Allow firewall via registry instead of netsh?

StewartBW 305 Reputation points
2024-04-15T20:20:18.25+00:00

Hello

Going to allow an app through Windows firewall in vb.net

Instead of using:

netsh advfirewall firewall add rule name="blah" dir=in action=allow program="C:\Program Files\blah\App.exe" enable=yes

May I just add this registry entry?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

and

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

values:

"{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"="v2.30|Action=Allow|Active=TRUE|Dir=In|App=%ProgramFiles%\blah\App.exe|Name=blah|Desc=blah|"

"{xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}"="v2.30|Action=Allow|Active=TRUE|Dir=Out|App=%ProgramFiles%\blah\App.exe|Name=blah|Desc=blah|"

  • In case we have admin rights.
Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,657 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,277 questions
VB
VB
An object-oriented programming language developed by Microsoft that is implemented on the .NET Framework. Previously known as Visual Basic .NET.
2,578 questions
0 comments
Accepted answer
  1. Castorix31 81,741 Reputation points
    2024-04-16T00:09:18.8633333+00:00

    It can be done with Firewall interfaces

    For example (must be Admin (requireAdministrator in Manifest) to update a rule) : 

            Dim hr As HRESULT = HRESULT.S_OK
        Dim pNetFwRule As INetFwRule = CType(Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule")), INetFwRule)
        hr = pNetFwRule.put_Action(NET_FW_ACTION.NET_FW_ACTION_ALLOW)
        hr = pNetFwRule.put_Description("blah description")
        hr = pNetFwRule.put_ApplicationName("C:\Program Files\blah\App.exe")
        hr = pNetFwRule.put_Direction(NET_FW_RULE_DIRECTION.NET_FW_RULE_DIR_IN)
        hr = pNetFwRule.put_Enabled(True)
        hr = pNetFwRule.put_Name("blah")
        Dim pNetFwPolicy2 As INetFwPolicy2 = CType(Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")), INetFwPolicy2)
        Dim pNetFwRules As INetFwRules = Nothing
        hr = pNetFwPolicy2.get_Rules(pNetFwRules)
        Try
            hr = pNetFwRules.Add(pNetFwRule)
        Catch ex As Exception
            MessageBox.Show(String.Format("Error : {0}", ex.Message), "Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
        End Try

    with declarations :

        Public Enum HRESULT As Integer
        S_OK = 0
        S_FALSE = 1
        E_NOINTERFACE = &H80004002
        E_NOTIMPL = &H80004001
        E_FAIL = &H80004005
    End Enum

    Public Enum NET_FW_PROFILE_TYPE2 As Integer
        NET_FW_PROFILE2_DOMAIN = &H1
        NET_FW_PROFILE2_PRIVATE = &H2
        NET_FW_PROFILE2_PUBLIC = &H4
        NET_FW_PROFILE2_ALL = &H7FFFFFFF
    End Enum

    Public Enum NET_FW_IP_PROTOCOL As Integer
        NET_FW_IP_PROTOCOL_TCP = 6
        NET_FW_IP_PROTOCOL_UDP = 17
        NET_FW_IP_PROTOCOL_ANY = 256
    End Enum

    Public Enum NET_FW_RULE_DIRECTION
        NET_FW_RULE_DIR_IN = 1
        NET_FW_RULE_DIR_OUT = NET_FW_RULE_DIR_IN + 1
        NET_FW_RULE_DIR_MAX = NET_FW_RULE_DIR_OUT + 1
    End Enum

    Public Enum NET_FW_ACTION
        NET_FW_ACTION_BLOCK = 0
        NET_FW_ACTION_ALLOW = NET_FW_ACTION_BLOCK + 1
        NET_FW_ACTION_MAX = NET_FW_ACTION_ALLOW + 1
    End Enum

    Public Enum NET_FW_MODIFY_STATE
        NET_FW_MODIFY_STATE_OK = 0
        NET_FW_MODIFY_STATE_GP_OVERRIDE = NET_FW_MODIFY_STATE_OK + 1
        NET_FW_MODIFY_STATE_INBOUND_BLOCKED = NET_FW_MODIFY_STATE_GP_OVERRIDE + 1
    End Enum

    <ComImport> <Guid("9C4C6277-5027-441E-AFAE-CA1F542DA009")> <InterfaceType(ComInterfaceType.InterfaceIsIUnknown)>
    Public Interface INetFwRules
#Region "<IDispatch>"
        Function GetTypeInfoCount(<[Out]()> ByRef pctinfo As UInteger) As HRESULT
        Function GetTypeInfo(iTInfo As UInteger, lcid As UInteger, <[Out]()> ByRef ppTInfo As IntPtr) As HRESULT

        Function GetIDsOfNames(ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.LPArray)> rgszNames As String(),
                               <[In], MarshalAs(UnmanagedType.U4)> cNames As Integer,
                               <[In], MarshalAs(UnmanagedType.U4)> lcid As UInteger,
                               <Out, MarshalAs(UnmanagedType.LPArray)> ByRef rgDispId As Integer()) As HRESULT
        Function Invoke(dispIdMember As Integer, ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.U4)> lcid As Integer,
                        <[In], MarshalAs(UnmanagedType.U4)> dwFlags As Integer,
                        <Out, [In]> ByRef pDispParams As System.Runtime.InteropServices.ComTypes.DISPPARAMS,
                        <Out> ByRef pVarResult As Object, <Out, [In]> ByRef pExcepInfo As System.Runtime.InteropServices.ComTypes.EXCEPINFO,
                        <Out, MarshalAs(UnmanagedType.LPArray)> ByRef pArgErr As IntPtr()) As HRESULT
#End Region
        Function get_Count(<Out> ByRef count As Integer) As HRESULT
        Function Add(rule As INetFwRule) As HRESULT
        Function Remove(name As System.Text.StringBuilder) As HRESULT
        Function Item(name As String, <Out> ByRef rule As INetFwRule) As HRESULT
        'HRESULT get__NewEnum([MarshalAs(UnmanagedType.IUnknown)] out object newEnum);
        Function get__NewEnum(<Out> ByRef newEnum As IntPtr) As HRESULT
    End Interface

    <ComImport> <Guid("8267BBE3-F890-491C-B7B6-2DB1EF0E5D2B")> <InterfaceType(ComInterfaceType.InterfaceIsIUnknown)>
    Public Interface INetFwServiceRestriction
#Region "<IDispatch>"
        Function GetTypeInfoCount(<[Out]()> ByRef pctinfo As UInteger) As HRESULT
        Function GetTypeInfo(iTInfo As UInteger, lcid As UInteger, <[Out]()> ByRef ppTInfo As IntPtr) As HRESULT

        Function GetIDsOfNames(ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.LPArray)> rgszNames As String(),
                               <[In], MarshalAs(UnmanagedType.U4)> cNames As Integer,
                               <[In], MarshalAs(UnmanagedType.U4)> lcid As UInteger,
                               <Out, MarshalAs(UnmanagedType.LPArray)> ByRef rgDispId As Integer()) As HRESULT
        Function Invoke(dispIdMember As Integer, ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.U4)> lcid As Integer,
                        <[In], MarshalAs(UnmanagedType.U4)> dwFlags As Integer,
                        <Out, [In]> ByRef pDispParams As System.Runtime.InteropServices.ComTypes.DISPPARAMS,
                        <Out> ByRef pVarResult As Object, <Out, [In]> ByRef pExcepInfo As System.Runtime.InteropServices.ComTypes.EXCEPINFO,
                        <Out, MarshalAs(UnmanagedType.LPArray)> ByRef pArgErr As IntPtr()) As HRESULT
#End Region

        Function RestrictService(serviceName As String, appName As String, <MarshalAs(UnmanagedType.VariantBool)> rs As Boolean, <MarshalAs(UnmanagedType.VariantBool)> serviceSidRestricted As Boolean) As HRESULT
        Function ServiceRestricted(serviceName As String, appName As String, <Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef rs As Boolean) As HRESULT
        Function get_Rules(<Out> ByRef rules As INetFwRules) As HRESULT
    End Interface

    <ComImport> <Guid("AF230D27-BABA-4E42-ACED-F524F22CFCE2")> <InterfaceType(ComInterfaceType.InterfaceIsIUnknown)>
    Public Interface INetFwRule
#Region "<IDispatch>"
        Function GetTypeInfoCount(<[Out]()> ByRef pctinfo As UInteger) As HRESULT
        Function GetTypeInfo(iTInfo As UInteger, lcid As UInteger, <[Out]()> ByRef ppTInfo As IntPtr) As HRESULT

        Function GetIDsOfNames(ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.LPArray)> rgszNames As String(),
                               <[In], MarshalAs(UnmanagedType.U4)> cNames As Integer,
                               <[In], MarshalAs(UnmanagedType.U4)> lcid As UInteger,
                               <Out, MarshalAs(UnmanagedType.LPArray)> ByRef rgDispId As Integer()) As HRESULT
        Function Invoke(dispIdMember As Integer, ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.U4)> lcid As Integer,
                        <[In], MarshalAs(UnmanagedType.U4)> dwFlags As Integer,
                        <Out, [In]> ByRef pDispParams As System.Runtime.InteropServices.ComTypes.DISPPARAMS,
                        <Out> ByRef pVarResult As Object, <Out, [In]> ByRef pExcepInfo As System.Runtime.InteropServices.ComTypes.EXCEPINFO,
                        <Out, MarshalAs(UnmanagedType.LPArray)> ByRef pArgErr As IntPtr()) As HRESULT
#End Region

        Function get_Name(<Out> ByRef name As String) As HRESULT
        Function put_Name(name As String) As HRESULT
        Function get_Description(<Out> ByRef desc As String) As HRESULT
        Function put_Description(desc As String) As HRESULT
        Function get_ApplicationName(<Out> ByRef imageFileName As String) As HRESULT
        Function put_ApplicationName(imageFileName As String) As HRESULT
        Function get_ServiceName(<Out> ByRef serviceName As String) As HRESULT
        Function put_ServiceName(serviceName As String) As HRESULT
        Function get_Protocol(<Out> ByRef protocol As NET_FW_IP_PROTOCOL) As HRESULT
        Function put_Protocol(protocol As NET_FW_IP_PROTOCOL) As HRESULT
        Function get_LocalPorts(<Out> ByRef portNumbers As String) As HRESULT
        Function put_LocalPorts(portNumbers As String) As HRESULT
        Function get_RemotePorts(<Out> ByRef portNumbers As String) As HRESULT
        Function put_RemotePorts(portNumbers As String) As HRESULT
        Function get_LocalAddresses(<Out> ByRef localAddrs As String) As HRESULT
        Function put_LocalAddresses(localAddrs As String) As HRESULT
        Function get_RemoteAddresses(<Out> ByRef remoteAddrs As String) As HRESULT
        Function put_RemoteAddresses(remoteAddrs As String) As HRESULT
        Function get_IcmpTypesAndCodes(<Out> ByRef icmpTypesAndCodes As String) As HRESULT
        Function put_IcmpTypesAndCodes(icmpTypesAndCodes As String) As HRESULT
        Function get_Direction(<Out> ByRef remoteAddrs As NET_FW_RULE_DIRECTION) As HRESULT
        Function put_Direction(remoteAddrs As NET_FW_RULE_DIRECTION) As HRESULT

        ' VARIANT
        Function get_Interfaces(<Out> ByRef interfaces As IntPtr) As HRESULT
        Function put_Interfaces(interfaces As IntPtr) As HRESULT

        Function get_InterfaceTypes(<Out> ByRef interfaceTypes As String) As HRESULT
        Function put_InterfaceTypes(interfaceTypes As String) As HRESULT

        Function get_Enabled(<Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef enabled As Boolean) As HRESULT
        Function put_Enabled(<MarshalAs(UnmanagedType.VariantBool)> enabled As Boolean) As HRESULT

        Function get_Grouping(<Out> ByRef context As String) As HRESULT
        Function put_Grouping(context As String) As HRESULT

        'HRESULT get_Grouping(StringBuilder context);
        'HRESULT put_Grouping(StringBuilder context);
        Function get_Profiles(<Out> ByRef profileTypesBitmask As NET_FW_PROFILE_TYPE2) As HRESULT
        Function put_Profiles(profileTypesBitmask As NET_FW_PROFILE_TYPE2) As HRESULT

        Function get_EdgeTraversal(<Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef enabled As Boolean) As HRESULT
        Function put_EdgeTraversal(<MarshalAs(UnmanagedType.VariantBool)> enabled As Boolean) As HRESULT

        Function get_Action(<Out> ByRef action As NET_FW_ACTION) As HRESULT
        Function put_Action(action As NET_FW_ACTION) As HRESULT
    End Interface

    <ComImport> <Guid("98325047-C671-4174-8D81-DEFCD3F03186")> <InterfaceType(ComInterfaceType.InterfaceIsIUnknown)>
    Public Interface INetFwPolicy2
#Region "<IDispatch>"
        Function GetTypeInfoCount(<[Out]()> ByRef pctinfo As UInteger) As HRESULT
        Function GetTypeInfo(iTInfo As UInteger, lcid As UInteger, <[Out]()> ByRef ppTInfo As IntPtr) As HRESULT

        Function GetIDsOfNames(ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.LPArray)> rgszNames As String(),
                               <[In], MarshalAs(UnmanagedType.U4)> cNames As Integer,
                               <[In], MarshalAs(UnmanagedType.U4)> lcid As UInteger,
                               <Out, MarshalAs(UnmanagedType.LPArray)> ByRef rgDispId As Integer()) As HRESULT
        Function Invoke(dispIdMember As Integer, ByRef riid As Guid, <[In], MarshalAs(UnmanagedType.U4)> lcid As Integer,
                        <[In], MarshalAs(UnmanagedType.U4)> dwFlags As Integer,
                        <Out, [In]> ByRef pDispParams As System.Runtime.InteropServices.ComTypes.DISPPARAMS,
                        <Out> ByRef pVarResult As Object, <Out, [In]> ByRef pExcepInfo As System.Runtime.InteropServices.ComTypes.EXCEPINFO,
                        <Out, MarshalAs(UnmanagedType.LPArray)> ByRef pArgErr As IntPtr()) As HRESULT
#End Region

        Function get_CurrentProfileTypes(<Out> ByRef profileTypesBitmask As Integer) As HRESULT
        Function get_FirewallEnabled(profileType As NET_FW_PROFILE_TYPE2, <Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef enabled As Boolean) As HRESULT
        Function put_FirewallEnabled(profileType As NET_FW_PROFILE_TYPE2, <MarshalAs(UnmanagedType.VariantBool)> enabled As Boolean) As HRESULT
        Function get_ExcludedInterfaces(profileType As NET_FW_PROFILE_TYPE2, <Out> ByRef interfaces As IntPtr) As HRESULT
        Function put_ExcludedInterfaces(profileType As NET_FW_PROFILE_TYPE2, interfaces As IntPtr) As HRESULT
        Function get_BlockAllInboundTraffic(profileType As NET_FW_PROFILE_TYPE2, <Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef Block As Boolean) As HRESULT
        Function put_BlockAllInboundTraffic(profileType As NET_FW_PROFILE_TYPE2, <MarshalAs(UnmanagedType.VariantBool)> Block As Boolean) As HRESULT
        Function get_NotificationsDisabled(profileType As NET_FW_PROFILE_TYPE2, <Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef disabled As Boolean) As HRESULT
        Function put_NotificationsDisabled(profileType As NET_FW_PROFILE_TYPE2, <MarshalAs(UnmanagedType.VariantBool)> disabled As Boolean) As HRESULT
        Function get_UnicastResponsesToMulticastBroadcastDisabled(profileType As NET_FW_PROFILE_TYPE2, <Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef disabled As Boolean) As HRESULT
        Function put_UnicastResponsesToMulticastBroadcastDisabled(profileType As NET_FW_PROFILE_TYPE2, <MarshalAs(UnmanagedType.VariantBool)> disabled As Boolean) As HRESULT
        Function get_Rules(<Out> ByRef rules As INetFwRules) As HRESULT
        Function get_ServiceRestriction(<Out> ByRef ServiceRestriction As INetFwServiceRestriction) As HRESULT
        Function EnableRuleGroup(profileTypesBitmask As Integer, group As String, <MarshalAs(UnmanagedType.VariantBool)> enable As Boolean) As HRESULT
        Function IsRuleGroupEnabled(profileTypesBitmask As Integer, group As String, <Out> <MarshalAs(UnmanagedType.VariantBool)> ByRef enabled As Boolean) As HRESULT
        Function RestoreLocalFirewallDefaults() As HRESULT
        Function get_DefaultInboundAction(profileType As NET_FW_PROFILE_TYPE2, <Out> ByRef action As NET_FW_ACTION) As HRESULT
        Function put_DefaultInboundAction(profileType As NET_FW_PROFILE_TYPE2, action As NET_FW_ACTION) As HRESULT
        Function get_DefaultOutboundAction(profileType As NET_FW_PROFILE_TYPE2, <Out> ByRef action As NET_FW_ACTION) As HRESULT
        Function put_DefaultOutboundAction(profileType As NET_FW_PROFILE_TYPE2, action As NET_FW_ACTION) As HRESULT
        Function get_IsRuleGroupCurrentlyEnabled(group As String, <MarshalAs(UnmanagedType.VariantBool)> enabled As Boolean) As HRESULT
        Function get_LocalPolicyModifyState(<Out> ByRef modifyState As NET_FW_MODIFY_STATE) As HRESULT
    End Interface
    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

    Comments have been turned off. Learn more