NSIS Simple Firewall Plugin: Difference between revisions
From NSIS Wiki
Jump to navigationJump to search
(→Links) |
|||
| Line 13: | Line 13: | ||
SimpleFC::EnableDisableFirewall [status] | SimpleFC::EnableDisableFirewall [status] | ||
SimpleFC::IsFirewallEnabled | SimpleFC::IsFirewallEnabled | ||
SimpleFC::AllowDisallowExceptionsNotAllowed [status] | SimpleFC::AllowDisallowExceptionsNotAllowed [status] | ||
SimpleFC::AreExceptionsNotAllowed | SimpleFC::AreExceptionsNotAllowed | ||
SimpleFC::EnableDisableNotifications [status] | SimpleFC::EnableDisableNotifications [status] | ||
SimpleFC::AreNotificationsEnabled | SimpleFC::AreNotificationsEnabled | ||
SimpleFC::StartStopFirewallService [status] | SimpleFC::StartStopFirewallService [status] | ||
SimpleFC::IsFirewallServiceRunning | SimpleFC::IsFirewallServiceRunning | ||
SimpleFC::AddPort [port] [name] [protocol] [scope] [ip_version] [remote_addresses] [status] | SimpleFC::AddPort [port] [name] [protocol] [scope] [ip_version] [remote_addresses] [status] | ||
SimpleFC::IsPortAdded [port] [protocol] | SimpleFC::IsPortAdded [port] [protocol] | ||
SimpleFC::RemovePort [port] [protocol] | SimpleFC::RemovePort [port] [protocol] | ||
SimpleFC::IsPortEnabled [port] [protocol] | SimpleFC::IsPortEnabled [port] [protocol] | ||
SimpleFC::EnableDisablePort [port] [protocol] | SimpleFC::EnableDisablePort [port] [protocol] | ||
SimpleFC::AddApplication [name] [path] [scope] [ip_version] [remote_addresses] [status] | SimpleFC::AddApplication [name] [path] [scope] [ip_version] [remote_addresses] [status] | ||
SimpleFC::IsApplicationAdded [path] | SimpleFC::IsApplicationAdded [path] | ||
SimpleFC::RemoveApplication [path] | SimpleFC::RemoveApplication [path] | ||
SimpleFC::IsApplicationEnabled [path] | SimpleFC::IsApplicationEnabled [path] | ||
SimpleFC::EnableDisableApplication [path] | SimpleFC::EnableDisableApplication [path] | ||
SimpleFC::RestoreDefaults | |||
SimpleFC::AllowDisallowIcmpOutboundDestinationUnreachable [status] | |||
SimpleFC::AllowDisallowIcmpRedirect [status] | |||
SimpleFC::AllowDisallowIcmpInboundEchoRequest [status] | |||
SimpleFC::AllowDisallowIcmpOutboundTimeExceeded [status] | |||
SimpleFC::AllowDisallowIcmpOutboundParameterProblem [status] | |||
SimpleFC::AllowDisallowIcmpOutboundSourceQuench [status] | |||
SimpleFC::AllowDisallowIcmpInboundRouterRequest [status] | |||
SimpleFC::AllowDisallowIcmpInboundTimestampRequest [status] | |||
SimpleFC::AllowDisallowIcmpInboundMaskRequest [status] | |||
SimpleFC::AllowDisallowIcmpOutboundPacketTooBig [status] | |||
SimpleFC::IsIcmpTypeAllowed [ip_version] [local_address] [icmp_type] | |||
SimpleFC::AdvAddRule [name] [description] [protocol] [direction] | |||
[status] [profile] [action] [application] [icmp_types_and_codes] | |||
[group] [local_ports] [remote_ports] [local_address] [remote_address] | |||
SimpleFC::AdvRemoveRule [name] | |||
SimpleFC::ExistsRule [name] | |||
</highlight-nsis> | </highlight-nsis> | ||
Parameters: | Parameters: | ||
*port - tcp/udp port which should be opened/closed | *port - tcp/udp port which should be opened/closed | ||
*name - the name of the application/port | *name - the name of the application/port/rule | ||
*description - description of the rule | |||
*protocol - one of the following protocol | *protocol - one of the following protocol | ||
** 6 - TCP | **1 - ICMPv4 | ||
** 17 - UDP | **6 - TCP | ||
**17 - UDP | |||
**58 - ICMPv6 | |||
*scope - one of the following scope | *scope - one of the following scope | ||
** 0 - All networks | **0 - All networks | ||
** 1 - Only local subnets | **1 - Only local subnets | ||
** 2 - Custom scope | **2 - Custom scope | ||
** 3 - Max | **3 - Max | ||
** | **NOTE: if you use custom you must define remote_addresses | ||
*ip_version | *ip_version | ||
** 0 - IPv4 | **0 - IPv4 | ||
** 1 - IPv6 | **1 - IPv6 | ||
** 2 - Any protocol | **2 - Any protocol | ||
** 3 - | *icmp_type | ||
**3 - Outbound Destination Unreachable (ICMPv4) | |||
**4 - Outbound Source Quench (ICMPv4) | |||
**5 - Redirect (ICMPv4) | |||
**8 - Inbound Echo Request (ICMPv4) | |||
**9 - Inbound Router Request (ICMPv4) | |||
**11 - Outbound Time Exceeded (ICMPv4) | |||
**12 - Outbound Parameter Problem (ICMPv4) | |||
**13 - Inbound Timespamp Request (ICMPv4) | |||
**17 - Inbound Mask Request (ICMPv4) | |||
**1 - Outbound Destination Unreachable (ICMPv6) | |||
**2 - Outbound Packet Too Big (ICMPv6) | |||
**3 - Outbound Time Exceeded (ICMPv6) | |||
**4 - Outbound Parameter Problem (ICMPv6) | |||
**128 - Inbound Echo Request (ICMPv6) | |||
**137 - Redirect (ICMPv6) | |||
*direction | |||
**1 - In | |||
**2 - Out | |||
*profile | |||
**1 - domain | |||
**2 - private | |||
**4 - public | |||
**2147483647 - all profiles | |||
*action | |||
**0 - block | |||
**1 - allow | |||
*application - name of the application (can be empty) | |||
*icmp_types_and_codes - specified icmp types and codes | |||
*group - put the rule in this specified group. The Groupname must the a resource string in a exe/dll e.g. "@C:\Program Files\My Application\myapp.exe,-10000" (can be empty) | |||
*local_ports - local ports (can be empty) | |||
*remote_ports - remote ports (can be empty) | |||
*local_address - local ip address (can be empty) | |||
*remote_addresses - remote addresses from which the port can listen for traffic | *remote_addresses - remote addresses from which the port can listen for traffic | ||
*status - status of the port, application, firewall or service for example enabled/disabled | *status - status of the port, application, rule, firewall or service for example enabled/disabled, start/stop or allow/disallow | ||
== The Sample Script == | == The Sample Script == | ||
Revision as of 20:46, 2 August 2007
This plugin can be used to configurate the windows firewall. This plugin contains functions to enable, check, add or remove programs or ports to the firewall exception list. It also contains functions for checking the firewall status, enable or disable the firewall and so on.
This plugin is using the MPL License or alternatively the LGPL License.
Links
NSIS_Simple_Firewall_Plugin_1.10.zip (110 KB) The ZIP file containing a precompiled plugin DLL (to be saved in NSIS' plugin directory) and the sources.
Short Reference
SimpleFC::EnableDisableFirewall [status] SimpleFC::IsFirewallEnabled SimpleFC::AllowDisallowExceptionsNotAllowed [status] SimpleFC::AreExceptionsNotAllowed SimpleFC::EnableDisableNotifications [status] SimpleFC::AreNotificationsEnabled SimpleFC::StartStopFirewallService [status] SimpleFC::IsFirewallServiceRunning SimpleFC::AddPort [port] [name] [protocol] [scope] [ip_version] [remote_addresses] [status] SimpleFC::IsPortAdded [port] [protocol] SimpleFC::RemovePort [port] [protocol] SimpleFC::IsPortEnabled [port] [protocol] SimpleFC::EnableDisablePort [port] [protocol] SimpleFC::AddApplication [name] [path] [scope] [ip_version] [remote_addresses] [status] SimpleFC::IsApplicationAdded [path] SimpleFC::RemoveApplication [path] SimpleFC::IsApplicationEnabled [path] SimpleFC::EnableDisableApplication [path] SimpleFC::RestoreDefaults SimpleFC::AllowDisallowIcmpOutboundDestinationUnreachable [status] SimpleFC::AllowDisallowIcmpRedirect [status] SimpleFC::AllowDisallowIcmpInboundEchoRequest [status] SimpleFC::AllowDisallowIcmpOutboundTimeExceeded [status] SimpleFC::AllowDisallowIcmpOutboundParameterProblem [status] SimpleFC::AllowDisallowIcmpOutboundSourceQuench [status] SimpleFC::AllowDisallowIcmpInboundRouterRequest [status] SimpleFC::AllowDisallowIcmpInboundTimestampRequest [status] SimpleFC::AllowDisallowIcmpInboundMaskRequest [status] SimpleFC::AllowDisallowIcmpOutboundPacketTooBig [status] SimpleFC::IsIcmpTypeAllowed [ip_version] [local_address] [icmp_type] SimpleFC::AdvAddRule [name] [description] [protocol] [direction] [status] [profile] [action] [application] [icmp_types_and_codes] [group] [local_ports] [remote_ports] [local_address] [remote_address] SimpleFC::AdvRemoveRule [name] SimpleFC::ExistsRule [name]
Parameters:
- port - tcp/udp port which should be opened/closed
- name - the name of the application/port/rule
- description - description of the rule
- protocol - one of the following protocol
- 1 - ICMPv4
- 6 - TCP
- 17 - UDP
- 58 - ICMPv6
- scope - one of the following scope
- 0 - All networks
- 1 - Only local subnets
- 2 - Custom scope
- 3 - Max
- NOTE: if you use custom you must define remote_addresses
- ip_version
- 0 - IPv4
- 1 - IPv6
- 2 - Any protocol
- icmp_type
- 3 - Outbound Destination Unreachable (ICMPv4)
- 4 - Outbound Source Quench (ICMPv4)
- 5 - Redirect (ICMPv4)
- 8 - Inbound Echo Request (ICMPv4)
- 9 - Inbound Router Request (ICMPv4)
- 11 - Outbound Time Exceeded (ICMPv4)
- 12 - Outbound Parameter Problem (ICMPv4)
- 13 - Inbound Timespamp Request (ICMPv4)
- 17 - Inbound Mask Request (ICMPv4)
- 1 - Outbound Destination Unreachable (ICMPv6)
- 2 - Outbound Packet Too Big (ICMPv6)
- 3 - Outbound Time Exceeded (ICMPv6)
- 4 - Outbound Parameter Problem (ICMPv6)
- 128 - Inbound Echo Request (ICMPv6)
- 137 - Redirect (ICMPv6)
- direction
- 1 - In
- 2 - Out
- profile
- 1 - domain
- 2 - private
- 4 - public
- 2147483647 - all profiles
- action
- 0 - block
- 1 - allow
- application - name of the application (can be empty)
- icmp_types_and_codes - specified icmp types and codes
- group - put the rule in this specified group. The Groupname must the a resource string in a exe/dll e.g. "@C:\Program Files\My Application\myapp.exe,-10000" (can be empty)
- local_ports - local ports (can be empty)
- remote_ports - remote ports (can be empty)
- local_address - local ip address (can be empty)
- remote_addresses - remote addresses from which the port can listen for traffic
- status - status of the port, application, rule, firewall or service for example enabled/disabled, start/stop or allow/disallow
The Sample Script
; Add the port 37/TCP to the firewall exception list - All Networks - All IP Version - Enabled SimpleFC::AddPort 37 "My Application" 6 0 2 "" 1 Pop $0 ; return error(1)/success(0) ; Check if the port 37/TCP is added to the firewall exception list SimpleFC::IsPortAdded 37 6 Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=Added/0=Not added ; Remove the port 37/TCP from the firewall exception list SimpleFC::RemovePort 37 6 Pop $0 ; return error(1)/success(0) ; Check if the port 37/TCP is enabled/disabled SimpleFC::IsPortEnabled 37 6 Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=Enabled/0=Not enabled ; Disable the port 37/TCP SimpleFC::EnableDisablePort 37 6 0 Pop $0 ; return error(1)/success(0) ; Enable the port 37/TCP SimpleFC::EnableDisablePort 37 6 1 Pop $0 ; return error(1)/success(0) ; Check if an application is enabled/disabled SimpleFC::IsApplicationEnabled "PathToApplication" Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=Enabled/0=Not enabled ; Disable the application SimpleFC::EnableDisableApplication "PathToApplication" 0 Pop $0 ; return error(1)/success(0) ; Enable the application SimpleFC::EnableDisableApplication "PathToApplication" 1 Pop $0 ; return error(1)/success(0) ; Add an application to the firewall exception list - All Networks - All IP Version - Enabled SimpleFC::AddApplication "My Application" "PathToApplication" 0 2 "" 1 Pop $0 ; return error(1)/success(0) ; Check if the application is added to the firewall exception list SimpleFC::IsApplicationAdded "PathToApplication" Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=Added/0=Not added ; Remove an application from the firewall exception list SimpleFC::RemoveApplication "PathToApplication" Pop $0 ; return error(1)/success(0) ; Disable the windows firewall SimpleFC::EnableDisableFirewall 0 Pop $0 ; return error(1)/success(0) ; Enable the windows firewall SimpleFC::EnableDisableFirewall 1 Pop $0 ; return error(1)/success(0) ; Check if the firewall is enabled SimpleFC::IsFirewallEnabled Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=Enabled/0=Disabled ; Enable exceptions are not allowed on the windows firewall SimpleFC::AllowDisallowExceptionsNotAllowed 1 Pop $0 ; return error(1)/success(0) ; Disable exceptions are not allowed on the windows firewall SimpleFC::AllowDisallowExceptionsNotAllowed 0 Pop $0 ; return error(1)/success(0) ; Check if exceptions are not allowed SimpleFC::AreExceptionsNotAllowed Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=Exceptions are not allowed is activated/0=Exception are not allowed is deactivated ; Enable notifications on the windows firewall SimpleFC::EnableDisableNotifications 1 ; Disable notifications on the windows firewall SimpleFC::EnableDisableNotifications 0 Pop $0 ; return error(1)/success(0) ; Check if notifications are enabled/disabled SimpleFC::AreNotificationsEnabled Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=Enabled/0=Disabled ; Starts the windows firewall service SimpleFC::StartStopFirewallService 1 Pop $0 ; return error(1)/success(0) ; Stops the windows firewall service SimpleFC::StartStopFirewallService 0 Pop $0 ; return error(1)/success(0) ; Check if windows firewall service is running SimpleFC::IsFirewallServiceRunning Pop $0 ; return error(1)/success(0) Pop $1 ; return 1=IsRunning/0=Not Running
Changelog
- From Version 1.0 to Version 1.01
- Changed missing documentation about the function SimpleFC::IsFirewallEnabled
Important Notes
- This plugin is running with Windows XP SP2, Windows 2003 and Windows Vista.
- Before you execute some plugin commands it is recommend to check for windows firewall service is running (SimpleFC::IsFirewallServiceRunning).
- If you have any suggestions, comments or questions please mail me: mailto:rainer@speed-soft.de
