我有一个新问题,阻止IP地址需要哪些防火墙设置?我发现属性“RemoteAddress”,如firewallRule.RemoteAddress,但我不知道如何使用它。这是我在stackoverflow上找到的(以下代码阻止所有访问互联网),谢谢。
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using NETCONLib;
using NATUPNPLib;
using NetFwTypeLib;
namespace WindowsFormsApplication1
{
public class Form1 : Form
{
public Form1()
{
InitializeComponent();
INetFwRule firewallRule = (INetFwRule)Activator.CreateInstance(
Type.GetTypeFromProgID("HNetCfg.FWRule"));
firewallRule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
firewallRule.Description = "Used to block all internet access.";
firewallRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_OUT;
firewallRule.Enabled = true;
firewallRule.InterfaceTypes = "All";
firewallRule.Name = "Block Internet";
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(
Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
firewallPolicy.Rules.Add(firewallRule);
}
}
}
您可以使用逗号分隔的IP地址列表(子网,别名)
$Rule.RemoteAddresses = RemoteAddresses = 'LocalSubnet,10.1.1.1/255.255.255.255,12.5.0.0/255.255.0.0'
据我所知,你必须首先检索RemoteAddresses
列表,然后才能添加它。否则,它只会用下一个IP覆盖每个IP。格式需要像Jan在他/她的回答中所描述的那样。但是,添加单个IP地址时不需要子网“/255.255.255.255
”。我的应用程序一次只能阻止一个ip,但你可以像Jan所描述的那样在那里放置范围。除了RemoteAddresses
部分之外,大部分功劳都归于其他人。如果有更好/更清洁的方式,我很乐意听到它。这是我最终如何做到这一点:
private void BlockIp(string ip, string ruleName)
{
INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
INetFwRule firewallRule = firewallPolicy.Rules.OfType<INetFwRule>().Where(x => x.Name == ruleName).FirstOrDefault();
if (firewallRule == null)
{
firewallRule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
firewallRule.Name = ruleName;
firewallPolicy.Rules.Add(firewallRule);
firewallRule.Description = "Block inbound traffic";
firewallRule.Profiles = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL;
firewallRule.Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP;
firewallRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN;
firewallRule.Action = NET_FW_ACTION_.NET_FW_ACTION_BLOCK;
//firewallRule.LocalPorts = "8080";
//firewallRule.Grouping = "@firewallapi.dll,-23255";
firewallRule.Enabled = true;
firewallRule.RemoteAddresses = ip;
//firewallPolicy.Rules.Add(firewallRule); //throws error, not needed
} else {
var remoteAddresses = firewallRule.RemoteAddresses;
firewallRule.RemoteAddresses = remoteAddresses + "," + ip;
}
}