method by which the app container was created. + ''' + Public createType As INET_FIREWALL_AC_CREATION_TYPE + + ''' + ''' Type: SID* + ''' The package identifier of the app container + ''' + Public appContainerSid As PSID + + ''' + ''' Type: SID* + ''' The security identifier (SID) of the user to whom the app container belongs. + ''' + Public userSid As PSID + + ''' + ''' Type: LPWSTR + ''' Friendly name of the app container. + ''' + + Public displayName As String + + ''' + Public union As UNIONType + + ''' + + Public Structure UNIONType + + ''' + ''' Type: INET_FIREWALL_AC_CAPABILITIES + ''' Information about the capabilities of the changed app container. + ''' + + Public capabilities As INET_FIREWALL_AC_CAPABILITIES + + ''' + ''' Type: INET_FIREWALL_AC_BINARIES + ''' Binary paths to the applications running in the changed app container. + ''' + + Public binaries As INET_FIREWALL_AC_BINARIES + + End Structure + + End Structure + +End Module \ No newline at end of file diff --git a/PInvoke/FirewallApi/NetFW.vb b/PInvoke/FirewallApi/NetFW.vb new file mode 100644 index 00000000..94d5f0e6 --- /dev/null +++ b/PInvoke/FirewallApi/NetFW.vb @@ -0,0 +1,2814 @@ +Imports System.Runtime.CompilerServices +Imports System.Runtime.InteropServices +Imports System.Runtime.InteropServices.CustomMarshalers + +Partial Public Module FirewallApi + +#Disable Warning BC40000 ' Obsolete LPStruct + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' + ''' The INetFwAuthorizedApplication interface provides access to the properties of an application that has been authorized have + ''' openings in the firewall. + ''' + ''' + ''' + ''' When creating New applications, this interface Is supported by the HNetCfg.FwAuthorizedApplication COM object. + ''' + ''' For reading Or modifying existing applications, instances of this interface are retrieved through the INetFwAuthorizedApplications collection. + ''' + ''' All configuration changes take effect immediately. + ''' + + Public Interface INetFwAuthorizedApplication + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the friendly name of this application. + ''' This property Is read/write. + ''' + ''' This property Is required. + + Property Name As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the process image file name for this application. + ''' This property Is read/write. + ''' + ''' + ''' + ''' The image file name must be a fully qualified path And reference an existing application. The name may contain environment variables. + ''' + ''' This property Is required. + ''' A demonstration of this property can be found in the VBScript code example Adding an Application. + ''' + + Property ProcessImageFileName As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the IP version setting for this application. + ''' This property Is read/write. + ''' + ''' Only NET_FW_IP_VERSION_ANY Is supported And this Is the default for New applications. + + Property IpVersion As NET_FW_IP_VERSION + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Controls the network scope from which the port can listen. + ''' This property Is read/write. + ''' + ''' + ''' When setting the Scope property, only NET_FW_SCOPE_ALL And NET_FW_SCOPE_LOCAL_SUBNET are valid. + ''' The default value Is NET_FW_SCOPE_ALL for New ports. + ''' To create a custom scope, use the RemoteAddresses property. + ''' + + Property Scope As NET_FW_SCOPE + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies a set of the remote addresses from which the application can listen for traffic. + ''' This property Is read/write. + ''' + ''' + ''' + ''' The remoteAddrs parameter consists of one Or more comma-delimited tokens specifying the remote addresses from which the + ''' application can listen for traffic. The default value Is "*". + ''' + ''' Valid tokens: + ''' + ''' + ''' "*": any remote address; If present, it must be the only token. + ''' + ''' + ''' "LocalSubnet": Not case-sensitive; specifying more than once has no effect. + ''' + ''' + ''' + ''' subnet: may be specified Using either subnet mask Or network prefix notation. If neither a subnet mask nor a network prefix Is + ''' specified, the subnet mask defaults to 255.255.255.255. Examples of valid subnets: 10.0.0.2/255.0.0.0 10.0.0.2/8 10.0.0.2 + ''' + ''' + ''' + ''' Windows Vista: A valid IPv6 address. + ''' + ''' + ''' Windows Vista: An IPv4 address range In the format "start address - end address." + ''' + ''' + ''' Windows Vista: An IPv6 address range In the format "start address - end address." + ''' + ''' + ''' For a predefined address range, use the Scope property. + ''' + + Property RemoteAddresses As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether the settings for this application are currently enabled. + ''' This property Is read/write. + ''' + ''' + ''' + ''' This property can be set to false ( VARIANT_FALSE) to allow application settings to be stored in the + ''' INetFWAuthorizedApplications collection without actually authorizing the application. + ''' + ''' The default value Is true ( VARIANT_TRUE) for New applications. + ''' + + Property Enabled As Boolean + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' + ''' The INetFwAuthorizedApplications interface provides access to a collection of applications authorized open ports in the firewall. + ''' + ''' + ''' + ''' An instance of this interface Is retrieved through the AuthorizedApplications property of the INetFwProfile interface. + ''' All configuration changes take effect immediately. + ''' + + Public Interface INetFwAuthorizedApplications + Inherits IEnumerable + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the number of items in the collection. + ''' This property Is read-only. + ''' + ''' None + + ReadOnly Property Count As Integer + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The Add method adds a New application to the collection. + ''' + ''' TBD + ''' If an application with the same path already exists, the existing settings are overwritten. + + Sub Add(<[In], MarshalAs(UnmanagedType.Interface)> ByVal app As INetFwAuthorizedApplication) + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The Remove method removes an application from the collection. + ''' + ''' Application name to be removed. + ''' + ''' The imageFileName parameter must be a fully qualified path And may contain environment variables. + ''' If the application does Not exist in the collection, the Remove method has no effect. + ''' + + Sub Remove(<[In], MarshalAs(UnmanagedType.BStr)> ByVal imageFileName As String) + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The Item method returns the specified application if it Is in the collection. + ''' + ''' Application to retrieve. + ''' TBD + + Function Item(<[In], MarshalAs(UnmanagedType.BStr)> ByVal imageFileName As String) As INetFwAuthorizedApplication + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Returns an object supporting IEnumVARIANT that can be used to iterate through all the applications in the collection. + ''' + ''' Iteration through a collection Is done using the for each construct in VBScript. See Iterating a Collection for an example. + ''' + ''' This property Is read-only. + ''' + ''' + + Overloads Function GetEnumerator() As IEnumerator + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The INetFwIcmpSettings interface provides access to the settings controlling ICMP packets. + ''' + ''' + ''' Instances of this interface are retrieved through the IcmpSettings property of the INetFwProfile interface. + ''' + ''' Because the methods And properties of this interface enable all rules belonging to a given ICMP type, enabling a rule may enable + ''' rules from other groups as well. + ''' + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwIcmpSettings + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether this Is allowed. + ''' This property Is read/write. + ''' + ''' This setting Is common to IPv4 And IPv6. + + Property AllowOutboundDestinationUnreachable As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether redirect Is allowed. + ''' This property Is read/write. + ''' + ''' This setting Is common to IPv4 And IPv6. + + Property AllowRedirect As Boolean + + ''' Gets Or sets a flag indicating whether to allow inbound echo requests. + + Property AllowInboundEchoRequest As Boolean + + ''' Gets Or sets a flag indicating whether to allow outbound time exceeded messages. + + Property AllowOutboundTimeExceeded As Boolean + + ''' Gets Or sets a flag indicating whether to allow outbound parameter problem messages. + + Property AllowOutboundParameterProblem As Boolean + + ''' Gets Or sets a flag indicating whether to allow outbound source quench messages. + + Property AllowOutboundSourceQuench As Boolean + + ''' Gets Or sets a flag indicating whether to allow inbound router requests. + + Property AllowInboundRouterRequest As Boolean + + ''' Gets Or sets a flag indicating whether to allow inbound timestamp requests. + + Property AllowInboundTimestampRequest As Boolean + + ''' Gets Or sets a flag indicating whether to allow inbound mask requests. + + Property AllowInboundMaskRequest As Boolean + + ''' Gets Or sets a flag indicating whether to allow outbound packet too big messages. + + Property AllowOutboundPacketTooBig As Boolean + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The INetFwMgr interface provides access to the firewall settings for a computer. + ''' + ''' + ''' + ''' Windows Vista: Windows Vista users must use applications developed in Windows Vista for all methods And properties of this interface. + ''' + ''' This interface Is supported by the HNetCfg.FwMgr COM object. + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwMgr + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the local firewall policy. + ''' This property Is read-only. + ''' + + ReadOnly Property LocalPolicy As INetFwPolicy + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the type of firewall profile currently in effect. + ''' This property Is read-only. + ''' + ''' The SharedAccess service must be running. + + ReadOnly Property CurrentProfileType As NET_FW_PROFILE_TYPE + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Restores the local configuration to its default, installed state. + ''' + ''' + ''' This method deletes all user And application-added applications And ports that return the system to its installed state. This + ''' includes restoring the defaults for Internet Connection Sharing. + ''' + + Sub RestoreDefaults() + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Determines whether an application can listen for inbound traffic on the specified port. + ''' + ''' + ''' The image file name of the process listening on the network. It must be a fully qualified path, but may contain environment + ''' variables. If imageFileName Is NULL, the function determines whether the port Is allowed for all applications. + ''' + ''' IP version of the traffic. If localAddress Is non- NULL, this must Not be NET_FW_IP_VERSION_ANY. + ''' Local IP port number of the traffic. + ''' + ''' Either a dotted-decimal IPv4 address Or an IPv6 hex address specifying the local address of the traffic. Typically, this Is the + ''' address passed to bind. If localAddress Is NULL, the function determines whether the port Is allowed for all interfaces. + ''' + ''' IP protocol of the traffic, either NET_FW_IP_PROTOCOL_TCP Or NET_FW_IP_PROTOCOL_UDP. + ''' + ''' Indicates by a value of VARIANT_TRUE Or VARIANT_FALSE whether the port Is allowed for at least some local interfaces And remote addresses. + ''' + ''' + ''' Indicates by a value of VARIANT_TRUE Or VARIANT_FALSE whether some local interfaces Or remote addresses are blocked for this + ''' port. For example, if the port Is restricted to the local subnet only. + ''' + ''' + ''' The INetFwPolicy2:IsRuleGroupEnabled method Is generally recommended In place Of this method. + ''' The IsPortAllowed method checks whether traffic will be allowed with the current firewall configuration for: + ''' + ''' + ''' A specific application. + ''' + ''' + ''' A specific port. + ''' + ''' + ''' A specific application on a specific port. + ''' + ''' + ''' + ''' In its operation IsPortAllowed considers whether the firewall Is currently enabled Or disabled, whether the application + ''' Is allowed in the current profile Exceptions List, whether the port Is allowed in the current profile Exceptions List, whether + ''' the file And print sharing option has been enabled, And whether the remote administration option has been enabled. + ''' + ''' + ''' Because of the many factors in determining whether a port Is allowed, the more specific information that Is given via this + ''' method's input parameters, the more likely a clear result with meaningful restrictions will be returned. + ''' + ''' + + Sub IsPortAllowed(<[In], [Optional], MarshalAs(UnmanagedType.BStr)> ByVal imageFileName As String, <[In]> ByVal ipVersion As NET_FW_IP_VERSION, <[In]> ByVal portNumber As Integer, + <[In], [Optional], MarshalAs(UnmanagedType.BStr)> ByVal localAddress As String, <[In]> ByVal ipProtocol As NET_FW_IP_PROTOCOL, + ByRef allowed As Boolean, ByRef restricted As Boolean) + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Determines whether the specified ICMP type Is allowed. + ''' + ''' + ''' IP version of the traffic. This cannot be NET_FW_IP_VERSION_ANY. + ''' IP version of the traffic. This cannot be NET_FW_IP_VERSION_ANY. + ''' + ''' + ''' + ''' Either a dotted-decimal IPv4 address Or an IPv6 hex address specifying the local address of the traffic. Typically, this Is the + ''' address passed to bind. If localAddress Is NULL, the function determines whether the port Is allowed for all interfaces. + ''' + ''' + ''' Either a dotted-decimal IPv4 address Or an IPv6 hex address specifying the local address of the traffic. Typically, this Is the + ''' address passed to bind. If localAddress Is NULL, the function determines whether the port Is allowed for all interfaces. + ''' + ''' + ''' + ''' ICMP type. For a list of possible ICMP types, see ICMP Type Numbers. + ''' ICMP type. + ''' + ''' + ''' + ''' Indicates by a value of VARIANT_TRUE Or VARIANT_FALSE whether the port Is allowed for at least some local interfaces And remote addresses. + ''' + ''' + ''' Indicates by a value of VARIANT_TRUE Or VARIANT_FALSE whether the port Is allowed for at least some local interfaces And remote addresses. + ''' + ''' + ''' + ''' + ''' Indicates by a value of VARIANT_TRUE Or VARIANT_FALSE whether some local interfaces Or remote addresses are blocked for this + ''' port. For example, if the port Is restricted to the local subnet only. + ''' + ''' + ''' Indicates by a value of VARIANT_TRUE Or VARIANT_FALSE whether some local interfaces Or remote addresses are blocked for this + ''' port. For example, if the port Is restricted to the local subnet only. + ''' + ''' + ''' The INetFwPolicy2:IsRuleGroupEnabled method Is generally recommended In place Of this method. + + Sub IsIcmpTypeAllowed(<[In]> ByVal ipVersion As NET_FW_IP_VERSION, <[In], [Optional], MarshalAs(UnmanagedType.BStr)> ByVal localAddress As String, + <[In]> ByVal type As Byte, ByRef allowed As Boolean, ByRef restricted As Boolean) + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The INetFwOpenPort interface provides access to the properties of a port that has been opened in the firewall. + ''' + ''' + ''' Ports with their BuiltIn property set to true ( VARIANT_TRUE) are system specified And cannot be removed. + ''' When creating New ports, this interface Is supported by the HNetCfg.FWOpenPort COM object. + ''' For reading Or modifying existing ports, instances of this interface are retrieved through the INetFwOpenPortscollection. + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwOpenPort + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the friendly name of this port. + ''' This property Is read/write. + ''' + ''' This property Is required. + + Property Name As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the IP version setting for this port. + ''' This property Is read/write. + ''' + ''' Only NET_FW_IP_VERSION_ANY Is supported And this Is the default for New ports. + + Property IpVersion As NET_FW_IP_VERSION + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the protocol type setting for this port. + ''' This property Is read/write. + ''' + ''' The default protocol type Is TCP for New ports. + + Property Protocol As NET_FW_IP_PROTOCOL + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifiess the host-ordered port number for this port. + ''' This property Is read/write. + ''' + + Property Port As Integer + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Controls the network scope from which the port can listen. + ''' This property Is read/write. + ''' + ''' + ''' When setting the Scope property, only NET_FW_SCOPE_ALL And NET_FW_SCOPE_LOCAL_SUBNET are valid. + ''' The default value Is NET_FW_SCOPE_ALL for New ports. + ''' To create a custom scope, use the RemoteAddresses property. + ''' + + Property Scope As NET_FW_SCOPE + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies a set of remote addresses from which the port can listen for traffic. + ''' This property Is read/write. + ''' + ''' + ''' + ''' The remoteAddrs parameter consists of one Or more comma-delimited tokens specifying the remote addresses from which the + ''' application can listen for traffic. The default value Is "*". + ''' + ''' Valid tokens: + ''' + ''' + ''' "*": any remote address; If present, it must be the only token. + ''' + ''' + ''' "LocalSubnet": Not case-sensitive; specifying more than once has no effect. + ''' + ''' + ''' + ''' subnet: may be specified Using either subnet mask Or network prefix notation. If neither a subnet mask nor a network prefix Is + ''' specified, the subnet mask defaults to 255.255.255.255. Examples of valid subnets: 10.0.0.2/255.0.0.0 10.0.0.2/8 10.0.0.2 + ''' + ''' + ''' + ''' Windows Vista: A valid IPv6 address. + ''' + ''' + ''' Windows Vista: An IPv4 address range In the format "start address - end address." + ''' + ''' + ''' Windows Vista: An IPv6 address range In the format "start address - end address." + ''' + ''' + ''' For a predefined address range, use the Scope property. + ''' + + Property RemoteAddresses As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether the settings for this port are currently enabled. + ''' This property Is read/write. + ''' + ''' + ''' + ''' This property can be set to false ( VARIANT_FALSE) to allow port settings to be stored in the INetFWOpenPorts collection + ''' without actually opening the port. + ''' + ''' The default value Is true ( VARIANT_TRUE) for New ports. + ''' + + Property Enabled As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether the port Is defined by the system. + ''' This property Is read-only. + ''' + ''' + ''' Ports with their BuiltIn property set to true ( VARIANT_TRUE) are system specified And cannot be removed, only the + ''' Enabled, RemoteAddress, And Scope properties can be modified. + ''' + + ReadOnly Property BuiltIn As Boolean + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The INetFwOpenPorts interface Is a standard Automation collection interface. + ''' + ''' + ''' An instance of this interface Is retrieved through the GloballyOpenPorts property of the INetFwProfile interface. + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwOpenPorts + Inherits IEnumerable + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves a read-only element yielding the number of items in the collection. + ''' This property Is read-only. + ''' + + ReadOnly Property Count As Integer + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Opens a New port And adds it to the collection. + ''' + ''' Port to add to the collection. + ''' If the port Is already open, the existing settings are overwritten. + + Sub Add(<[In], MarshalAs(UnmanagedType.Interface)> ByVal Port As INetFwOpenPort) + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Closes a port And removes it from the collection. + ''' + ''' Port number to remove. + ''' Protocol of the port to remove. + ''' If the port Is already closed ,the Remove method has no effect. + + Sub Remove(<[In]> ByVal portNumber As Integer, <[In]> ByVal ipProtocol As NET_FW_IP_PROTOCOL) + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Returns the specified port if it Is in the collection. + ''' + ''' Port number to find. + ''' Protocol of the port to find by type NET_FW_IP_PROTOCOL. + ''' + ''' Reference to the returned INetFwOpenPort object. + ''' + + Function Item(<[In]> ByVal portNumber As Integer, <[In]> ByVal ipProtocol As NET_FW_IP_PROTOCOL) As INetFwOpenPort + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Returns an object supporting IEnumVARIANT that can be used to iterate through all the ports in the collection. + ''' + ''' Iteration through a collection Is done using the for each construct in VBScript. See Iterating a Collection for an example. + ''' + ''' + + Overloads Function GetEnumerator() As IEnumerator + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The INetFwPolicy interface provides access to a firewall policy. + ''' + ''' + ''' Instances of this interface are retrieved through the LocalPolicy property of the INetFwMgr interface. + ''' All configuration changes take effect immediately. + ''' The Windows Firewall/Internet Connection Sharing service must be running to access this interface. + ''' + + + Public Interface INetFwPolicy + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the current firewall profile. + ''' This property Is read-only. + ''' + ''' The current firewall profile. + ''' + ''' The SharedAccess service must be running. + ''' To get specific profile objects, use INetFwPolicy:GetProfileByType instead Of INetFwPolicy:CurrentProfile. + ''' + ''' On Windows 7, the netsh context current maps to all currently active profiles for netsh advfirewall And netsh firewall. + ''' On earlier versions of Windows, current maps to the most restrictive profile. + ''' + ''' + + ReadOnly Property CurrentProfile As INetFwProfile + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the profile of the requested type. + ''' + ''' Type of profile from NET_FW_PROFILE_TYPE. + ''' Retrieved profile of type INetFwProfile. + + Function GetProfileByType(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE) As INetFwProfile + + End Interface + + ''' The INetFwPolicy2 interface allows an application Or service to access the firewall policy. + ''' + ''' All configuration changes take effect immediately. + ''' The Windows Firewall/Internet Connection Sharing service must be running to access this interface. + ''' + + + Public Interface INetFwPolicy2 + + ''' + ''' Retrieves the currently active firewall profile. + ''' This property Is read-only. + ''' + ''' Multiple profiles can be returned in the profiles bitmask. + + ReadOnly Property CurrentProfileTypes As NET_FW_PROFILE_TYPE2 + + ''' + ''' Indicates whether a firewall Is enabled locally (the effective result may differ due to group policy settings). + ''' This property Is read/write. + ''' + ''' + ''' + ''' When you pass a profile type obtained from the CurrentProfileTypes property, make sure that you pass only one profile type to + ''' get_FirewallEnabled And put_FirewallEnabled. Note that get_CurrentProfileTypes can return multiple profiles. + ''' + + Property FirewallEnabled(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE2) As Boolean + + ''' + ''' Specifies a list of interfaces on which firewall settings are excluded. + ''' This property Is read/write. + ''' + ''' + ''' + ''' + ''' An excluded interface Is an interface to which the firewall Is Not applicable. The firewall Is Not applicable to any traffic + ''' received from Or sent to an excluded interface. An empty list indicates that there are no excluded interfaces. + ''' + ''' + ''' When you pass a profile type obtained from the CurrentProfileTypes property, make sure that you pass only one profile type to + ''' get_ExcludedInterfaces And put_ExcludedInterfaces. Note that get_CurrentProfileTypes can return multiple profiles. + ''' + ''' + + Property ExcludedInterfaces(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE2) As Object + + ''' + ''' Indicates whether the firewall should Not allow inbound traffic. + ''' This property Is read/write. + ''' + ''' + ''' + ''' + ''' All interfaces are firewall-enabled. This means that all the exceptions (such as GloballyOpenPorts, Applications, Or + ''' Services) which are specified in the profile are ignored And only locally-initiated traffic Is allowed. + ''' + ''' + ''' When you pass a profile type obtained from the CurrentProfileTypes property, make sure that you pass only one profile type to + ''' get_BlockAllInboundTraffic And put_BlockAllInboundTraffic. Note that get_CurrentProfileTypes can return + ''' multiple profiles. + ''' + ''' + + Property BlockAllInboundTraffic(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE2) As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether interactive firewall notifications are disabled. + ''' This property Is read/write. + ''' + + Property NotificationsDisabled(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE2) As Boolean + + ''' + ''' Indicates whether the firewall should Not allow unicast responses to multicast And broadcast traffic. + ''' This property Is read/write. + ''' + ''' + ''' + ''' + ''' If a computer sends a broadcast packet, a unicast response Is allowed for three seconds. Use this property to change this behavior. + ''' + ''' + ''' When you pass a profile type obtained from the CurrentProfileTypes property ( get_CurrentProfileTypes), make sure that + ''' you pass only one profile type to get_UnicastResponsesToMulticastBroadcastDisabled And + ''' put_UnicastResponsesToMulticastBroadcastDisabled. Note that get_CurrentProfileTypes can return multiple profiles. + ''' + ''' + + Property UnicastResponsesToMulticastBroadcastDisabled(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE2) As Boolean + + ''' + ''' Retrieves the collection of firewall rules. + ''' This property Is read-only. + ''' + + ReadOnly Property Rules As INetFwRules + + ''' + ''' Retrieves the interface used to access the Windows Service Hardening store. + ''' This property Is read-only. + ''' + + ReadOnly Property ServiceRestriction As INetFwServiceRestriction + + ''' The EnableRuleGroup method enables Or disables a specified group of firewall rules. + ''' A bitmask of profiles from NET_FW_PROFILE_TYPE2. + ''' + ''' A string that was used to group rules together. It can be the group name Or an indirect string to the group name in the form of + ''' "@C:\Program Files\Contoso Storefront\StorefrontRes.dll,-1234". Rules belonging to this group would be enabled Or disabled. + ''' + ''' + ''' Indicates whether the group of rules identified by the group parameter are to be enabled Or disabled. + ''' If this value Is set to true ( VARIANT_TRUE), the group of rules will be enabled; otherwise the group Is disabled. + ''' + ''' + ''' When indirect strings in the form of "@C:\Program Files\Contoso Storefront\StorefrontRes.dll,-1234" are passed as parameters to + ''' the Windows Firewall with Advanced Security APIs, they should be specified by a full path. The file should have a secure access + ''' that permits the Local Service account read access to allow the Windows Firewall Service to read the strings. To avoid + ''' non-privileged security principals from modifying the strings, the DLLs should only allow write access to the Administrator account. + ''' + + Sub EnableRuleGroup(<[In]> ByVal profileTypesBitmask As NET_FW_PROFILE_TYPE2, <[In], MarshalAs(UnmanagedType.BStr)> ByVal group As String, <[In]> ByVal enable As Boolean) + + ''' The IsRuleGroupEnabled method determines whether a specified group of firewall rules are enabled Or disabled. + ''' A bitmask of profiles from NET_FW_PROFILE_TYPE2. + ''' + ''' A string that was used to group rules together. It can be the group name Or an indirect string to the group name in the form of + ''' "@yourresourcedll.dll,-23255". Rules belonging to this group would be queried. + ''' + ''' + ''' This call returns a boolean enable status which indicates whether the group of rules identified by the group parameter are + ''' enabled Or disabled. If this value Is set to true (VARIANT_TRUE), the group of rules Is enabled; otherwise, the group Is disabled. + ''' + ''' + ''' When indirect strings in the form of "@yourresourcedll.dll,-23255" are passed as parameters to the Windows Firewall with + ''' Advanced Security APIs, they should either be placed under the System32 Windows directory Or specified by a full path. Further + ''' the file should have a secure access that permits the Local Service account read access to allow the Windows Firewall Service to + ''' read the strings. To avoid non-privileged security principals from modifying the strings, the DLLs should only allow write + ''' access to the Administrator account. + ''' + + Function IsRuleGroupEnabled(<[In]> ByVal profileTypesBitmask As NET_FW_PROFILE_TYPE2, <[In], MarshalAs(UnmanagedType.BStr)> ByVal group As String) As Boolean + + ''' The RestoreLocalFirewallDefaults method restores the local firewall configuration to its default state. + + Sub RestoreLocalFirewallDefaults() + + ''' + ''' Specifies the default action for inbound traffic. These settings are Block by default. + ''' This property Is read/write. + ''' + ''' + ''' + ''' All interfaces are firewall-enabled. This means that all the exceptions (such as GloballyOpenPorts, Applications, Or + ''' Services) which are specified in the profile, are ignored And only locally-initiated traffic Is allowed. + ''' + ''' + ''' When you pass a profile type obtained from the CurrentProfileTypes property, make sure that you pass only one profile type to + ''' get_DefaultInboundAction And put_DefaultInboundAction. Note that get_CurrentProfileTypes can return + ''' multiple profiles. + ''' + ''' + + Property DefaultInboundAction(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE2) As NET_FW_ACTION + + ''' + ''' Specifies the default action for outbound traffic. These settings are Allow by default. + ''' This property Is read/write. + ''' + ''' + ''' + ''' All interfaces are firewall-enabled. This means that all the exceptions (such as GloballyOpenPorts, Applications, Or + ''' Services) which are specified in the profile are ignored And only locally-initiated traffic Is allowed. + ''' + ''' + ''' When you pass a profile type obtained from the CurrentProfileTypes property, make sure that you pass only one profile type to + ''' get_DefaultOutboundAction And put_DefaultOutboundAction. Note that get_CurrentProfileTypes can return + ''' multiple profiles. + ''' + ''' + + Property DefaultOutboundAction(<[In]> ByVal profileType As NET_FW_PROFILE_TYPE2) As NET_FW_ACTION + + ''' + ''' The get_IsRuleGroupCurrentlyEnabled method determines whether a specified group of firewall rules are enabled Or disabled + ''' for the current profile. + ''' + ''' + ''' A string that was used to group rules together. It can be the group name Or an indirect string to the group name in the form of + ''' "@C:\Program Files\Contoso Storefront\StorefrontRes.dll,-1234". Rules belonging to this group would be queried. + ''' + ''' + ''' + ''' This call returns a boolean enable status which indicates whether the group of rules identified by the group parameter are + ''' enabled Or disabled. If this value Is set to true ( VARIANT_TRUE), the group of rules Is enabled; otherwise, the group Is disabled. + ''' + ''' + ''' + ''' When indirect strings in the form of "@C:\Program Files\Contoso Storefront\StorefrontRes.dll,-1234" are passed as parameters to + ''' the Windows Firewall with Advanced Security APIs, they should be specified by a full path. The file should have a secure access + ''' that permits the Local Service account read access to allow the Windows Firewall Service to read the strings. To avoid + ''' non-privileged security principals from modifying the strings, the DLLs should only allow write access to the Administrator account. + ''' + + ReadOnly Property IsRuleGroupCurrentlyEnabled(<[In]> ByVal group As String) As Boolean + + ''' + ''' + ''' The LocalPolicyModifyState attribute determines if adding Or setting a rule Or group of rules will take effect in the current + ''' firewall profile. + ''' + ''' This property Is read-only. + ''' + + ReadOnly Property LocalPolicyModifyState As NET_FW_MODIFY_STATE + + End Interface + + ''' + ''' The INetFwProduct interface allows an application Or service to access the properties of a third-party firewall registration. + ''' + + Public Interface INetFwProduct + + ''' + ''' + ''' For a third-party firewall product registration, indicates the rule categories for which the third-party firewall wishes to take + ''' ownership from Windows Firewall. + ''' + ''' This property Is read/write. + ''' + + Property RuleCategories As Object + + ''' + ''' Indicates the display name for a third-party firewall product registration. + ''' This property Is read/write. + ''' + + Property DisplayName As String + + ''' + ''' Indicates the path to the signed executable file of a third-party firewall product registration. + ''' This property Is read-only. + ''' + ''' This Is a read-only property, which Is set after the product has been registered. + + ReadOnly Property PathToSignedProductExe As String + + End Interface + + ''' + ''' The INetFwProducts interface allows an application Or service to access the methods And properties for registering + ''' third-party firewall products with Windows Firewall And for enumerating registered products. + ''' + + Public Interface INetFwProducts + Inherits IEnumerable + + ''' + ''' Indicates the number of registered third-party firewall products. + ''' This property Is read-only. + ''' + + ReadOnly Property Count As Integer + + ''' The Register method registers a third-party firewall product. + ''' The INetFwProduct object that defines the product to be registered. + ''' The registration handle. The registration will be removed when this object Is released. + ''' + ''' + ''' Registrations only last for the lifetime of the Windows Firewall service. Third-party firewalls calling this API should also + ''' have a service dependency on the Windows Firewall service (mpssvc) to make sure that the service Is Not unexpectedly stopped, + ''' causing all registrations to be lost. + ''' + ''' + ''' Registrations are removed when a returned registration object Is released by the third-party firewall Or when the third-party + ''' firewall process exits. + ''' + ''' + ''' A user mode code module using this API should be linked with the /integritycheck linker flag. This flag sets + ''' IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY in the image PE header OptionalHeader.DllCharacteristics field, which enforces a + ''' signature check at load time. The code module should be digitally signed, consistent with the Authenticode signing procedure. + ''' + ''' + + Function Register(<[In], MarshalAs(UnmanagedType.Interface)> ByVal product As INetFwProduct) As Object + + ''' The Item method returns the product with the specified index if it Is in the collection. + ''' Index of the product to retrieve. + ''' Reference to the returned INetFwProduct object. + + Function Item(<[In]> ByVal index As Integer) As INetFwProduct + + ''' + ''' + ''' Returns an object supporting IEnumVARIANT that can be used to iterate through all the registered third-party firewall + ''' products in the collection. + ''' + ''' This property Is read-only. + ''' + + Overloads Function GetEnumerator() As IEnumerator + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The INetFwProfile interface provides access to the firewall settings profile. + ''' + ''' + ''' + ''' Instances of this interface are retrieved through the CurrentProfile property Or GetProfileByType method of the INetFwPolicy interface. + ''' + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwProfile + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Speciifes the type of the profile. + ''' This property Is read-only. + ''' + + ReadOnly Property Type As NET_FW_PROFILE_TYPE + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether the firewall Is enabled. + ''' This property Is read/write. + ''' + ''' + ''' The resulting firewall status Is based on the local policy from the local store. Use the procedure Checking the Effective + ''' Firewall Status to determine the overall operational state. + ''' + + Property FirewallEnabled As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether the firewall should Not allow exceptions. + ''' This property Is read/write. + ''' + ''' + ''' + ''' All interfaces are firewalled. This means that all the exceptions; such as GloballyOpenPorts, Applications, Or Services, which + ''' are specified in the profile, are ignored And only locally initiated traffic Is allowed. + ''' + ''' + ''' The resulting firewall status Is determined by the combination of two levels: First check the Global operation mode, Then the + ''' mode on the interface of interest. Use the procedure Checking the Effective Firewall Status to determine the overall operational state. + ''' + ''' + + Property ExceptionsNotAllowed As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether interactive firewall notifications are disabled. + ''' This property Is read/write. + ''' + + Property NotificationsDisabled As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether the firewall should Not allow unicast responses to multicast And broadcast traffic. + ''' This property Is read/write. + ''' + ''' + ''' If a PC sends a broadcast packet, a unicast response Is allowed for three seconds. Use this property to change this behavior. + ''' + + Property UnicastResponsesToMulticastBroadcastDisabled As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the settings governing remote administration. + ''' This property Is read-only. + ''' + + ReadOnly Property RemoteAdminSettings As INetFwRemoteAdminSettings + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the ICMP settings of the profile. + ''' This property Is read-only. + ''' + + ReadOnly Property IcmpSettings As INetFwIcmpSettings + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the collection of globally open ports of the profile. + ''' This property Is read-only. + ''' + + ReadOnly Property GloballyOpenPorts As INetFwOpenPorts + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the collection of services of the profile. + ''' This property Is read-only. + ''' + + ReadOnly Property Services As INetFwServices + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the collection of authorized applications of the profile. + ''' This property Is read-only. + ''' + + ReadOnly Property AuthorizedApplications As INetFwAuthorizedApplications + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' The INetFwRemoteAdminSettings interface provides access to the settings that control remote administration. + ''' + ''' + ''' An instance of this interface Is retrieved through the RemoteAdminSettingsproperty of the INetFwProfile interface. + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwRemoteAdminSettings + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the IP version. + ''' This property Is read/write. + ''' + ''' + ''' This Is the IP version for which remote admin Is authorized. + ''' Only NET_FW_IP_VERSION_ANY Is supported. + ''' + + Property IpVersion As NET_FW_IP_VERSION + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Controls the network scope from which remote administration Is allowed. + ''' This property Is read/write. + ''' + ''' + ''' When setting the Scope property, only NET_FW_SCOPE_ALL And NET_FW_SCOPE_LOCAL_SUBNET are valid. + ''' The default value Is NET_FW_SCOPE_ALL for New ports. + ''' To create a custom scope, use the RemoteAddresses property of this interface. + ''' + + Property Scope As NET_FW_SCOPE + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies a set of remote addresses from which remote administration Is allowed. + ''' This property Is read/write. + ''' + ''' + ''' + ''' The remoteAddrs parameter consists of one Or more comma-delimited tokens specifying the remote addresses from which the + ''' application can listen for traffic. The default value Is "*". + ''' + ''' Valid tokens: + ''' + ''' + ''' "*": any remote address; If present, it must be the only token. + ''' + ''' + ''' "LocalSubnet": Not case-sensitive; specifying more than once has no effect. + ''' + ''' + ''' + ''' subnet: may be specified Using either subnet mask Or network prefix notation. If neither a subnet mask nor a network prefix Is + ''' specified, the subnet mask defaults to 255.255.255.255. Examples of valid subnets: 10.0.0.2/255.0.0.0 10.0.0.2/8 10.0.0.2 + ''' + ''' + ''' + ''' Windows Vista: A valid IPv6 address. + ''' + ''' + ''' Windows Vista: An IPv4 address range In the format "start address - end address." + ''' + ''' + ''' Windows Vista: An IPv6 address range In the format "start address - end address." + ''' + ''' + ''' For a predefined address range, use the Scope property. + ''' + + Property RemoteAddresses As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether remote administration Is enabled.. + ''' This property Is read/write. + ''' + + Property Enabled As Boolean + + End Interface + + ''' The INetFwRule interface provides access to the properties of a rule. + ''' + ''' + ''' Each time you change a property of a rule, Windows Firewall commits the rule And verifies it for correctness. As a result, when you + ''' edit a rule, you must perform the steps in a specific order. For example, if you add an ICMP rule, you must first set the protocol + ''' to ICMP, then add the rule. If these steps are taken in the opposite order, an error occurs And the change Is lost. + ''' + ''' + ''' If you are editing a TCP port rule And converting it into an ICMP rule, first delete the port, change protocol from TCP to ICMP, And + ''' then add the rule. + ''' + ''' + ''' In order to retrieve And modify existing rules, instances of this interface must be retrieved through INetFwRules. All configuration + ''' changes take place immediately. + ''' + ''' When accessing the properties of a rule, keep in mind that there may be a small time lag before a newly-added rule Is applied. + ''' + ''' Properties are used to create firewall rules. Many of the properties can be used in order to create very specific firewall rules. + ''' + ''' + ''' + ''' Property + ''' Type And format + ''' Constraints + ''' + ''' + ''' Name + ''' Clear text string. + ''' Required. The string must Not contain a "|" And it must Not be "all". + ''' + ''' + ''' Description + ''' Clear text string. + ''' Optional. The string must Not contain a "|". + ''' + ''' + ''' Grouping + ''' String in the format "@<dll name>, <resource string identifier>". + ''' Required. + ''' + ''' + ''' Enabled + ''' Boolean (VARIANT_BOOLEAN). + ''' Optional. Defaults to false (VARIANT_FALSE) if nothing Is specified. + ''' + ''' + ''' ApplicationName + ''' Clear text string. + ''' Optional. + ''' + ''' + ''' ServiceName + ''' Clear text string. + ''' Optional. + ''' + ''' + ''' LocalPorts + ''' Clear text string containing a list of port numbers. "RPC" Is an acceptable value. + ''' Optional. + ''' + ''' + ''' RemotePorts + ''' Clear text string containing a list of port numbers. + ''' Optional. + ''' + ''' + ''' LocalAddresses + ''' + ''' Clear text string containing a list of IPv4 And IPv6 addresses separated by commas. Range values And"*"are acceptable in this list. + ''' + ''' Optional. + ''' + ''' + ''' RemoteAddresses + ''' + ''' Clear text string containing a list of IPv4 And IPv6 addresses separated by commas. Range values And"*"are acceptable in this list. + ''' + ''' Optional. + ''' + ''' + ''' Protocol + ''' Number. + ''' Optional. + ''' + ''' + ''' put_Profiles + ''' + ''' String value in the format "type, code". Multiple types And codes can be included in the string by separating each pair with a ";". + ''' + ''' Optional. + ''' + ''' + ''' Interfaces + ''' Array of strings containing the friendly names of interfaces. + ''' Optional. + ''' + ''' + ''' InterfaceTypes + ''' + ''' String value. Multiple interface types can be included in the string by separating each value with a ",". Acceptable values are + ''' "RemoteAccess", "Wireless", "Lan", And "All". + ''' + ''' Optional. + ''' + ''' + ''' Direction + ''' Enumeration. + ''' Optional. + ''' + ''' + ''' Action + ''' Enumeration. + ''' Optional. + ''' + ''' + ''' EdgeTraversal + ''' Boolean (VARIANT_BOOLEAN). + ''' Optional. + ''' + ''' + ''' Profiles + ''' Enumeration. + ''' Optional. + ''' + ''' + ''' For additional information on each property, please see the corresponding topic. + ''' + + + Public Interface INetFwRule + + ''' + ''' Specifies the friendly name of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is required. The string must Not contain the "|" character. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property Name As String + + ''' + ''' Specifies the description of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. The string must Not contain the "|" character. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property Description As String + + ''' + ''' Specifies the friendly name of the application to which this rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property ApplicationName As String + +#Disable Warning IDE1006 ' Naming Styles + ''' + ''' Specifies the service name property of the application. + ''' This property Is read/write. + ''' + ''' + ''' + ''' This property Is optional. A serviceName value of "*" indicates that a service, Not an application, must be sending Or receiving traffic. + ''' + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property serviceName As String +#Enable Warning IDE1006 ' Naming Styles + + ''' + ''' Specifies the IP protocol of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the LocalPorts Or RemotePorts properties Or an error will be returned. + ''' A list of protocol numbers Is available at the IANA website. + ''' + + Property Protocol As Integer + + ''' + ''' Specifies the list of local ports for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the LocalPorts property Or an error will be returned. + ''' + + Property LocalPorts As String + + ''' + ''' Specifies the list of remote ports for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the RemotePorts property Or an error will be returned. + ''' + + Property RemotePorts As String + + ''' + ''' Specifies the list of local addresses for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The localAddrs parameter consists of one Or more comma-delimited tokens specifying the local addresses from which the + ''' application can listen for traffic. "*" Is the default value. Valid tokens include: + ''' + ''' + ''' + ''' "*" indicates any local address. If present, this must be the only token included. + ''' + ''' + ''' "Defaultgateway" + ''' + ''' + ''' "DHCP" + ''' + ''' + ''' "WINS" + ''' + ''' + ''' "LocalSubnet" indicates any local address on the local subnet. This token Is Not case-sensitive. + ''' + ''' + ''' + ''' A subnet can be specified using either the subnet mask Or network prefix notation. If neither a subnet mask Not a network prefix + ''' Is specified, the subnet mask defaults to 255.255.255.255. + ''' + ''' + ''' + ''' A valid IPv6 address. + ''' + ''' + ''' An IPv4 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' An IPv6 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' + + Property LocalAddresses As String + + ''' + ''' Specifies the list of remote addresses for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The remoteAddrs parameter consists of one Or more comma-delimited tokens specifying the remote addresses from which the + ''' application can listen for traffic. The default value Is "*". Valid tokens include: + ''' + ''' + ''' + ''' "*" indicates any remote address. If present, this must be the only token included. + ''' + ''' + ''' "Defaultgateway" + ''' + ''' + ''' "DHCP" + ''' + ''' + ''' "DNS" + ''' + ''' + ''' "WINS" + ''' + ''' + ''' "LocalSubnet" indicates any local address on the local subnet. This token Is Not case-sensitive. + ''' + ''' + ''' + ''' A subnet can be specified using either the subnet mask Or network prefix notation. If neither a subnet mask Not a network prefix + ''' Is specified, the subnet mask defaults to 255.255.255.255. + ''' + ''' + ''' + ''' A valid IPv6 address. + ''' + ''' + ''' An IPv4 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' An IPv6 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' + + Property RemoteAddresses As String + + ''' + ''' Specifies the list of ICMP types And codes for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The icmpTypesAndCodes parameter Is a list of ICMP types And codes separated by semicolon. "*" indicates all ICMP types And codes. + ''' + ''' + + Property IcmpTypesAndCodes As String + + ''' + ''' Specifies the direction of traffic for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. If this property Is Not specified, the default value Is in. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property Direction As NET_FW_RULE_DIRECTION + + ''' + ''' Specifies the list of interfaces for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. The interfaces in the list are represented by their friendly name. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property Interfaces As Object + + ''' + ''' Specifies the list of interface types for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' Acceptable values for this property are "RemoteAccess", "Wireless", "Lan", And "All". If more than one interface type Is + ''' specified, the strings must be separated by a comma. + ''' + ''' + + Property InterfaceTypes As String + + ''' + ''' Enables Or disables a rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. A New rule Is disabled by default. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property Enabled As Boolean + + ''' + ''' Specifies the group to which an individual rule belongs. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' Using the Grouping property Is highly recommended, as it groups multiple rules into a single line in the Windows Firewall + ''' control panel. This allows the user to enable Or disable multiple rules with a single click. The Grouping property can also be + ''' specified using indirect strings. In this case, a group description can also be specified that will appear in the rule group + ''' properties in the Windows Firewall control panel. For example, if the group string Is specified by an indirect string at index + ''' 1005 ("@yourresources.dll,-1005"), the group description can be specified at a resource string higher by 10000 "@youresources.dll,-11005." + ''' + ''' + ''' When indirect strings in the form of "h" are passed as parameters to the Windows Firewall with Advanced Security APIs, they + ''' should either be placed under the System32 Windows directory Or specified by a full path. Further, the file should have a secure + ''' access that permits the Local Service account read access to allow the Windows Firewall Service to read the strings. To avoid + ''' non-privileged security principals from modifying the strings, the DLLs should only allow write access to the Administrator account. + ''' + ''' + + Property Grouping As String + + ''' + ''' Specifies the profiles to which the rule belongs. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property Profiles As NET_FW_PROFILE_TYPE2 + + ''' + ''' Indicates whether edge traversal Is enabled Or disabled for this rule. + ''' This property Is read/write. + ''' + ''' + ''' + ''' The EdgeTraversal property indicates that specific inbound traffic Is allowed to tunnel through NATs And other edge devices + ''' using the Teredo tunneling technology. In order for this setting to work correctly, the application Or service with the inbound + ''' firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally + ''' addressable through a Teredo IPv6 address. + ''' + ''' New rules have the EdgeTraversal property disabled by default. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property EdgeTraversal As Boolean + + ''' + ''' Specifies the action for a rule Or default setting. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Property Action As NET_FW_ACTION + + End Interface + + ''' + ''' The INetFwRule2 interface allows an application Or service to access all the properties of INetFwRule as well as the four + ''' edge properties of a firewall rule specified by NET_FW_EDGE_TRAVERSAL_TYPE. + ''' + + + Public Interface INetFwRule2 + Inherits INetFwRule + + ''' + ''' Specifies the friendly name of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is required. The string must Not contain the "|" character. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Name As String + + ''' + ''' Specifies the description of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. The string must Not contain the "|" character. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Description As String + + ''' + ''' Specifies the friendly name of the application to which this rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property ApplicationName As String + +#Disable Warning IDE1006 ' Naming Styles + ''' + ''' Specifies the service name property of the application. + ''' This property Is read/write. + ''' + ''' + ''' + ''' This property Is optional. A serviceName value of "*" indicates that a service, Not an application, must be sending Or receiving traffic. + ''' + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property serviceName As String +#Enable Warning IDE1006 ' Naming Styles + + ''' + ''' Specifies the IP protocol of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the LocalPorts Or RemotePorts properties Or an error will be returned. + ''' A list of protocol numbers Is available at the IANA website. + ''' + + Overloads Property Protocol As Integer + + ''' + ''' Specifies the list of local ports for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the LocalPorts property Or an error will be returned. + ''' + + Overloads Property LocalPorts As String + + ''' + ''' Specifies the list of remote ports for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the RemotePorts property Or an error will be returned. + ''' + + Overloads Property RemotePorts As String + + ''' + ''' Specifies the list of local addresses for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The localAddrs parameter consists of one Or more comma-delimited tokens specifying the local addresses from which the + ''' application can listen for traffic. "*" Is the default value. Valid tokens include: + ''' + ''' + ''' + ''' "*" indicates any local address. If present, this must be the only token included. + ''' + ''' + ''' "Defaultgateway" + ''' + ''' + ''' "DHCP" + ''' + ''' + ''' "WINS" + ''' + ''' + ''' "LocalSubnet" indicates any local address on the local subnet. This token Is Not case-sensitive. + ''' + ''' + ''' + ''' A subnet can be specified using either the subnet mask Or network prefix notation. If neither a subnet mask Not a network prefix + ''' Is specified, the subnet mask defaults to 255.255.255.255. + ''' + ''' + ''' + ''' A valid IPv6 address. + ''' + ''' + ''' An IPv4 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' An IPv6 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' + + Overloads Property LocalAddresses As String + + ''' + ''' Specifies the list of remote addresses for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The remoteAddrs parameter consists of one Or more comma-delimited tokens specifying the remote addresses from which the + ''' application can listen for traffic. The default value Is "*". Valid tokens include: + ''' + ''' + ''' + ''' "*" indicates any remote address. If present, this must be the only token included. + ''' + ''' + ''' "Defaultgateway" + ''' + ''' + ''' "DHCP" + ''' + ''' + ''' "DNS" + ''' + ''' + ''' "WINS" + ''' + ''' + ''' "LocalSubnet" indicates any local address on the local subnet. This token Is Not case-sensitive. + ''' + ''' + ''' + ''' A subnet can be specified using either the subnet mask Or network prefix notation. If neither a subnet mask Not a network prefix + ''' Is specified, the subnet mask defaults to 255.255.255.255. + ''' + ''' + ''' + ''' A valid IPv6 address. + ''' + ''' + ''' An IPv4 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' An IPv6 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' + + Overloads Property RemoteAddresses As String + + ''' + ''' Specifies the list of ICMP types And codes for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The icmpTypesAndCodes parameter Is a list of ICMP types And codes separated by semicolon. "*" indicates all ICMP types And codes. + ''' + ''' + + Overloads Property IcmpTypesAndCodes As String + + ''' + ''' Specifies the direction of traffic for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. If this property Is Not specified, the default value Is in. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Direction As NET_FW_RULE_DIRECTION + + ''' + ''' Specifies the list of interfaces for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. The interfaces in the list are represented by their friendly name. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Interfaces As Object + + ''' + ''' Specifies the list of interface types for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' Acceptable values for this property are "RemoteAccess", "Wireless", "Lan", And "All". If more than one interface type Is + ''' specified, the strings must be separated by a comma. + ''' + ''' + + Overloads Property InterfaceTypes As String + + ''' + ''' Enables Or disables a rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. A New rule Is disabled by default. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Enabled As Boolean + + ''' + ''' Specifies the group to which an individual rule belongs. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' Using the Grouping property Is highly recommended, as it groups multiple rules into a single line in the Windows Firewall + ''' control panel. This allows the user to enable Or disable multiple rules with a single click. The Grouping property can also be + ''' specified using indirect strings. In this case, a group description can also be specified that will appear in the rule group + ''' properties in the Windows Firewall control panel. For example, if the group string Is specified by an indirect string at index + ''' 1005 ("@yourresources.dll,-1005"), the group description can be specified at a resource string higher by 10000 "@youresources.dll,-11005." + ''' + ''' + ''' When indirect strings in the form of "h" are passed as parameters to the Windows Firewall with Advanced Security APIs, they + ''' should either be placed under the System32 Windows directory Or specified by a full path. Further, the file should have a secure + ''' access that permits the Local Service account read access to allow the Windows Firewall Service to read the strings. To avoid + ''' non-privileged security principals from modifying the strings, the DLLs should only allow write access to the Administrator account. + ''' + ''' + + Overloads Property Grouping As String + + ''' + ''' Specifies the profiles to which the rule belongs. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Profiles As NET_FW_PROFILE_TYPE2 + + ''' + ''' Indicates whether edge traversal Is enabled Or disabled for this rule. + ''' This property Is read/write. + ''' + ''' + ''' + ''' The EdgeTraversal property indicates that specific inbound traffic Is allowed to tunnel through NATs And other edge devices + ''' using the Teredo tunneling technology. In order for this setting to work correctly, the application Or service with the inbound + ''' firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally + ''' addressable through a Teredo IPv6 address. + ''' + ''' New rules have the EdgeTraversal property disabled by default. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property EdgeTraversal As Boolean + + ''' + ''' Specifies the action for a rule Or default setting. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Action As NET_FW_ACTION + + ''' + ''' This property can be used to access the edge properties of a firewall rule defined by NET_FW_EDGE_TRAVERSAL_TYPE. + ''' This property Is read/write. + ''' + + Property EdgeTraversalOptions As NET_FW_EDGE_TRAVERSAL_TYPE + + End Interface + + ''' + ''' The INetFwRule3 interface allows an application Or service to access all the properties of INetFwRule2 And to provide access + ''' to the requirements of app containers. + ''' + + + Public Interface INetFwRule3 + Inherits INetFwRule2 + + ''' + ''' Specifies the friendly name of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is required. The string must Not contain the "|" character. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Name As String + + ''' + ''' Specifies the description of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. The string must Not contain the "|" character. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Description As String + + ''' + ''' Specifies the friendly name of the application to which this rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property ApplicationName As String + +#Disable Warning IDE1006 ' Naming Styles + ''' + ''' Specifies the service name property of the application. + ''' This property Is read/write. + ''' + ''' + ''' + ''' This property Is optional. A serviceName value of "*" indicates that a service, Not an application, must be sending Or receiving traffic. + ''' + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property serviceName As String +#Enable Warning IDE1006 ' Naming Styles + + ''' + ''' Specifies the IP protocol of this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the LocalPorts Or RemotePorts properties Or an error will be returned. + ''' A list of protocol numbers Is available at the IANA website. + ''' + + Overloads Property Protocol As Integer + + ''' + ''' Specifies the list of local ports for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the LocalPorts property Or an error will be returned. + ''' + + Overloads Property LocalPorts As String + + ''' + ''' Specifies the list of remote ports for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' The Protocol property must be set before the RemotePorts property Or an error will be returned. + ''' + + Overloads Property RemotePorts As String + + ''' + ''' Specifies the list of local addresses for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The localAddrs parameter consists of one Or more comma-delimited tokens specifying the local addresses from which the + ''' application can listen for traffic. "*" Is the default value. Valid tokens include: + ''' + ''' + ''' + ''' "*" indicates any local address. If present, this must be the only token included. + ''' + ''' + ''' "Defaultgateway" + ''' + ''' + ''' "DHCP" + ''' + ''' + ''' "WINS" + ''' + ''' + ''' "LocalSubnet" indicates any local address on the local subnet. This token Is Not case-sensitive. + ''' + ''' + ''' + ''' A subnet can be specified using either the subnet mask Or network prefix notation. If neither a subnet mask Not a network prefix + ''' Is specified, the subnet mask defaults to 255.255.255.255. + ''' + ''' + ''' + ''' A valid IPv6 address. + ''' + ''' + ''' An IPv4 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' An IPv6 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' + + Overloads Property LocalAddresses As String + + ''' + ''' Specifies the list of remote addresses for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The remoteAddrs parameter consists of one Or more comma-delimited tokens specifying the remote addresses from which the + ''' application can listen for traffic. The default value Is "*". Valid tokens include: + ''' + ''' + ''' + ''' "*" indicates any remote address. If present, this must be the only token included. + ''' + ''' + ''' "Defaultgateway" + ''' + ''' + ''' "DHCP" + ''' + ''' + ''' "DNS" + ''' + ''' + ''' "WINS" + ''' + ''' + ''' "LocalSubnet" indicates any local address on the local subnet. This token Is Not case-sensitive. + ''' + ''' + ''' + ''' A subnet can be specified using either the subnet mask Or network prefix notation. If neither a subnet mask Not a network prefix + ''' Is specified, the subnet mask defaults to 255.255.255.255. + ''' + ''' + ''' + ''' A valid IPv6 address. + ''' + ''' + ''' An IPv4 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' An IPv6 address range in the format of "start address - end address" with no spaces included. + ''' + ''' + ''' + + Overloads Property RemoteAddresses As String + + ''' + ''' Specifies the list of ICMP types And codes for this rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' The icmpTypesAndCodes parameter Is a list of ICMP types And codes separated by semicolon. "*" indicates all ICMP types And codes. + ''' + ''' + + Overloads Property IcmpTypesAndCodes As String + + ''' + ''' Specifies the direction of traffic for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. If this property Is Not specified, the default value Is in. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Direction As NET_FW_RULE_DIRECTION + + ''' + ''' Specifies the list of interfaces for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. The interfaces in the list are represented by their friendly name. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Interfaces As Object + + ''' + ''' Specifies the list of interface types for which the rule applies. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' Acceptable values for this property are "RemoteAccess", "Wireless", "Lan", And "All". If more than one interface type Is + ''' specified, the strings must be separated by a comma. + ''' + ''' + + Overloads Property InterfaceTypes As String + + ''' + ''' Enables Or disables a rule. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. A New rule Is disabled by default. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Enabled As Boolean + + ''' + ''' Specifies the group to which an individual rule belongs. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + ''' Using the Grouping property Is highly recommended, as it groups multiple rules into a single line in the Windows Firewall + ''' control panel. This allows the user to enable Or disable multiple rules with a single click. The Grouping property can also be + ''' specified using indirect strings. In this case, a group description can also be specified that will appear in the rule group + ''' properties in the Windows Firewall control panel. For example, if the group string Is specified by an indirect string at index + ''' 1005 ("@yourresources.dll,-1005"), the group description can be specified at a resource string higher by 10000 "@youresources.dll,-11005." + ''' + ''' + ''' When indirect strings in the form of "h" are passed as parameters to the Windows Firewall with Advanced Security APIs, they + ''' should either be placed under the System32 Windows directory Or specified by a full path. Further, the file should have a secure + ''' access that permits the Local Service account read access to allow the Windows Firewall Service to read the strings. To avoid + ''' non-privileged security principals from modifying the strings, the DLLs should only allow write access to the Administrator account. + ''' + ''' + + Overloads Property Grouping As String + + ''' + ''' Specifies the profiles to which the rule belongs. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Profiles As NET_FW_PROFILE_TYPE2 + + ''' + ''' Indicates whether edge traversal Is enabled Or disabled for this rule. + ''' This property Is read/write. + ''' + ''' + ''' + ''' The EdgeTraversal property indicates that specific inbound traffic Is allowed to tunnel through NATs And other edge devices + ''' using the Teredo tunneling technology. In order for this setting to work correctly, the application Or service with the inbound + ''' firewall rule needs to support IPv6. The primary application of this setting allows listeners on the host to be globally + ''' addressable through a Teredo IPv6 address. + ''' + ''' New rules have the EdgeTraversal property disabled by default. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property EdgeTraversal As Boolean + + ''' + ''' Specifies the action for a rule Or default setting. + ''' This property Is read/write. + ''' + ''' + ''' This property Is optional. + ''' Also see the restrictions on changing properties described in the Remarks section of the INetFwRule interface page. + ''' + + Overloads Property Action As NET_FW_ACTION + + ''' + ''' This property can be used to access the edge properties of a firewall rule defined by NET_FW_EDGE_TRAVERSAL_TYPE. + ''' This property Is read/write. + ''' + + Overloads Property EdgeTraversalOptions As NET_FW_EDGE_TRAVERSAL_TYPE + + ''' + ''' + ''' Specifies the package identifier Or the app container identifier of a process, whether from a Windows Store app Or a desktop app. + ''' + ''' This property Is read/write. + ''' + + Property LocalAppPackageId As String + + ''' + ''' Specifies the user security identifier (SID) of the user who Is the owner of the rule. + ''' This property Is read/write. + ''' + ''' + ''' If this rule does Not specify localUserConditions, all the traffic that this rule matches must be destined to Or + ''' originated from this user. + ''' + + Property LocalUserOwner As String + + ''' + ''' Specifies a list of authorized local users for an app container. + ''' This property Is read/write. + ''' + + Property LocalUserAuthorizedList As String + + ''' + ''' Specifies a list of remote users who are authorized to access an app container. + ''' This property Is read/write. + ''' + + Property RemoteUserAuthorizedList As String + + ''' + ''' Specifies a list of remote computers which are authorized to access an app container. + ''' This property Is read/write. + ''' + + Property RemoteMachineAuthorizedList As String + + ''' + ''' + ''' Specifies which firewall verifications of security levels provided by IPsec must be guaranteed to allow the collection. The + ''' allowed values must correspond to those of the NET_FW_AUTHENTICATE_TYPE enumeration. + ''' + ''' This property Is read/write. + ''' + + Property SecureFlags As NET_FW_AUTHENTICATE_TYPE + + End Interface + + ''' Gets the string array from the Interfaces property. + ''' The rule. + ''' A string array with zero or more elements. + + Public Function GetInterfaces(ByVal rule As INetFwRule) As String() + Return If(rule.Interfaces Is Nothing, New String(-1) {}, Array.ConvertAll(Of Object, String)(rule.Interfaces, Function(o) o.ToString())) + End Function + + ''' The INetFwRules interface provides a collection of firewall rules. + + + Public Interface INetFwRules + Inherits IEnumerable + + ''' + ''' Returns the number of rules in a collection. + ''' This property Is read-only. + ''' + + ReadOnly Property Count As Integer + + ''' The Add method adds a New rule to the collection. + ''' Rule to be added to the collection via an INetFwRule object. + ''' + ''' If a rule with the same rule identifier as the one being submitted already exists, the existing rule Is overwritten. + ''' Adding a firewall rule with a LocalAppPackageId specified can lead to unexpected behavior And Is Not supported. + ''' + + Sub Add(<[In], MarshalAs(UnmanagedType.Interface)> ByVal rule As INetFwRule) + + ''' The Remove method removes a rule from the collection. + ''' Name of the rule to remove from the collection. + ''' If a rule specified by the name parameter does Not exist in the collection, the Remove method has no effect. + + Sub Remove(<[In], MarshalAs(UnmanagedType.BStr)> ByVal Name As String) + + ''' The Item method returns the specified rule if it Is in the collection. + ''' Name of the rule to retrieve. + ''' Reference to the returned INetFwRule object. + + Function Item(<[In], MarshalAs(UnmanagedType.BStr)> ByVal Name As String) As INetFwRule + + ''' + ''' Returns an object supporting IEnumVARIANT that can be used to iterate through all the rules in the collection. + ''' This property Is read-only. + ''' + + Overloads Function GetEnumerator() As IEnumerator + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' + ''' The INetFwService interface provides access to the properties of a service that may be authorized to listen through the firewall. + ''' + ''' + ''' + ''' Instances of this interface are retrieved through the INetFwServices collection. + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwService + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the friendly name of the service. + ''' This property Is read-only. + ''' + + ReadOnly Property Name As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the type of the service. + ''' This property Is read-only. + ''' + + ReadOnly Property Type As NET_FW_SERVICE_TYPE + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether at least one of the ports associated with the service has been customized. + ''' This property Is read-only. + ''' + ''' + ''' If a service has been customized, the values returned by the service properties do Not reflect the configuration of all the + ''' ports associated with the service. + ''' + + ReadOnly Property Customized As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies the firewall IP version for which the service Is authorized. + ''' This property Is read/write. + ''' + ''' Only NET_FW_IP_VERSION_ANY Is supported. + + Property IpVersion As NET_FW_IP_VERSION + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Controls the network scope from which the port can listen. + ''' This property Is read/write. + ''' + ''' + ''' When setting the Scope property, only NET_FW_SCOPE_ALL And NET_FW_SCOPE_LOCAL_SUBNET are valid. + ''' The default value Is NET_FW_SCOPE_ALL for New ports. + ''' To create a custom scope, use the RemoteAddresses property. + ''' + + Property Scope As NET_FW_SCOPE + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Specifies a set of the remote addresses from which the service ports can listen for traffic. + ''' This property Is read/write. + ''' + ''' + ''' If the service has been customized, get returns the union of the remote addresses for all the service ports. + ''' + ''' The remoteAddrs parameter consists of one Or more comma-delimited tokens specifying the remote addresses from which the + ''' application can listen for traffic. The default value Is "*". + ''' + ''' Valid tokens: + ''' + ''' + ''' "*": any remote address; If present, it must be the only token. + ''' + ''' + ''' "LocalSubnet": Not case-sensitive; specifying more than once has no effect. + ''' + ''' + ''' + ''' subnet: may be specified Using either subnet mask Or network prefix notation. If neither a subnet mask nor a network prefix Is + ''' specified, the subnet mask defaults to 255.255.255.255. Examples of valid subnets: 10.0.0.2/255.0.0.0 10.0.0.2/8 10.0.0.2 + ''' + ''' + ''' + ''' Windows Vista: A valid IPv6 address. + ''' + ''' + ''' Windows Vista: An IPv4 address range In the format "start address - end address." + ''' + ''' + ''' Windows Vista: An IPv6 address range In the format "start address - end address." + ''' + ''' + ''' For a predefined address range, use the Scope property. + ''' + + Property RemoteAddresses As String + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Indicates whether all the ports associated with the service are enabled. + ''' This property Is read/write. + ''' + + Property Enabled As Boolean + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves the collection of globally open ports associated with the service. + ''' This property Is read-only. + ''' + + ReadOnly Property GloballyOpenPorts As INetFwOpenPorts + + End Interface + + ''' The INetFwServiceRestriction interface provides access to the Windows Service Hardening networking rules. + ''' When adding rules, note that there may be a small time lag before the newly-added rule Is applied. + + + Public Interface INetFwServiceRestriction + + ''' The RestrictService method turns service restriction on Or off for a given service. + ''' Name of the service for which service restriction Is being turned on Or off. + ''' Name of the application for which service restriction Is being turned on Or off. + ''' + ''' Indicates whether service restriction Is being turned on Or off. If this value Is true ( VARIANT_TRUE), the service will + ''' be restricted when sending Or receiving network traffic. The Windows Service Hardening rules collection can contain rules which + ''' can allow this service specific inbound Or outbound network access per specific requirements. If false ( VARIANT_FALSE), + ''' the service Is Not restricted by Windows Service Hardening. + ''' + ''' + ''' Indicates the type of service SID for the specified service. If this value Is true ( VARIANT_TRUE), the service SID will + ''' be restricted. Otherwise, it will be unrestricted. + ''' + ''' When adding rules, note that there may be a small time lag before the newly-added rule Is applied. + + Sub RestrictService(<[In], MarshalAs(UnmanagedType.BStr)> ByVal serviceName As String, <[In], MarshalAs(UnmanagedType.BStr)> ByVal appName As String, <[In]> ByVal RestrictService As Boolean, <[In]> ByVal serviceSidRestricted As Boolean) + + ''' + ''' The ServiceRestricted method indicates whether service restriction rules are enabled to limit traffic to the resources + ''' specified by the firewall rules. + ''' + ''' Name of the service being queried concerning service restriction state. + ''' Name of the application being queried concerning service restriction state. + ''' + ''' Indicates whether service restriction rules are in place to restrict the specified service. If true ( VARIANT_TRUE), + ''' service Is restricted. Otherwise, service Is Not restricted to the resources specified by firewall rules. + ''' + + Function ServiceRestricted(<[In], MarshalAs(UnmanagedType.BStr)> ByVal serviceName As String, <[In], MarshalAs(UnmanagedType.BStr)> ByVal appName As String) As Boolean + + ''' + ''' Retrieves the collection of Windows Service Hardening networking rules. + ''' This property Is read-only. + ''' + + ReadOnly Property Rules As INetFwRules + + End Interface + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered Or + ''' unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' + ''' The INetFwServices interface Is a standard Automation interface which provides access to a collection of services that may be + ''' authorized to listen through the firewall. + ''' + ''' + ''' + ''' An instance of this interface Is retrieved through the Services property of the INetFwProfile interface. + ''' All configuration changes take effect immediately. + ''' + + + Public Interface INetFwServices + Inherits IEnumerable + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Retrieves a read-only element yielding the number of items in the collection. + ''' This property Is read-only. + ''' + + ReadOnly Property Count As Integer + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Returns the specified service if it Is in the collection. + ''' + ''' + ''' + ''' + ''' C++ + ''' Type of service to fetch. + ''' + ''' + ''' VB + ''' Type of service to fetch. See NET_FW_SERVICE_TYPE + ''' + ''' + ''' + ''' Reference to the returned INetFwService object. + + Function Item(<[In]> ByVal svcType As NET_FW_SERVICE_TYPE) As INetFwService + + ''' + ''' + ''' [The Windows Firewall API Is available for use in the operating systems specified in the Requirements section. It may be altered + ''' Or unavailable in subsequent versions. For Windows Vista And later, use of the Windows Firewall with Advanced Security API Is recommended.] + ''' + ''' Returns an object supporting IEnumVARIANT that can be used to iterate through all the services in the collection. + ''' + ''' Iteration through a collection Is done using the for each construct in VBScript. See Iterating a Collection for an example. + ''' + ''' This property Is read-only. + ''' + + Overloads Function GetEnumerator() As IEnumerator + + End Interface + + ''' CoClass for . + + + Public Class NetFwAuthorizedApplication + End Class + + ''' CoClass for . + + + Public Class NetFwMgr + End Class + + ''' CoClass for . + + + Public Class NetFwOpenPort + End Class + + ''' CoClass for . + + + Public Class NetFwPolicy2 + End Class + + ''' CoClass for . + + + Public Class NetFwProduct + End Class + + ''' CoClass for . + + + Public Class NetFwProducts + End Class + + ''' CoClass for . + + + Public Class NetFwRule + End Class + +End Module \ No newline at end of file diff --git a/PInvoke/FirewallApi/NetworkIsolation.vb b/PInvoke/FirewallApi/NetworkIsolation.vb new file mode 100644 index 00000000..e03ba808 --- /dev/null +++ b/PInvoke/FirewallApi/NetworkIsolation.vb @@ -0,0 +1,240 @@ +Imports System.Runtime.InteropServices + +Partial Public Module FirewallApi + + ''' The INET_FIREWALL_AC_CHANGE_TYPE enumeration specifies which type of app container change occurred. + + Public Enum INET_FIREWALL_AC_CHANGE_TYPE + + ''' This value is reserved for system use. + INET_FIREWALL_AC_CHANGE_INVALID + + ''' An app container was created. + INET_FIREWALL_AC_CHANGE_CREATE + + ''' An app container was deleted. + INET_FIREWALL_AC_CHANGE_DELETE + + ''' Maximum value for testing purposes. + INET_FIREWALL_AC_CHANGE_MAX + + End Enum + + ''' + ''' The NetworkIsolationDiagnoseConnectFailureAndGetInfo function gets information about a network isolation connection failure + ''' due to a missing capability. This function can be used to identify the capabilities required to connect to a server. + ''' + ''' + ''' Type: LPCWSTR + ''' Name (or IP address literal string) of the server to which a connection was attempted. + ''' + ''' + ''' Type: NETISO_ERROR_TYPE* + ''' The error that has occurred, indicating which network capability was missing and thus caused the failure. + ''' + ''' + ''' Type: DWORD + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + ''' + + + Public Function NetworkIsolationDiagnoseConnectFailureAndGetInfo( + ByVal wszServerName As String, ByRef netIsoError As NETISO_ERROR_TYPE) As Win32Error + End Function + + ''' + ''' The NetworkIsolationFreeAppContainers function is used to release memory resources allocated to one or more app containers + ''' + ''' + ''' Type: PINET_FIREWALL_APP_CONTAINER + ''' The app container memory resources to be freed. + ''' + ''' + ''' Type: DWORD + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + ''' + + + Public Function NetworkIsolationFreeAppContainers( + <[In]> ByVal pPublicAppCs As IntPtr) As Win32Error + End Function + + ''' + ''' The NetworkIsolationGetAppContainerConfig function is used to retrieve configuration information about one or more app containers. + ''' + ''' + ''' Type: DWORD* + ''' The number of app containers in the appContainerSids member. + ''' + ''' + ''' Type: PSID_AND_ATTRIBUTES* + ''' The security identifiers (SIDs) of app containers that are allowed to send loopback traffic. Used for debugging purposes. + ''' + ''' + ''' Type: DWORD + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + ''' + ''' + ''' + ''' Note that it is the calling program's responsibility to free the memory associated with the PSID_AND_ATTRIBUTES structure. The + ''' following code sample shows how to call this function. The FreeAppContainerConfig function shows how to free all of the associated memory. + ''' + ''' + ''' #include "stdafx.h" #include <netfw.h> typedef DWORD (WINAPI *FN_NETWORKISOLATIONGETAPPCONTAINERCONFIG)( _Out_ DWORD *pdwNumPublicAppCs, _Outptr_result_buffer_(*pdwNumPublicAppCs) PSID_AND_ATTRIBUTES *appContainerSids ); void FreeAppContainerConfig( __in DWORD sidCount, __in_ecount(sidCount) SID_AND_ATTRIBUTES *srcSidAttrib ) { DWORD dwIndex = 0; for (dwIndex = 0; dwIndex < sidCount; dwIndex++) { HeapFree(GetProcessHeap(), 0, srcSidAttrib[dwIndex].Sid); } HeapFree(GetProcessHeap(), 0, srcSidAttrib); } int _tmain(int argc, _TCHAR* argv[]) { DWORD dwErr = 0; PSID_AND_ATTRIBUTES appContainerSids = NULL; DWORD dwCount = 0; HMODULE hModule = NULL; FN_NETWORKISOLATIONGETAPPCONTAINERCONFIG pfnNetworkIsolationGetAppContainerConfig = NULL; hModule = LoadLibraryW(L"FirewallAPI.dll"); if (hModule == NULL) { dwErr = GetLastError(); goto Cleanup; } pfnNetworkIsolationGetAppContainerConfig = (FN_NETWORKISOLATIONGETAPPCONTAINERCONFIG)GetProcAddress( hModule, "NetworkIsolationGetAppContainerConfig" ); if (pfnNetworkIsolationGetAppContainerConfig == NULL) { dwErr = GetLastError(); goto Cleanup; } dwErr = pfnNetworkIsolationGetAppContainerConfig( &dwCount, &appContainerSids ); if (dwErr != ERROR_SUCCESS) { goto Cleanup; } // Process the app container sids Cleanup: FreeAppContainerConfig( dwCount, appContainerSids ); if (hModule != NULL) { FreeLibrary(hModule); } return 0; } + ''' + ''' + + + Public Function NetworkIsolationGetAppContainerConfig( ByRef pdwNumPublicAppCs As UInteger, ByRef appContainerSids As IntPtr) As Win32Error + End Function + + ''' + ''' The NetworkIsolationRegisterForAppContainerChanges function is used to register for the delivery of notifications regarding + ''' changes to an app container. + ''' + ''' + ''' Type: DWORD + ''' A bitmask value of control flags which specify when to receive notifications. May contain one or more of the following flags. + ''' + ''' + ''' Value + ''' Meaning + ''' + ''' + ''' INET_FIREWALL_AC_NONE 0x00 + ''' No notifications will be delivered. + ''' + ''' + ''' INET_FIREWALL_AC_PACKAGE_ID_ONLY 0x01 + ''' Notifications will be delivered when an app container is created with a package identifier. + ''' + ''' + ''' INET_FIREWALL_AC_BINARY 0x02 + ''' Notifications will be delivered when an app container is created with a binary path. + ''' + ''' + ''' INET_FIREWALL_AC_MAX 0x04 + ''' Maximum value for testing purposes. + ''' + ''' + ''' + ''' + ''' Type: PAC_CHANGES_CALLBACK_FN + ''' Function pointer that will be invoked when a notification is ready for delivery. + ''' + ''' + ''' Type: PVOID + ''' Optional context pointer. This pointer is passed to the callback function along with details of the change. + ''' + ''' + ''' Type: HANDLE* + ''' Handle to the newly created registration. + ''' + ''' + ''' Type: DWORD + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + ''' + + + Public Function NetworkIsolationRegisterForAppContainerChanges(ByVal flags As INET_FIREWALL_AC_CREATION_TYPE, ByVal callback As PAC_CHANGES_CALLBACK_FN, + <[In], [Optional]> ByVal context As IntPtr, ByRef registrationObject As HANDLE) As Win32Error + End Function + + ''' + ''' The NetworkIsolationUnregisterForAppContainerChanges function is used to cancel an app container change registration and stop + ''' receiving notifications. + ''' + ''' + ''' Type: HANDLE + ''' Handle to the previously created registration. + ''' + ''' + ''' Type: DWORD + ''' Returns ERROR_SUCCESS if successful, or an error value otherwise. + ''' + + + Public Function NetworkIsolationUnregisterForAppContainerChanges(ByVal registrationObject As HANDLE) As Win32Error + End Function + + ''' The INET_FIREWALL_AC_CAPABILITIES structure contains information about the capabilities of an app container. + + + Public Structure INET_FIREWALL_AC_CAPABILITIES + + ''' + ''' Type: DWORD + ''' The number of security identifiers (SIDs) in the capabilities member. + ''' + Public count As UInteger + + ''' + ''' Type: SID_AND_ATTRIBUTES* + ''' Security information related to the app container's capabilities. + ''' + Public capabilities As IntPtr + + End Structure + + ''' The INET_FIREWALL_APP_CONTAINER structure contains information about an specific app container. + + + Public Structure INET_FIREWALL_APP_CONTAINER + + ''' + ''' Type: SID* + ''' The package identifier of the app container + ''' + Public appContainerSid As PSID + + ''' + ''' Type: SID* + ''' The security identifier (SID) of the user to whom the app container belongs. + ''' + Public userSid As PSID + + ''' + ''' Type: LPWSTR + ''' The app container's globally unique name. + ''' Also referred to as the Package Family Name, for the app container of a Windows Store app. + ''' + + Public appContainerName As String + + ''' + ''' Type: LPWSTR + ''' Friendly name of the app container + ''' + + Public displayName As String + + ''' + ''' Type: LPWSTR + ''' A description of the app container (its use, the objective of the application that uses it, etc.) + ''' + + Public description As String + + ''' + ''' Type: INET_FIREWALL_AC_CAPABILITIES + ''' The capabilities of the app container. + ''' + Public capabilities As INET_FIREWALL_AC_CAPABILITIES + + ''' + ''' Type: INET_FIREWALL_AC_BINARIES + ''' Binary paths to the applications running in the app container. + ''' + Public binaries As INET_FIREWALL_AC_BINARIES + + ''' + + Public workingDirectory As String + + ''' + + Public packageFullName As String + + End Structure + +End Module \ No newline at end of file diff --git a/PInvoke/FirewallApi/Vanara.PInvoke.FirewallApi.vbproj b/PInvoke/FirewallApi/Vanara.PInvoke.FirewallApi.vbproj new file mode 100644 index 00000000..7ffb8987 --- /dev/null +++ b/PInvoke/FirewallApi/Vanara.PInvoke.FirewallApi.vbproj @@ -0,0 +1,22 @@ + + + FirewallApi.dll + + + PInvoke API (methods, structures and constants) imported from FirewallApi.dll for Windows Firewall with Advanced Security. + $(AssemblyName) + net20;net35;net40;net45;netcoreapp2.0;netcoreapp2.1;netcoreapp3.0;netcoreapp3.1 + Vanara.PInvoke.FirewallApi + $(AssemblyName).xml + $(AssemblyName) + pinvoke;vanara;net-extensions;interop;FirewallApi;windows firewall + + + + + + + + + + \ No newline at end of file diff --git a/UnitTests/PInvoke/FirewallApi/FirewallApi.csproj b/UnitTests/PInvoke/FirewallApi/FirewallApi.csproj new file mode 100644 index 00000000..e84ce8b2 --- /dev/null +++ b/UnitTests/PInvoke/FirewallApi/FirewallApi.csproj @@ -0,0 +1,78 @@ + + + + + Debug + AnyCPU + {6A9599A6-89D5-4072-8DA1-A13E37023613} + Library + Properties + UnitTest.PInvoke.FirewallApi + v4.7.2 + 512 + + + + true + full + false + bin\Debug\ + DEBUG;TRACE + prompt + 4 + x64 + true + + + pdbonly + true + bin\Release\ + TRACE + prompt + 4 + true + x64 + + + + + + + {241f73ee-9298-45c9-b869-a045dff94c03} + Vanara.Core + + + {e74c1a09-1051-4616-8693-b69a6a95ad03} + Vanara.PInvoke.FirewallApi + + + {a5e519e9-feba-4fe3-93a5-b8269bef72f4} + Vanara.PInvoke.Shared + + + {a96cff10-0967-429a-8700-4a86c97c5603} + Shared + + + + + 3.12.0 + + + 3.16.1 + runtime; build; native; contentfiles; analyzers; buildtransitive + all + + + + + + + + \ No newline at end of file diff --git a/UnitTests/PInvoke/FirewallApi/FirewallApiTests.cs b/UnitTests/PInvoke/FirewallApi/FirewallApiTests.cs new file mode 100644 index 00000000..188517f1 --- /dev/null +++ b/UnitTests/PInvoke/FirewallApi/FirewallApiTests.cs @@ -0,0 +1,255 @@ +using NUnit.Framework; +using NUnit.Framework.Internal; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Runtime.InteropServices; +using Vanara.Extensions; +using Vanara.InteropServices; +using static Vanara.PInvoke.FirewallApi; + +namespace Vanara.PInvoke.Tests +{ + [TestFixture] + public class FirewallApiTests + { + [OneTimeSetUp] + public void _Setup() + { + } + + [OneTimeTearDown] + public void _TearDown() + { + } + + [Test] + public void INetFwMgrTest() + { + using var pMgr = ComReleaserFactory.Create(new INetFwMgr()); + pMgr.Item.CurrentProfileType.WriteValues(); + pMgr.Item.IsPortAllowed(null, NET_FW_IP_VERSION.NET_FW_IP_VERSION_ANY, 80, null, NET_FW_IP_PROTOCOL.NET_FW_IP_PROTOCOL_TCP, out var allowed, out var restricted); + TestContext.WriteLine($"Port 80: allowed={allowed}, restricted={restricted}"); + pMgr.Item.IsIcmpTypeAllowed(NET_FW_IP_VERSION.NET_FW_IP_VERSION_V4, null, 0, out allowed, out restricted); + TestContext.WriteLine($"ECHO: allowed={allowed}, restricted={restricted}"); + } + + [Test] + public void GetProfileByTypeTest() + { + using var pMgr = ComReleaserFactory.Create(new INetFwMgr()); + Assert.IsNotNull(pMgr.Item); + using var pPol = ComReleaserFactory.Create(pMgr.Item.LocalPolicy); + Assert.IsNotNull(pPol.Item); + using var pProf = ComReleaserFactory.Create(pPol.Item.GetProfileByType(NET_FW_PROFILE_TYPE.NET_FW_PROFILE_DOMAIN)); + Assert.IsNotNull(pProf.Item); + + TestContext.WriteLine($"Type={pProf.Item.Type}, FwEnable={pProf.Item.FirewallEnabled}, NoExc={pProf.Item.ExceptionsNotAllowed}, NoNtf={pProf.Item.NotificationsDisabled}, NoUnc={pProf.Item.UnicastResponsesToMulticastBroadcastDisabled}"); + } + + [Test] + public void RemoteAdminSettingsTest() + { + using var pMgr = ComReleaserFactory.Create(new INetFwMgr()); + Assert.IsNotNull(pMgr.Item); + using var pPol = ComReleaserFactory.Create(pMgr.Item.LocalPolicy); + Assert.IsNotNull(pPol.Item); + using var pProf = ComReleaserFactory.Create(pPol.Item.CurrentProfile); + Assert.IsNotNull(pProf.Item); + using var pSet = ComReleaserFactory.Create(pProf.Item.RemoteAdminSettings); + Assert.IsNotNull(pSet.Item); + + TestContext.WriteLine($"Ver={pSet.Item.IpVersion}, Scope={pSet.Item.Scope}, Addr={pSet.Item.RemoteAddresses}, Enabled={pSet.Item.Enabled}"); + } + + [Test] + public void IcmpSettingsTest() + { + using var pMgr = ComReleaserFactory.Create(new INetFwMgr()); + Assert.IsNotNull(pMgr.Item); + using var pPol = ComReleaserFactory.Create(pMgr.Item.LocalPolicy); + Assert.IsNotNull(pPol.Item); + using var pProf = ComReleaserFactory.Create(pPol.Item.CurrentProfile); + Assert.IsNotNull(pProf.Item); + using var pSet = ComReleaserFactory.Create(pProf.Item.IcmpSettings); + Assert.IsNotNull(pSet.Item); + + TestContext.WriteLine($"ObDest={pSet.Item.AllowOutboundDestinationUnreachable}, Redircope={pSet.Item.AllowRedirect}, InEcho={pSet.Item.AllowInboundEchoRequest}, ObTimeout={pSet.Item.AllowOutboundTimeExceeded}"); + TestContext.WriteLine($"ObParam={pSet.Item.AllowOutboundParameterProblem}, ObSrcQuench={pSet.Item.AllowOutboundSourceQuench}, InRtReq={pSet.Item.AllowInboundRouterRequest}, InTimeReq={pSet.Item.AllowInboundTimestampRequest}"); + TestContext.WriteLine($"InMaskReq={pSet.Item.AllowInboundMaskRequest}, ObBigPkt={pSet.Item.AllowOutboundPacketTooBig}"); + } + + [Test] + public void GloballyOpenPortsTest() + { + using var pMgr = ComReleaserFactory.Create(new INetFwMgr()); + Assert.IsNotNull(pMgr.Item); + using var pPol = ComReleaserFactory.Create(pMgr.Item.LocalPolicy); + Assert.IsNotNull(pPol.Item); + using var pProf = ComReleaserFactory.Create(pPol.Item.CurrentProfile); + Assert.IsNotNull(pProf.Item); + using var pSet = ComReleaserFactory.Create(pProf.Item.GloballyOpenPorts); + Assert.IsNotNull(pSet.Item); + + var i = 0; + foreach (var pPort in pSet.Item.Cast().Select(p => ComReleaserFactory.Create(p))) + { + using (pPort) + { + TestContext.WriteLine($"{i}) Name={pPort.Item.Name}, Ver={pPort.Item.IpVersion}, Prot={pPort.Item.Protocol}, Port={pPort.Item.Port}"); + TestContext.WriteLine($" Scope={pPort.Item.Scope}, RmAdd={pPort.Item.RemoteAddresses}, Enab={pPort.Item.Enabled}, BuiltIn={pPort.Item.BuiltIn}"); + } + i += 1; + } + Assert.That(i, Is.EqualTo(pSet.Item.Count)); + + using var pNewPort = ComReleaserFactory.Create(new INetFwOpenPort()); + pNewPort.Item.Name = "HTTP"; + pNewPort.Item.Port = 80; + pNewPort.Item.Protocol = NET_FW_IP_PROTOCOL.NET_FW_IP_PROTOCOL_TCP; + pSet.Item.Add(pNewPort.Item); + Assert.That(i + 1, Is.EqualTo(pSet.Item.Count)); + using var pAddedPort = ComReleaserFactory.Create(pSet.Item.Item(pNewPort.Item.Port, pNewPort.Item.Protocol)); + Assert.IsNotNull(pAddedPort.Item); + pSet.Item.Remove(pNewPort.Item.Port, pNewPort.Item.Protocol); + Assert.That(i, Is.EqualTo(pSet.Item.Count)); + } + + [Test] + public void ServicesTest() + { + using var pMgr = ComReleaserFactory.Create(new INetFwMgr()); + Assert.IsNotNull(pMgr.Item); + using var pPol = ComReleaserFactory.Create(pMgr.Item.LocalPolicy); + Assert.IsNotNull(pPol.Item); + using var pProf = ComReleaserFactory.Create(pPol.Item.CurrentProfile); + Assert.IsNotNull(pProf.Item); + using var pSet = ComReleaserFactory.Create(pProf.Item.Services); + Assert.IsNotNull(pSet.Item); + + var i = 0; + foreach (var pSvc in pSet.Item.Cast().Select(p => ComReleaserFactory.Create(p))) + { + using (pSvc) + { + TestContext.WriteLine($"{i}) Name={pSvc.Item.Name}, Type={pSvc.Item.Type}, Cust={pSvc.Item.Customized}, IpVer={pSvc.Item.IpVersion}"); + TestContext.WriteLine($" Scope={pSvc.Item.Scope}, RmAdd={pSvc.Item.RemoteAddresses}, Enab={pSvc.Item.Enabled}"); + } + i += 1; + } + Assert.That(i, Is.EqualTo(pSet.Item.Count)); + } + + [Test] + public void AuthorizedApplicationsTest() + { + using var pMgr = ComReleaserFactory.Create(new INetFwMgr()); + Assert.IsNotNull(pMgr.Item); + using var pPol = ComReleaserFactory.Create(pMgr.Item.LocalPolicy); + Assert.IsNotNull(pPol.Item); + using var pProf = ComReleaserFactory.Create(pPol.Item.CurrentProfile); + Assert.IsNotNull(pProf.Item); + using var pSet = ComReleaserFactory.Create(pProf.Item.AuthorizedApplications); + Assert.IsNotNull(pSet.Item); + + var i = 0; + foreach (var pApp in pSet.Item.Cast().Select(p => ComReleaserFactory.Create(p))) + { + using (pApp) + { + TestContext.WriteLine($"{i}) Name={pApp.Item.Name}, FN={pApp.Item.ProcessImageFileName}, IpVer={pApp.Item.IpVersion}"); + TestContext.WriteLine($" Scope={pApp.Item.Scope}, RmAdd={pApp.Item.RemoteAddresses}, Enab={pApp.Item.Enabled}"); + } + i += 1; + } + Assert.That(i, Is.EqualTo(pSet.Item.Count)); + + using var pNewApp = ComReleaserFactory.Create(new INetFwAuthorizedApplication()); + pNewApp.Item.Name = "Notepad"; + pNewApp.Item.ProcessImageFileName = @"C:\Windows\notepad.exe"; + pNewApp.Item.Enabled = true; + pSet.Item.Add(pNewApp.Item); + Assert.That(i + 1, Is.EqualTo(pSet.Item.Count)); + pSet.Item.Remove(pNewApp.Item.ProcessImageFileName); + Assert.That(i, Is.EqualTo(pSet.Item.Count)); + } + + [Test] + public void INetFwProductsTest() + { + using var pProds = ComReleaserFactory.Create(new INetFwProducts()); + Assert.IsNotNull(pProds.Item); + + var i = 0; + foreach (var pProd in pProds.Item.Cast().Select(p => ComReleaserFactory.Create(p))) + { + using (pProd) + { + TestContext.WriteLine($"{i}) Name={pProd.Item.DisplayName}, Exe={pProd.Item.PathToSignedProductExe}"); + TestContext.WriteLine($" Cats={string.Join("; ", (string[])pProd.Item.RuleCategories)}"); + } + i += 1; + } + Assert.That(i, Is.EqualTo(pProds.Item.Count)); + } + + [Test] + public void INetFwPolicy2Test() + { + using var pPol = ComReleaserFactory.Create(new INetFwPolicy2()); + Assert.IsNotNull(pPol.Item); + + TestContext.WriteLine($"Types={pPol.Item.CurrentProfileTypes}; ModState={pPol.Item.LocalPolicyModifyState}"); + var prof = pPol.Item.CurrentProfileTypes.GetFlags().First(); + var exInt = pPol.Item.ExcludedInterfaces[prof]; + TestContext.WriteLine($"Enab={pPol.Item.FirewallEnabled[prof]}, ExInt={exInt}, BlkInb={pPol.Item.BlockAllInboundTraffic[prof]}, NoNotf={pPol.Item.NotificationsDisabled[prof]}"); + TestContext.WriteLine($"NoUni={pPol.Item.UnicastResponsesToMulticastBroadcastDisabled[prof]}, DefInAct={pPol.Item.DefaultInboundAction[prof]}, DefOutAct={pPol.Item.DefaultOutboundAction[prof]}"); + + using var pRules = ComReleaserFactory.Create(pPol.Item.Rules); + Assert.IsNotNull(pRules.Item); + + var i = 0; + var groups = new List(); + foreach (var pRule in pRules.Item.Cast().Select(p => ComReleaserFactory.Create(p))) + { + using (pRule) + groups.Add(pRule.Item.Grouping); + i++; + } + Assert.That(i, Is.EqualTo(pRules.Item.Count)); + groups = groups.Distinct().ToList(); + + using var pRstr = ComReleaserFactory.Create(pPol.Item.ServiceRestriction); + Assert.IsNotNull(pRules.Item); + + if (groups.Count > 0 && pPol.Item.IsRuleGroupCurrentlyEnabled[groups[0]]) + { + TestContext.WriteLine($"Group '{groups[0]}' is enabled={pPol.Item.IsRuleGroupEnabled(prof, groups[0])}"); + } + } + + [Test] + public void INetFwRuleTest() + { + using var pPol = ComReleaserFactory.Create(new INetFwPolicy2()); + Assert.IsNotNull(pPol.Item); + using var pRules = ComReleaserFactory.Create(pPol.Item.Rules); + Assert.IsNotNull(pRules.Item); + foreach (var pRule in pRules.Item.Cast().Select(p => ComReleaserFactory.Create(p))) + { + using (pRule) + { + var r3 = (INetFwRule3)pRule.Item; + var intf = r3.GetInterfaces(); + TestContext.WriteLine(new string('=', 30)); + TestContext.WriteLine($"{r3.Name}: {r3.Description}"); + TestContext.WriteLine($" App={r3.ApplicationName}, Svc={r3.serviceName}, Prot={r3.Protocol}, LcPrt={r3.LocalPorts}, RmPrt={r3.RemotePorts}, LcAddr={r3.LocalAddresses}"); + TestContext.WriteLine($" RmAddr={r3.RemoteAddresses}, Icmp={r3.IcmpTypesAndCodes}, Dir={r3.Direction}, Intf={string.Join(";", intf)}, IntfT={r3.InterfaceTypes}, Enab={r3.Enabled}"); + TestContext.WriteLine($" Grp={r3.Grouping}, Prof={r3.Profiles}, EdgeTrv={r3.EdgeTraversal}"); + TestContext.WriteLine($" Action={r3.Action}, EdgeTrvOp={r3.EdgeTraversalOptions}, LcPkg={r3.LocalAppPackageId}"); + TestContext.WriteLine($" LcUsr={r3.LocalUserOwner}, LcUsrAuth={r3.LocalUserAuthorizedList}, RmUsrAuth={r3.RemoteUserAuthorizedList}, RmMachAuth={r3.RemoteMachineAuthorizedList}, Sec={r3.SecureFlags}"); + } + } + } + } +} \ No newline at end of file diff --git a/Vanara.sln b/Vanara.sln index 37368f76..4e298dea 100644 --- a/Vanara.sln +++ b/Vanara.sln @@ -247,6 +247,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Vanara.PInvoke.PeerDist", " EndProject Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Vanara.PInvoke.Drt", "PInvoke\Drt\Vanara.PInvoke.Drt.csproj", "{1AB1FB9D-CE35-4A2D-9132-FFA681654031}" EndProject +Project("{778DAE3C-4631-46EA-AA77-85C1314464D9}") = "Vanara.PInvoke.FirewallApi", "PInvoke\FirewallApi\Vanara.PInvoke.FirewallApi.vbproj", "{E74C1A09-1051-4616-8693-B69A6A95AD03}" +EndProject +Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "FirewallApi", "UnitTests\PInvoke\FirewallApi\FirewallApi.csproj", "{6A9599A6-89D5-4072-8DA1-A13E37023613}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -795,6 +799,16 @@ Global {1AB1FB9D-CE35-4A2D-9132-FFA681654031}.DebugNoTests|Any CPU.Build.0 = Debug|Any CPU {1AB1FB9D-CE35-4A2D-9132-FFA681654031}.Release|Any CPU.ActiveCfg = Release|Any CPU {1AB1FB9D-CE35-4A2D-9132-FFA681654031}.Release|Any CPU.Build.0 = Release|Any CPU + {E74C1A09-1051-4616-8693-B69A6A95AD03}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {E74C1A09-1051-4616-8693-B69A6A95AD03}.Debug|Any CPU.Build.0 = Debug|Any CPU + {E74C1A09-1051-4616-8693-B69A6A95AD03}.DebugNoTests|Any CPU.ActiveCfg = Debug|Any CPU + {E74C1A09-1051-4616-8693-B69A6A95AD03}.DebugNoTests|Any CPU.Build.0 = Debug|Any CPU + {E74C1A09-1051-4616-8693-B69A6A95AD03}.Release|Any CPU.ActiveCfg = Release|Any CPU + {E74C1A09-1051-4616-8693-B69A6A95AD03}.Release|Any CPU.Build.0 = Release|Any CPU + {6A9599A6-89D5-4072-8DA1-A13E37023613}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {6A9599A6-89D5-4072-8DA1-A13E37023613}.Debug|Any CPU.Build.0 = Debug|Any CPU + {6A9599A6-89D5-4072-8DA1-A13E37023613}.DebugNoTests|Any CPU.ActiveCfg = Debug|Any CPU + {6A9599A6-89D5-4072-8DA1-A13E37023613}.Release|Any CPU.ActiveCfg = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE @@ -901,6 +915,8 @@ Global {BBA10B94-658F-4BD7-A3DD-AA39CDF9A68D} = {385CAD2D-0A5E-4F80-927B-D5499D126B90} {3108565B-2F79-447B-9386-42203CD949A5} = {212ABBD0-B724-4CFA-9D6D-E3891547FA90} {1AB1FB9D-CE35-4A2D-9132-FFA681654031} = {212ABBD0-B724-4CFA-9D6D-E3891547FA90} + {E74C1A09-1051-4616-8693-B69A6A95AD03} = {212ABBD0-B724-4CFA-9D6D-E3891547FA90} + {6A9599A6-89D5-4072-8DA1-A13E37023613} = {385CAD2D-0A5E-4F80-927B-D5499D126B90} EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {543FAC75-2AF1-4EF1-9609-B242B63FEED4}