Windows 7 Firewall: Modify group items from command line
I am creating an interface that allows the user to manage (among other things) the Windows Firewall. The GUI that comes with Windows looks like this
My GUI is written in Java and uses the netsh advfirewall firewall
commands to read the current settings and to save changes.
Some of the items are single records in the firewall. The "Windows Remote Management" item however, is one of the "grouped" items. This is a combination of multiple items. Here is one of those items in the combination.
Rule Name: Windows Remote Management - Compatibility
Mode (HTTP-In)
----------------------------------------------------------------------
Enabled: No
Direction: In
Profiles: Private,Public
Grouping: Windows Remote Management
LocalIP: Any
RemoteIP: LocalSubnet
Protocol: TCP
LocalPort: 80
RemotePort: Any
Edge traversal: No
Action: Allow
In this case the whole group is disabled, but it can be enabled for the type public or private or both. (not to mention domain)
When you enable this group using the Windows GUI, if you only enable one of the types, it has to duplicate all the items in the group. One copy for disabled type, one for the enabled type.
The problem arises when I try to create the second copy. The netsh advfirewall firewall add rule
command does not allow me to set a grouping on new items. S开发者_JAVA百科o that means I can't create the second copy! Which means, unless the item has already been duplicated by Windows, I can only enable or disable both types together (public and private) which is not what I want.
How can I create this second copy? Any ideas on how to do it with Java or the command line? I found that a netsh export creates a byte file. It looks like it is a registry byte file. Is there a way to edit the firewall using reg query
? Where would firewall settings be stored int the registry? I am hoping to avoid writing my own .exe
.
The place in the registry where Windows Firewall rules are stored is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
The data in this registry key has the same variables that are editable through netsh advfirewall firewall
. Most of the actual names and descriptions are references that look like this @FirewallAPI.dll,-31293
. Firewall entries do not have a unique ID and are identified by their name. Because of this and because I was not able to find out what the reference was pointing to I deleted the Firewall entries using netsh advfirewall firewall
and adding them back using reg query
.
精彩评论