Question

我从网上获取此代码，为我的应用程序添加防火墙例外：

STDAPI AddApplicationToExceptionListW( const WCHAR* strGameExeFullPath, const WCHAR* strFriendlyAppName )
{
    HRESULT hr = E_FAIL;
    bool bCleanupCOM = false;
    BSTR bstrFriendlyAppName = NULL;
    BSTR bstrGameExeFullPath = NULL;
    INetFwAuthorizedApplication* pFwApp = NULL;
    INetFwAuthorizedApplications* pFwApps = NULL;
    INetFwProfile* pFwProfile = NULL;

#ifdef SHOW_DEBUG_MSGBOXES
        WCHAR sz[1024];
        StringCchPrintf( sz, 1024, L"strFriendlyAppName='%s' strGameExeFullPath='%s'", strFriendlyAppName, strGameExeFullPath );
        MessageBox( NULL, sz, L"AddApplicationToExceptionListW", MB_OK );
#endif

    if( strGameExeFullPath == NULL || strFriendlyAppName == NULL )
    {
        assert( false );
        return E_INVALIDARG;
    }

    bstrGameExeFullPath = SysAllocString( strGameExeFullPath );
    bstrFriendlyAppName = SysAllocString( strFriendlyAppName );
    if( bstrGameExeFullPath == NULL || bstrFriendlyAppName == NULL )
    {
        hr = E_OUTOFMEMORY;
        goto LCleanup;
    }

    hr = CoInitialize( 0 );
    bCleanupCOM = SUCCEEDED( hr );

    pFwProfile = GetFirewallProfile();
    if( pFwProfile == NULL )
    {
        hr = E_FAIL;
        goto LCleanup;
    }

    hr = pFwProfile->get_AuthorizedApplications( &pFwApps );
    if( FAILED( hr ) )
        goto LCleanup;

    // Create an instance of an authorized application.
    hr = CoCreateInstance( __uuidof( NetFwAuthorizedApplication ), NULL,
                           CLSCTX_INPROC_SERVER, __uuidof( INetFwAuthorizedApplication ), ( void** )&pFwApp );
    if( FAILED( hr ) )
        goto LCleanup;

    // Set the process image file name.
    hr = pFwApp->put_ProcessImageFileName( bstrGameExeFullPath );
    if( FAILED( hr ) )
        goto LCleanup;

    // Set the application friendly name.
    hr = pFwApp->put_Name( bstrFriendlyAppName );
    if( FAILED( hr ) )
        goto LCleanup;

    // Add the application to the collection.
    hr = pFwApps->Add( pFwApp );

LCleanup:
    if( bstrFriendlyAppName ) SysFreeString( bstrFriendlyAppName );
    if( bstrGameExeFullPath ) SysFreeString( bstrGameExeFullPath );
    if( pFwApp ) pFwApp->Release();
    if( pFwApps ) pFwApps->Release();
    if( pFwProfile ) pFwProfile->Release();
    if( bCleanupCOM ) CoUninitialize();

    return hr;
}

当我尝试通过Windows防火墙发送数据时，一切正常，但传入的连接仍然被阻止。所以我必须禁用我的防火墙来接收数据。我想，这个例外会允许所有连接（传出和传入）...... 有人知道我应该添加到这个代码中，以便我可以收到传入的数据吗？

Answer 1

仅仅添加应用程序是不够的。防火墙无法发现应用程序正在侦听哪些端口用于入站连接。您必须告诉防火墙应用程序正在使用哪个端口。您可以通过INetFwProfile::GloballyOpenPorts集合执行此操作，例如：

INetFwOpenPorts *pFwPorts = NULL;
INetFwOpenPort *pFWPort = NULL;

...

hr = pFwProfile->get_GloballyOpenPorts( &pFwPorts );
if( FAILED( hr ) )
    goto LCleanup;

// Create an instance of an open port.
hr = CoCreateInstance( __uuidof( NetFwOpenPort ), NULL, CLSCTX_INPROC_SERVER, __uuidof( INetFwOpenPort ), ( void** )&pFwPort );
if( FAILED( hr ) )
    goto LCleanup;

// Set the port number.
hr = pFWPort->put_Port( ... );
if( FAILED( hr ) )
    goto LCleanup;

// Add the port to the collection.
hr = pFwPorts->Add( pFwPort );

...

if( pFwPort ) pFwPort->Release();
if( pFwPorts ) pFwPorts->Release();

Answer 2

在我的情况下，解决方案是删除阻止我的应用程序的防火墙规则。我不知道这些规则来自何处，但现在它终于有效了。

防火墙例外代码仅适用于传出连接

2 个答案: