Created
December 11, 2012 18:45
-
-
Save webcoyote/4260964 to your computer and use it in GitHub Desktop.
Windows Firewall configuration script
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| ::configure-firewall-example.bat | |
| ::by Patrick Wyatt 12/22/2011 | |
| ::MIT License - do with as you will; no warranty | |
| SETLOCAL EnableExtensions | |
| if "%1" == "" ( | |
| echo Usage: | |
| echo %0 display | |
| echo %0 install | |
| echo %0 remove | |
| exit /B 1 | |
| ) | |
| :: Example syntax | |
| ::%SystemRoot%\System32\cscript.exe //nologo configure-firewall.vbs /GroupName:"!GroupNameHere" /RuleName:"!RuleNameHere" /ExePath:"!ExecutablePathHere" /Command:%1 | |
| :: Grant "notepad" some firewall permissions | |
| %SystemRoot%\System32\cscript.exe //nologo configure-firewall.vbs /GroupName:"Notepad" /RuleName:"Notepad" /ExePath:"C:\Windows\notepad.exe" /Command:%1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 'configure-firewall.vbs | |
| 'Sets Windows firewall permissions for a specific application | |
| 'Grants full inbound/outbound access for TCP/UDP | |
| 'by Patrick Wyatt 12/22/2011 | |
| 'MIT License - do with as you will; no warranty | |
| option explicit | |
| '************************************** | |
| const NET_FW_IP_PROTOCOL_TCP = 6 | |
| const NET_FW_IP_PROTOCOL_UDP = 17 | |
| const NET_FW_RULE_DIR_IN = 1 | |
| const NET_FW_RULE_DIR_OUT = 2 | |
| '************************************** | |
| sub UpdateFirewallRule (addRules, policy, groupName, ruleName, exePath, netProtocol, direction) | |
| 'Prettify the rule name | |
| dim name | |
| name = ruleName | |
| name = name & " - Allow" | |
| if netProtocol = NET_FW_IP_PROTOCOL_TCP then | |
| name = name & " TCP" | |
| elseif netProtocol = NET_FW_IP_PROTOCOL_UDP then | |
| name = name & " UDP" | |
| end if | |
| if direction = NET_FW_RULE_DIR_IN then | |
| name = name & " IN" | |
| elseif direction = NET_FW_RULE_DIR_OUT then | |
| name = name & " OUT" | |
| end if | |
| 'Set rule parameters | |
| dim rule | |
| set rule = CreateObject("HNetCfg.FwRule") | |
| rule.Enabled = true | |
| rule.Grouping = groupName | |
| rule.Name = name | |
| rule.ApplicationName = exePath | |
| rule.Protocol = netProtocol | |
| rule.Direction = direction | |
| 'Remove old rule | |
| if addRules < 0 then | |
| Wscript.echo " Removing rule '" & name | |
| end if | |
| 'Always remove old rule to prevent duplicates | |
| policy.Rules.Remove rule.name | |
| if Err.Number <> 0 then | |
| Wscript.Echo " Removing rule '" & name & "'failed with error '" & Err.Description & "' (" & Err.Number & ")" | |
| Wscript.Quit 1 | |
| end if | |
| 'Add new rule | |
| if addRules > 0 then | |
| Wscript.echo " Adding rule '" & name | |
| policy.Rules.Add rule | |
| if Err.Number <> 0 then | |
| Wscript.Echo " Adding rule '" & name & "'failed with error '" & Err.Description & "' (" & Err.Number & ")" | |
| Wscript.Echo " did you remember to run this script as administrator?" | |
| Wscript.Quit 1 | |
| end if | |
| end if | |
| end sub | |
| '************************************** | |
| sub DisplayRules (policy, groupName) | |
| dim RulesObject | |
| set RulesObject = policy.Rules | |
| Wscript.echo "Displaying firewall rules" | |
| dim Rule | |
| for each Rule in RulesObject | |
| if Rule.Grouping = groupName then | |
| Wscript.Echo " Rule: " & Rule.Name | |
| end if | |
| next | |
| Wscript.echo "" | |
| end sub | |
| '************************************** | |
| 'Main program | |
| dim command, groupName, ruleName, exePath | |
| command = Wscript.Arguments.Named("Command") | |
| groupName = Wscript.Arguments.Named("GroupName") | |
| ruleName = Wscript.Arguments.Named("RuleName") | |
| exePath = Wscript.Arguments.Named("ExePath") | |
| Wscript.echo "Firewall rule update arguments:" | |
| Wscript.echo " Command: " & command | |
| Wscript.echo " Grouping: " & groupName | |
| Wscript.echo " RuleName: " & ruleName | |
| Wscript.echo " ExePath: " & exePath | |
| Wscript.echo "" | |
| 'Parse command line | |
| dim addRules | |
| if command = "install" then | |
| Wscript.echo "Installing firewall rules" | |
| addRules = 1 | |
| elseif command = "remove" then | |
| Wscript.echo "Removing firewall rules" | |
| addRules = -1 | |
| elseif command = "display" then | |
| addRules = 0 | |
| else | |
| Wscript.echo "Unknown command: " & command | |
| Wscript.Quit 1 | |
| end if | |
| dim policy | |
| set policy = CreateObject("HNetCfg.FwPolicy2") | |
| if addRules <> 0 then | |
| UpdateFirewallRule addRules, policy, groupName, ruleName, exePath, NET_FW_IP_PROTOCOL_TCP, NET_FW_RULE_DIR_IN | |
| UpdateFirewallRule addRules, policy, groupName, ruleName, exePath, NET_FW_IP_PROTOCOL_TCP, NET_FW_RULE_DIR_OUT | |
| UpdateFirewallRule addRules, policy, groupName, ruleName, exePath, NET_FW_IP_PROTOCOL_UDP, NET_FW_RULE_DIR_IN | |
| UpdateFirewallRule addRules, policy, groupName, ruleName, exePath, NET_FW_IP_PROTOCOL_UDP, NET_FW_RULE_DIR_OUT | |
| Wscript.echo "" | |
| end if | |
| DisplayRules policy, groupName | |
| Wscript.echo "Success" | |
| Wscript.Quit 0 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment