Condividi tramite


Basic Firewall Operation

[The IPv6 Internet Connection Firewall is available for use in the operating systems specified in the Requirements section. It is unavailable in subsequent versions. Instead, use the Windows Firewall API.]

The following example code demonstrates several basic API operations:

  • Checks if the IPv6 Firewall is installed.
  • Enables an IPv6 Firewall on an interface.
  • Checks if a port was not opened by another application, then opens the port.
//
// ICFv6App.cpp : ICF v6 Sample App.
//
// Opens a port on the Teredo interface
//

const _bstr_t cbstrAppName (L"ICFv6SampleApplication");
const _bstr_t cbstrTeredoIfName (L"Teredo Tunneling Pseudo-Interface");
const unsigned short cnPort = 50000;
const PORT_PROTOCOL cProtocol = PORT_PROTOCOL_UDP;

//
// Checks if the specified port was already opened by somebody else
//
HRESULT IsPortInUse (
    USHORT usPort, 
    PORT_PROTOCOL PortProtocol, 
    INetFwV6Connection* pConn,
    bool* pbInUse
    )
{
    if (NULL == pConn || 
        NULL == pbInUse)
    {
        return E_POINTER;
    }

    //
    // Initialize the out variable
    //
    *pbInUse = false;

    HRESULT hr = S_OK;

    //
    // Enumerate all the opened ports
    //
    IEnumNetFwV6OpenPorts* pOpenPorts = NULL;
    hr = pConn->EnumerateOpenPorts (&pOpenPorts);
    if (FAILED (hr))
    {
        return hr;
    }

    INetFwV6OpenPort* pPort = NULL;
    while (S_OK == (hr = pOpenPorts->Next (1, &pPort, NULL)))
    {        
        USHORT nPort = 0;
        PORT_PROTOCOL Protocol;
        //
        // Get the port number
        //
        hr = pPort->get_Port (&nPort);
        if (FAILED (hr))
        {
            break;
        }

        //
        // Get the protocol
        //
        pPort->get_Protocol (&Protocol);
        if (FAILED (hr))
        {
            break;
        }
        
        //
        // See if this is the port we are looking for
        //
        if (usPort == nPort && PortProtocol == Protocol) 
        {
            //
            // Check the name associated with the port
            // If it is not our tag then somebody else is using it
            //
            BSTR bstrName;
            hr = pPort->get_Name (&bstrName);
            if (FAILED (hr))
            {
                break;
            }

            if (cbstrAppName.operator != (bstrName))
            {
                //
                // Somebody else is using this port
                //
                *pbInUse = true;
            }

            break;
        }
    }
    
    return hr;
}

int _tmain()
{
    HRESULT hr;
    INetFwV6Mgr*   pfwmgr;

//
// Step 1. Check if the Internet Connection Firewall for IPv6 is installed
//

    //
    // Initialize COM
    //
    hr = CoInitializeEx(
            NULL,
            COINIT_DISABLE_OLE1DDE | COINIT_APARTMENTTHREADED
            );

    if (FAILED(hr))
    {
        //
        // Can't initialize COM
        //
        printf ("Can't initialize COM");
        goto error;
    }

    //
    // Create firewall Configuration Manager COM Instance
    //
    hr = CoCreateInstance(
                CLSID_NetFwV6Mgr,
                NULL,
                CLSCTX_INPROC_SERVER,
                __uuidof(INetFwV6Mgr), 
                (LPVOID*)&pfwmgr);

    if (REGDB_E_CLASSNOTREG == hr)
    {
        //
        // Firewall is not installed on the machine
        //
        printf("Firewall is not installed on the machine");
        return 0;
    }

    if (FAILED(hr) || NULL == pfwmgr)
    {
        //
        // Cannot get a hold of the firewall manager
        //
        goto error;
    }


//
// Step 2. Enable firewall on one interface
//

    //
    // Enumerate connections and find the interface
    // named "Teredo Tunneling Pseudo-Interface"
    //
    IEnumNetFwV6Connections* pConnections = NULL;
    hr = pfwmgr->EnumerateConnections (&pConnections);

    if (FAILED (hr))
    {
        printf ("Can't enumerate connections");
        goto error;
    }

    INetFwV6Connection* pConn = NULL;
    bool bFound = false;
    while (S_OK == (hr = pConnections->Next (1, &pConn, NULL)))
    {
        BSTR bstrName;
        hr = pConn->get_Name (&bstrName);
        if (FAILED (hr))
        {
            printf ("Can't get the name of the connection");
            goto error;
        }

        if (cbstrTeredoIfName.operator == (bstrName))
        {
            bFound = true;
            break;
        }
    }

    if (!bFound)
    {
        //
        // Couldn't find the interface
        //
        printf ("Can't find the Teredo interface");
        goto error;
    }

    //
    // Check if the interface is firewalled, and enable firewall if it is not.
    //
    // If you just want to make sure that the interface is firewalled,
    // you can call EnableFirewall directly without checking
    //
    VARIANT_BOOL vbIsFirewalled;
    hr = pConn->get_IsFirewalled (&vbIsFirewalled);
    if (FAILED (hr))
    {
        goto error;
    }
    if (false == (bool)_variant_t (vbIsFirewalled))
    {
        //
        // Enable the Firewall
        //
        hr = pConn->EnableFirewall ();
        if (FAILED (hr))
        {
            printf ("Can't enable firewall on interface");
            goto error;
        }
    }


//
// Step 3. Open the port you want to receive traffic on
//
    
    //
    // See if the port was open previously by somebody else
    //
    bool bIsInUse = false;
    hr = IsPortInUse (cnPort, cProtocol, pConn, &bIsInUse);
    if (FAILED (hr))
    {
        goto error;
    }

    
    if (true == bIsInUse)
    {
        //
        // Port was already opened by somebody else
        //
        printf ("Port was already opened by somebody else");
    }
    else
    {

        //
        // Port is available. Let's open it.
        // Tag it with our name.
        //
        hr = pConn->OpenPort (cnPort, cProtocol, cbstrAppName);
        if (FAILED (hr))
        {
            //
            // can't open port
            //
            printf ("Can't open port");
            goto error;
        }
    }

    CoUninitialize ();
    return 0;

error:
    {
        printf ("Error: %x",hr);
        CoUninitialize ();
        return hr;
    }
}