Startseite bisherige Projekte Tools/Snippets Bücherempfehlungen Publikationen Impressum Datenschutzerklärung

Öffnen der FirewallOktober 2013

Achtung! Die beschriebenen Aufrufe funktionieren nicht mehr zuverlässig mit aktuelleren InnoSetup-Versionen (so ab Mitte 2023). Das Installationsprogramm kann wegen eines Speicherzugriffsfehlers ohne Rückmeldung abstürzen.

Besser ist es, das Programm netsh zu verwenden um die Firewall-Regeln zu setzen: 
    procedure SetFirewallException(AppName,FileName:string);
    var
      ResultCode: Integer;
    begin
      try begin
        // see https://learn.microsoft.com/de-de/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
        Exec('netsh', 'advfirewall firewall add rule name="'+AppName+'" dir=in action=allow program="'+FileName+'" enable=yes', '', SW_HIDE, ewWaitUntilTerminated, ResultCode);
        Log(Format('netsh advfirewall result: %d', [ResultCode]));
      end;
    
      except
        MsgBox('Adding firewall settings failed.'#13#10'Please set firewall settings manually.', mbCriticalError, MB_OK);
      end;
    end;
    
    procedure RemoveFirewallException( AppName, FileName:string );
    var
      ResultCode: Integer;
    begin
      try
        begin
          // see https://learn.microsoft.com/de-de/troubleshoot/windows-server/networking/netsh-advfirewall-firewall-control-firewall-behavior
          Exec('netsh', 'advfirewall firewall delete rule name="'+AppName+'"', '', SW_HIDE, ewWaitUntilTerminated, ResultCode);
          Log(Format('netsh advfirewall result: %d', [ResultCode]));
        end;
      except
        MsgBox('Removing firewall settings failed.'#13#10'Please remove firewall settings manually.', mbCriticalError, MB_OK);
      end;
    end;
Für Windows XP und Windows Vista/Windows 7 werden zwei verschiedene Funktionsaufrufe benötigt, um für ein Program die Firewall zu öffnen. Der Windows XP-Aufruf fügt bei neueren Windows-Versionen die Firewall-Regeln nicht für öffentliche und private Netzwerke zu (sondern nur für eines der Beiden), deshalb ist hier ein anderer Funktionsaufruf nötig. 

const
  NET_FW_SCOPE_ALL = 0;
  NET_FW_IP_VERSION_ANY = 2;
// Add programs to the windows firewall rules
// Code originally from http://news.jrsoftware.org/news/innosetup/msg43799.html
// works for Windows XP
procedure SetFirewallExceptionOld(AppName,FileName:string);

var
  FirewallObject: Variant;
  FirewallManager: Variant;
  FirewallProfile: Variant;     // INetFwProfile 
begin
  try
    FirewallObject := CreateOleObject('HNetCfg.FwAuthorizedApplication');
    FirewallObject.ProcessImageFileName := FileName;
    FirewallObject.Name := AppName;
    FirewallObject.Scope := NET_FW_SCOPE_ALL;
    FirewallObject.IpVersion := NET_FW_IP_VERSION_ANY;
    FirewallObject.Enabled := True;
    FirewallManager := CreateOleObject('HNetCfg.FwMgr');
    FirewallProfile := FirewallManager.LocalPolicy.CurrentProfile;    
    FirewallProfile.AuthorizedApplications.Add(FirewallObject);
  except
  end;
end;


const
  NET_FW_PROFILE2_DOMAIN  = 1;
  NET_FW_PROFILE2_PRIVATE = 2;
  NET_FW_PROFILE2_PUBLIC  = 4;

  NET_FW_IP_PROTOCOL_TCP = 6;
  NET_FW_ACTION_ALLOW    = 1;
// Add programs to the windows firewall rules
// works for Windows Vista and Windows 7
// from http://forum.lazarus.freepascal.org/index.php?topic=21372.0
procedure SetFirewallExceptionNew(Const Caption, Executable: String);

var
  fwPolicy2      : Variant;
  RulesObject    : Variant;
  Profile        : Integer;
  NewRule        : Variant;
begin
  Profile             := NET_FW_PROFILE2_PRIVATE OR NET_FW_PROFILE2_PUBLIC;
  fwPolicy2           := CreateOleObject('HNetCfg.FwPolicy2');
  RulesObject         := fwPolicy2.Rules;
  NewRule             := CreateOleObject('HNetCfg.FWRule');
  NewRule.Name        := Caption;
  NewRule.Description := Caption;
  NewRule.Applicationname := Executable;
  NewRule.Protocol := NET_FW_IP_PROTOCOL_TCP;
  NewRule.Enabled := TRUE;
  NewRule.Profiles := Profile;
  NewRule.Action := NET_FW_ACTION_ALLOW;
  RulesObject.Add(NewRule);
end;


procedure SetFirewallException(AppName,FileName:string);
begin
  try begin
    try
      SetFirewallExceptionNew(AppName, FileName);
    except
      SetFirewallExceptionOld(AppName, FileName);
    end;
  end;
  except
    MsgBox('Adding firewall settings failed.'#13#10'Please set firewall settings manually.', mbCriticalError, MB_OK);
  end;
end;

// Remove programs from the windows firewall rules
// Code originally from http://news.jrsoftware.org/news/innosetup/msg43799.html
// works for Windows XP
procedure RemoveFirewallExceptionOld( FileName:string );
var
  FirewallManager: Variant;
  FirewallProfile: Variant;
begin
  FirewallManager := CreateOleObject('HNetCfg.FwMgr');
  FirewallProfile := FirewallManager.LocalPolicy.CurrentProfile;
  FireWallProfile.AuthorizedApplications.Remove(FileName);
end;

// Remove programs from the windows firewall rules
// works for Windows Vista and Windows 7
procedure RemoveFirewallExceptionNew( exCaption:string );
var
  fwPolicy2      : Variant;
begin
  fwPolicy2      := CreateOleObject('HNetCfg.FwPolicy2');
  fwPolicy2.Rules.Remove(exCaption);
end;   

procedure RemoveFirewallException( AppName, FileName:string );
begin
  try
    begin
      try
        RemoveFirewallExceptionNew(AppName);
      except
        RemoveFirewallExceptionOld(FileName);
      end;
    end;
  except
    MsgBox('Removing firewall settings failed.'#13#10'Please remove firewall settings manually.', mbCriticalError, MB_OK);
  end;
end;
Impressum - Datenschutzerklärung