NSIS Simple Firewall Plugin: Difference between revisions

This plugin can be used to configurate the windows firewall. This plugin contains functions to enable, check, add or remove programs or ports to the firewall exception list. It also contains functions for checking the firewall status, enable or disable the firewall and so on.

This plugin is using the MPL License or alternatively the LGPL License.

Links

NSIS_Simple_Firewall_Plugin_1.0.zip (102 KB) The ZIP file containing a precompiled plugin DLL (to be saved in NSIS' plugin directory) and the sources.

Short Reference

SimpleFC::EnableDisableFirewall [status]
SimpleFC::IsFirewallEnabled  
 
SimpleFC::AllowDisallowExceptionsNotAllowed [status]
SimpleFC::AreExceptionsNotAllowed  
 
SimpleFC::EnableDisableNotifications [status]
SimpleFC::AreNotificationsEnabled  
 
SimpleFC::StartStopFirewallService [status]
SimpleFC::IsFirewallServiceRunning  
 
SimpleFC::AddPort [port] [name] [protocol] [scope] [ip_version] [remote_addresses] [status]
SimpleFC::IsPortAdded [port] [protocol]
SimpleFC::RemovePort [port] [protocol]
 
SimpleFC::IsPortEnabled [port] [protocol]
SimpleFC::EnableDisablePort [port] [protocol]
 
SimpleFC::AddApplication [name] [path] [scope] [ip_version] [remote_addresses] [status]
SimpleFC::IsApplicationAdded [path]
SimpleFC::RemoveApplication [path]
 
SimpleFC::IsApplicationEnabled [path]
SimpleFC::EnableDisableApplication [path]

Parameters:

• port - tcp/udp port which should be opened/closed
• name - the name of the application/port
• protocol - one of the following protocol
  • 6 - TCP
  • 17 - UDP
• scope - one of the following scope
  • 0 - All networks
  • 1 - Only local subnets
  • 2 - Custom scope
  • 3 - Max
    • NOTE: if you use custom you must define remote_addresses
• ip_version
  • 0 - IPv4
  • 1 - IPv6
  • 2 - Any protocol
  • 3 - Max
• remote_addresses - remote addresses from which the port can listen for traffic
• status - status of the port, application, firewall or service for example enabled/disabled or start/stop

The Sample Script

; Add the port 37/TCP to the firewall exception list - All Networks - All IP Version - Enabled
  SimpleFC::AddPort 37 "My Application" 6 0 2 "" 1
  Pop $0 ; return error(1)/success(0)
 
; Check if the port 37/TCP is added to the firewall exception list
  SimpleFC::IsPortAdded 37 6
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=Added/0=Not added
 
; Remove the port 37/TCP from the firewall exception list
  SimpleFC::RemovePort 37 6
  Pop $0 ; return error(1)/success(0)
 
; Check if the port 37/TCP is enabled/disabled
  SimpleFC::IsPortEnabled 37 6
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=Enabled/0=Not enabled
 
; Disable the port 37/TCP
  SimpleFC::EnableDisablePort 37 6 0
  Pop $0 ; return error(1)/success(0)
 
; Enable the port 37/TCP
  SimpleFC::EnableDisablePort 37 6 1
  Pop $0 ; return error(1)/success(0)
 
; Check if an application is enabled/disabled
  SimpleFC::IsApplicationEnabled "PathToApplication" 
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=Enabled/0=Not enabled
 
; Disable the application
  SimpleFC::EnableDisableApplication "PathToApplication" 0
  Pop $0 ; return error(1)/success(0)
 
; Enable the application
  SimpleFC::EnableDisableApplication "PathToApplication" 1
  Pop $0 ; return error(1)/success(0)
 
; Add an application to the firewall exception list - All Networks - All IP Version - Enabled
  SimpleFC::AddApplication "My Application" "PathToApplication" 0 2 "" 1
  Pop $0 ; return error(1)/success(0)
 
; Check if the application is added to the firewall exception list
  SimpleFC::IsApplicationAdded "PathToApplication"
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=Added/0=Not added
 
; Remove an application from the firewall exception list
  SimpleFC::RemoveApplication "PathToApplication"
  Pop $0 ; return error(1)/success(0)
 
; Disable the windows firewall
  SimpleFC::EnableDisableFirewall 0
  Pop $0 ; return error(1)/success(0)
 
; Enable the windows firewall
  SimpleFC::EnableDisableFirewall 1
  Pop $0 ; return error(1)/success(0)
 
; Check if the firewall is enabled
  SimpleFC::IsFirewallEnabled 
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=Enabled/0=Disabled
 
; Enable exceptions are not allowed on the windows firewall
  SimpleFC::AllowDisallowExceptionsNotAllowed 1
  Pop $0 ; return error(1)/success(0)
 
; Disable exceptions are not allowed on the windows firewall
  SimpleFC::AllowDisallowExceptionsNotAllowed 0
  Pop $0 ; return error(1)/success(0)
 
; Check if exceptions are not allowed
  SimpleFC::AreExceptionsNotAllowed
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=Exceptions are not allowed is activated/0=Exception are not allowed is deactivated
 
; Enable notifications on the windows firewall
  SimpleFC::EnableDisableNotifications 1
 
; Disable notifications on the windows firewall
  SimpleFC::EnableDisableNotifications 0
  Pop $0 ; return error(1)/success(0)
 
; Check if notifications are enabled/disabled
  SimpleFC::AreNotificationsEnabled 
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=Enabled/0=Disabled
 
; Starts the windows firewall service
  SimpleFC::StartStopFirewallService 1
  Pop $0 ; return error(1)/success(0)
 
; Stops the windows firewall service
  SimpleFC::StartStopFirewallService 0
  Pop $0 ; return error(1)/success(0)
 
; Check if windows firewall service is running
  SimpleFC::IsFirewallServiceRunning
  Pop $0 ; return error(1)/success(0)
  Pop $1 ; return 1=IsRunning/0=Not Running

Important Notes

• This plugin is running with Windows XP SP2, Windows 2003 and Windows Vista.
• Before you execute some plugin commands it is recommend to check for windows firewall service is running (SimpleFC::IsFirewallServiceRunning).

• If you have any suggestions, comments or questions please mail me: mailto:rainer@speed-soft.de