/****************************************************************** RemovePortExceptionFromCurrentProfile ********************************************************************/ static HRESULT RemovePortExceptionFromCurrentProfile( __in int iPort, __in int iProtocol, __in BOOL fIgnoreFailures ) { HRESULT hr = S_OK; INetFwProfile* pfwProfile = NULL; INetFwOpenPorts* pfwPorts = NULL; // get the firewall profile, which is our entry point for adding exceptions hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts); ExitOnFailure(hr, "failed to get open ports"); hr = pfwPorts->Remove(iPort, static_cast<NET_FW_IP_PROTOCOL>(iProtocol)); ExitOnFailure2(hr, "failed to remove open port %d, protocol %d", iPort, iProtocol); LExit: return fIgnoreFailures ? S_OK : hr; }
int CheckFirewallPortState(long number, NET_FW_IP_PROTOCOL protocol) { INetFwMgr *imgr = NULL; INetFwPolicy *ipol = NULL; INetFwProfile *iprof = NULL; HRESULT hr = S_OK; VARIANT_BOOL portenabled = 0; // false int result = 0; // error hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr); if(FAILED(hr)) return 0; hr = S_FALSE; if(imgr->get_LocalPolicy(&ipol) == S_OK) { if(ipol->get_CurrentProfile(&iprof) == S_OK) { INetFwOpenPorts *iports = NULL; if(iprof->get_GloballyOpenPorts(&iports) == S_OK) { INetFwOpenPort *iport = NULL; hr = iports->Item(number, protocol, &iport); if(SUCCEEDED(hr)) { hr = iport->get_Enabled(&portenabled); iport->Release(); } iports->Release(); } iprof->Release(); } ipol->Release(); } imgr->Release(); if(hr == S_OK) { if(portenabled) result = 1; else result = -1; } return result; }
/****************************************************************** AddPortExceptionOnCurrentProfile ********************************************************************/ static HRESULT AddPortExceptionOnCurrentProfile( __in LPCWSTR wzName, __in_opt LPCWSTR wzRemoteAddresses, __in BOOL fIgnoreFailures, __in int iPort, __in int iProtocol ) { HRESULT hr = S_OK; BSTR bstrName = NULL; BSTR bstrRemoteAddresses = NULL; INetFwProfile* pfwProfile = NULL; INetFwOpenPorts* pfwPorts = NULL; INetFwOpenPort* pfwPort = NULL; // convert to BSTRs to make COM happy bstrName = ::SysAllocString(wzName); ExitOnNull(bstrName, hr, E_OUTOFMEMORY, "failed SysAllocString for name"); bstrRemoteAddresses = ::SysAllocString(wzRemoteAddresses); ExitOnNull(bstrRemoteAddresses, hr, E_OUTOFMEMORY, "failed SysAllocString for remote addresses"); // create and initialize a new open port object hr = ::CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), reinterpret_cast<void**>(&pfwPort)); ExitOnFailure(hr, "failed to create new open port"); hr = pfwPort->put_Port(iPort); ExitOnFailure(hr, "failed to set exception port"); hr = pfwPort->put_Protocol(static_cast<NET_FW_IP_PROTOCOL>(iProtocol)); ExitOnFailure(hr, "failed to set exception protocol"); if (bstrRemoteAddresses && *bstrRemoteAddresses) { hr = pfwPort->put_RemoteAddresses(bstrRemoteAddresses); ExitOnFailure1(hr, "failed to set exception remote addresses '%ls'", bstrRemoteAddresses); } hr = pfwPort->put_Name(bstrName); ExitOnFailure(hr, "failed to set exception name"); // get the firewall profile, its current list of open ports, and add ours hr = GetCurrentFirewallProfile(fIgnoreFailures, &pfwProfile); ExitOnFailure(hr, "failed to get firewall profile"); if (S_FALSE == hr) // user or package author chose to ignore missing firewall { ExitFunction(); } hr = pfwProfile->get_GloballyOpenPorts(&pfwPorts); ExitOnFailure(hr, "failed to get open ports"); hr = pfwPorts->Add(pfwPort); ExitOnFailure(hr, "failed to add exception to global list"); LExit: ReleaseBSTR(bstrRemoteAddresses); ReleaseBSTR(bstrName); ReleaseObject(pfwProfile); ReleaseObject(pfwPorts); ReleaseObject(pfwPort); return fIgnoreFailures ? S_OK : hr; }
bool ControlUPnPPorts(bool open) { INetFwMgr *imgr = NULL; INetFwPolicy *ipol = NULL; INetFwProfile *iprof = NULL; HRESULT hr = S_OK; bool port2869 = false; bool port1900 = false; hr = CoCreateInstance(__uuidof(NetFwMgr), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwMgr), (void**)&imgr); if(FAILED(hr)) return false; if(imgr->get_LocalPolicy(&ipol) == S_OK) { if(ipol->get_CurrentProfile(&iprof) == S_OK) { INetFwOpenPorts *iports = NULL; if(iprof->get_GloballyOpenPorts(&iports) == S_OK) { INetFwOpenPort *iport = NULL; VARIANT_BOOL portenabled = open ? -1 : 0; hr = iports->Item(2869L, NET_FW_IP_PROTOCOL_TCP, &iport); if(FAILED(hr)) { hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport); if(SUCCEEDED(hr)) { iport->put_Name(L"UPnP TCP 2869"); iport->put_Port(2869L); iport->put_Protocol(NET_FW_IP_PROTOCOL_TCP); iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET); hr = iports->Add(iport); } } if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK) { debug("TCP 2869 enabled"); port2869 = true; } if(iport) iport->Release(); hr = iports->Item(1900L, NET_FW_IP_PROTOCOL_UDP, &iport); if(FAILED(hr)) { hr = CoCreateInstance(__uuidof(NetFwOpenPort), NULL, CLSCTX_INPROC_SERVER, __uuidof(INetFwOpenPort), (void**)&iport); if(SUCCEEDED(hr)) { iport->put_Name(L"UPnP UDP 1900"); iport->put_Port(1900L); iport->put_Protocol(NET_FW_IP_PROTOCOL_UDP); iport->put_Scope(NET_FW_SCOPE_LOCAL_SUBNET); hr = iports->Add(iport); } } if(hr == S_OK && iport->put_Enabled(portenabled) == S_OK) { debug("UDP 1900 enabled"); port1900 = true; } if(iport) iport->Release(); iports->Release(); } iprof->Release(); } ipol->Release(); } imgr->Release(); return port2869 & port1900; }