none
C# Firewall rule / Another Computer

    Question

  • Hello I have some Computers to my house which I have to add the same rule in Firewall (but its not only one rule) and I want to make a program which e.x.

    1. Run program on Computer A
    2. Adds Rules to FireWall to Computer B, Computer C and Computer D from Computer A
    3. All of this from my LAN

    it is possible and if yes can someone help

    Thank you very much


    George Andredakis

    The limits of what a computer can do are difined only from programmer's imagination

    Sunday, April 23, 2017 4:05 PM

Answers

  • Hi Ghex_AJ,

    Thank you for posting here.

    For your question, please use the dcom to invoke the firewall.dll from another computer. You would like to check the code sample in Code Project.

    https://www.codeproject.com/Articles/12586/Remote-Execution-Using-NET-Remoting

    And try the following code.

     /// <summary>
            /// Uing Firewallapi.dll to Set the firewall rules.
            /// When you want to change rules in firewall,just provide the name of rules that already exit rules'name in firewall
            /// </summary>
            /// <param name="destName">The name of destinate machine that will be set</param>
            /// <param name="rulesName">The name of rule that will be set</param>
            /// <param name="isRuleEnable">Set the rule enable or disable</param>
            /// <param name="isActionAllow">Set the action of rule allowed or not allowed</param>
            public void SetFwRule(string destName, string rulesName, bool isRuleEnable,bool isActionAllow)
           {
               if (destName == "" || rulesName == null)
               {
                   throw new Exception("The destName or rulesName is empty");
               }
    
               System.Type type = Type.GetTypeFromProgID(progID, destName, true);
               object policyObject = Activator.CreateInstance(type);
               INetFwPolicy2 poclicy2 = policyObject as INetFwPolicy2;
               INetFwRules rules = poclicy2.Rules;
               if (rules == null)
               {
                   throw new Exception("The rules is null");
               }
               //find the rule and change it
               INetFwRule rule = rules.Item(rulesName);
               if (rule == null)
               {
                   throw new Exception("The rule is null,maybe the rule name failed");
               }
                //set the rule enable or not
               if (isRuleEnable)
               {
                   rule.Enabled = true;
               }
               else
               {
                   rule.Enabled = false;
               }
                //set action of rule
               if (isActionAllow)
               {
                   rule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
               }
               else
               {
                   rule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
               }
    
           }

    Please note that run as administrator.

    I hope this would be helpful.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, April 25, 2017 5:38 AM
    Moderator
  • Hi Ghex_AJ,

    IP or user name in AD would be fine.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, April 26, 2017 1:56 AM
    Moderator

All replies

  • See if this helps

    http://stackoverflow.com/questions/1242566/any-way-to-turn-the-internet-off-in-windows-using-c


    Please remember to mark the replies as answers if they help and unmark them if they provide no help, this will help others who are looking for solutions to the same or similar problem. Contact via my Twitter (Karen Payne) or Facebook (Karen Payne) via my MSDN profile but will not answer coding question on either.
    VB Forums - moderator
    profile for Karen Payne on Stack Exchange, a network of free, community-driven Q&A sites

    Sunday, April 23, 2017 4:40 PM
    Moderator
  • If all your computers are joining Active Directory domain (unlikely for home scenario), you're recommended to control the firewall rules with group policy.

    If not, you should extend program as in the link quoted by Kareninstructor to read setting from remote source and configure the rules.

    If you want to do it this way, you're recommended to assign all rules added by yourself with same .Grouping value, so you can delete all rules in group before adding them for consistency.


    Monday, April 24, 2017 7:02 AM
    Answerer
  • Monday, April 24, 2017 12:59 PM
  • I want to add Firewall rule from my computer(Computer A) to another computer(B) in LAN no C(A) Firewall in C(B) firewall

    George Andredakis

    The limits of what a computer can do are difined only from programmer's imagination

    Monday, April 24, 2017 4:24 PM
  • Hi Ghex_AJ,

    Thank you for posting here.

    For your question, please use the dcom to invoke the firewall.dll from another computer. You would like to check the code sample in Code Project.

    https://www.codeproject.com/Articles/12586/Remote-Execution-Using-NET-Remoting

    And try the following code.

     /// <summary>
            /// Uing Firewallapi.dll to Set the firewall rules.
            /// When you want to change rules in firewall,just provide the name of rules that already exit rules'name in firewall
            /// </summary>
            /// <param name="destName">The name of destinate machine that will be set</param>
            /// <param name="rulesName">The name of rule that will be set</param>
            /// <param name="isRuleEnable">Set the rule enable or disable</param>
            /// <param name="isActionAllow">Set the action of rule allowed or not allowed</param>
            public void SetFwRule(string destName, string rulesName, bool isRuleEnable,bool isActionAllow)
           {
               if (destName == "" || rulesName == null)
               {
                   throw new Exception("The destName or rulesName is empty");
               }
    
               System.Type type = Type.GetTypeFromProgID(progID, destName, true);
               object policyObject = Activator.CreateInstance(type);
               INetFwPolicy2 poclicy2 = policyObject as INetFwPolicy2;
               INetFwRules rules = poclicy2.Rules;
               if (rules == null)
               {
                   throw new Exception("The rules is null");
               }
               //find the rule and change it
               INetFwRule rule = rules.Item(rulesName);
               if (rule == null)
               {
                   throw new Exception("The rule is null,maybe the rule name failed");
               }
                //set the rule enable or not
               if (isRuleEnable)
               {
                   rule.Enabled = true;
               }
               else
               {
                   rule.Enabled = false;
               }
                //set action of rule
               if (isActionAllow)
               {
                   rule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
               }
               else
               {
                   rule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
               }
    
           }

    Please note that run as administrator.

    I hope this would be helpful.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, April 25, 2017 5:38 AM
    Moderator
  • Wendy Zang good but for destname (The name of the machine) what I will put? 192.168.1.3 or something more particular??

    George Andredakis

    The limits of what a computer can do are difined only from programmer's imagination

    Tuesday, April 25, 2017 12:40 PM
  • That code will need active directory domain to work, otherwise this will be serious security vulnerability. (If your computer directly plug to internet without router with NAT in between, anyone can turn off your firewall. If another computer on your network is infected, it can turn off firewall of all your computer is equivalently bad.)

    And no, HomeGroup is just for file sharing, you'll not automatically be granted administrators group access of another computer in the group just because HomeGroup is formed. (Say, you cannot remotely shutdown another computer on homegroup just because it is joined to the group)


    Tuesday, April 25, 2017 4:34 PM
    Answerer
  • Kind of hard to help, since you make no mention of the host based firewall nor the O/S(s) that host the firewalls.  
    Tuesday, April 25, 2017 5:42 PM
  • Hi Ghex_AJ,

    IP or user name in AD would be fine.

    Best Regards,

    Wendy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Wednesday, April 26, 2017 1:56 AM
    Moderator