Skip to content

Instantly share code, notes, and snippets.

@jthigh
Forked from Laeeth/netfw.d
Created July 31, 2017 22:50
Show Gist options
  • Save jthigh/2c553e41d7fb0443e0c264c98e7184c7 to your computer and use it in GitHub Desktop.
Save jthigh/2c553e41d7fb0443e0c264c98e7184c7 to your computer and use it in GitHub Desktop.
netfw.d
// File generated by idl2d from
// C:\Program Files (x86)\Microsoft SDKs\Windows\v7.1A\Include\netfw.idl
module sdk.win32.c:.program files (x86).microsoft sdks.windows.v7.1a.include.netfw;
import sdk.port.base;
///////////////////////////////////////////////////////////////////////////////
//
// Copyright (c) Microsoft Corporation.
//
// SYNOPSIS
//
// Interfaces for managing Windows Firewall
//
///////////////////////////////////////////////////////////////////////////////
public import sdk.port.icftypes;
public import sdk.port.oaidl;
// Provides access to the settings controlling Remote Administration. An
// instance of this interface is retrieved through the RemoteAdminSettings
// property of the INetFwProfile interface. All configuration changes take
// effect immediately.
const GUID IID_INetFwRemoteAdminSettings = INetFwRemoteAdminSettings.iid;
interface INetFwRemoteAdminSettings : IDispatch
{
static const GUID iid = { 0xD4BECDDF,0x6F73,0x4A83,[ 0xB8,0x32,0x9C,0x66,0x87,0x4C,0xD2,0x0E ] };
// IP version for which remote admin is authorized. Only
// NET_FW_IP_VERSION_ANY is supported.
/+[id(1), propget]+/
HRESULT get_IpVersion(
/+[out, retval]+/ NET_FW_IP_VERSION* ipVersion
);
/+[id(1), propput]+/
HRESULT put_IpVersion(
in NET_FW_IP_VERSION ipVersion
);
// Network scope from which remote admin is allowed. When setting the
// property, only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid.
// To create a custom scope, use the RemoteAddresses property.
/+[id(2), propget]+/
HRESULT get_Scope(
/+[out, retval]+/ NET_FW_SCOPE* idl_scope
);
/+[id(2), propput]+/
HRESULT put_Scope(
in NET_FW_SCOPE idl_scope
);
// Remote addresses from which remote administration is allowed.
/+[id(3), propget]+/
HRESULT get_RemoteAddresses(
/+[out, retval]+/ BSTR* remoteAddrs
);
/+[id(3), propput]+/
HRESULT put_RemoteAddresses(
in BSTR remoteAddrs
);
// True if Remote Administration is enabled.
/+[id(4), propget]+/
HRESULT get_Enabled(
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(4), propput]+/
HRESULT put_Enabled(
in VARIANT_BOOL enabled
);
}
// Provides access to the settings controlling ICMP packets. An instance of
// this interface is retrieved through the IcmpSettings property of the
// INetFwProfile interface. All configuration changes take effect
// immediately.
const GUID IID_INetFwIcmpSettings = INetFwIcmpSettings.iid;
interface INetFwIcmpSettings : IDispatch
{
static const GUID iid = { 0xA6207B2E,0x7CDD,0x426A,[ 0x95,0x1E,0x5E,0x1C,0xBC,0x5A,0xFE,0xAD ] };
//////////
// Types common to IPv4 and IPv6
//////////
/+[id(1), propget]+/
HRESULT get_AllowOutboundDestinationUnreachable(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(1), propput]+/
HRESULT put_AllowOutboundDestinationUnreachable(
in VARIANT_BOOL allow
);
/+[id(2), propget]+/
HRESULT get_AllowRedirect(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(2), propput]+/
HRESULT put_AllowRedirect(
in VARIANT_BOOL allow
);
/+[id(3), propget]+/
HRESULT get_AllowInboundEchoRequest(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(3), propput]+/
HRESULT put_AllowInboundEchoRequest(
in VARIANT_BOOL allow
);
/+[id(4), propget]+/
HRESULT get_AllowOutboundTimeExceeded(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(4), propput]+/
HRESULT put_AllowOutboundTimeExceeded(
in VARIANT_BOOL allow
);
/+[id(5), propget]+/
HRESULT get_AllowOutboundParameterProblem(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(5), propput]+/
HRESULT put_AllowOutboundParameterProblem(
in VARIANT_BOOL allow
);
//////////
// IPv4 only types
//////////
/+[id(6), propget]+/
HRESULT get_AllowOutboundSourceQuench(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(6), propput]+/
HRESULT put_AllowOutboundSourceQuench(
in VARIANT_BOOL allow
);
/+[id(7), propget]+/
HRESULT get_AllowInboundRouterRequest(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(7), propput]+/
HRESULT put_AllowInboundRouterRequest(
in VARIANT_BOOL allow
);
/+[id(8), propget]+/
HRESULT get_AllowInboundTimestampRequest(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(8), propput]+/
HRESULT put_AllowInboundTimestampRequest(
in VARIANT_BOOL allow
);
/+[id(9), propget]+/
HRESULT get_AllowInboundMaskRequest(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(9), propput]+/
HRESULT put_AllowInboundMaskRequest(
in VARIANT_BOOL allow
);
//////////
// IPv6 only types
//////////
/+[id(10), propget]+/
HRESULT get_AllowOutboundPacketTooBig(
/+[out, retval]+/ VARIANT_BOOL* allow
);
/+[id(10), propput]+/
HRESULT put_AllowOutboundPacketTooBig(
in VARIANT_BOOL allow
);
}
// Provides access to the properties of a port that has been opened in the
// firewall. When creating new ports, this interface is supported by the
// HNetCfg.FwOpenPort COM object. For reading or modifying existing ports,
// instances of this interface are retrieved through the INetFwOpenPorts
// collection. All configuration changes take effect immediately.
const GUID IID_INetFwOpenPort = INetFwOpenPort.iid;
interface INetFwOpenPort : IDispatch
{
static const GUID iid = { 0xE0483BA0,0x47FF,0x4D9C,[ 0xA6,0xD6,0x77,0x41,0xD0,0xB1,0x95,0xF7 ] };
// Friendly name of the port. Mandatory.
/+[id(1), propget]+/
HRESULT get_Name(
/+[out, retval]+/ BSTR* name
);
/+[id(1), propput]+/
HRESULT put_Name(
in BSTR name
);
// IP version for which the port is opened. Only NET_FW_IP_VERSION_ANY is
// supported, and this is the default for new ports.
/+[id(2), propget]+/
HRESULT get_IpVersion(
/+[out, retval]+/ NET_FW_IP_VERSION* ipVersion
);
/+[id(2), propput]+/
HRESULT put_IpVersion(
in NET_FW_IP_VERSION ipVersion
);
// IP protocol. Default is TCP for new ports.
/+[id(3), propget]+/
HRESULT get_Protocol(
/+[out, retval]+/ NET_FW_IP_PROTOCOL* ipProtocol
);
/+[id(3), propput]+/
HRESULT put_Protocol(
in NET_FW_IP_PROTOCOL ipProtocol
);
// Port number in host order. Mandatory.
/+[id(4), propget]+/
HRESULT get_Port(
/+[out, retval]+/ LONG* portNumber
);
/+[id(4), propput]+/
HRESULT put_Port(
in LONG portNumber
);
// Network scope from which the port can listen. When setting the property,
// only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid. To create
// a custom scope, use the RemoteAddresses property. Default is
// NET_FW_SCOPE_ALL for new ports.
/+[id(5), propget]+/
HRESULT get_Scope(
/+[out, retval]+/ NET_FW_SCOPE* idl_scope
);
/+[id(5), propput]+/
HRESULT put_Scope(
in NET_FW_SCOPE idl_scope
);
// Remote addresses from which the port can listen for traffic.
/+[id(6), propget]+/
HRESULT get_RemoteAddresses(
/+[out, retval]+/ BSTR* remoteAddrs
);
/+[id(6), propput]+/
HRESULT put_RemoteAddresses(
in BSTR remoteAddrs
);
// True if the settings for this port are currently enabled. This can be set
// to False to allow port settings to be stored in the open ports collection
// without actually opening the port. Default is True for new ports.
/+[id(7), propget]+/
HRESULT get_Enabled(
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(7), propput]+/
HRESULT put_Enabled(
in VARIANT_BOOL enabled
);
// True if this is a built-in port defined by the system. Built-in ports can
// not be removed and only the LocalSubnetOnly and Enabled properties can be
// modified.
/+[id(8), propget]+/
HRESULT get_BuiltIn(
/+[out, retval]+/ VARIANT_BOOL* builtIn
);
}
// Provides access to a collection of ports opened in the firewall. An instance
// of this interface is retrieved through the GloballyOpenPorts property of the
// INetFwProfile interface. All configuration changes take effect
// immediately.
const GUID IID_INetFwOpenPorts = INetFwOpenPorts.iid;
interface INetFwOpenPorts : IDispatch
{
static const GUID iid = { 0xC0E9D7FA,0xE07E,0x430A,[ 0xB1,0x9A,0x09,0x0C,0xE8,0x2D,0x92,0xE2 ] };
// Returns the number of ports in the collection.
/+[id(1), propget]+/
HRESULT get_Count(
/+[out, retval]+/ int* count
);
// Opens a new port and adds it to the collection. If the port is already
// open, the existing settings are overwritten.
/+[id(2)]+/
HRESULT Add(
/+[in]+/ INetFwOpenPort port
);
// Closes a port and removes it from the collection. If the port is already
// closed, it has no effect.
/+[id(3)]+/
HRESULT Remove(
in LONG portNumber,
in NET_FW_IP_PROTOCOL ipProtocol
);
// Return the specified port if present.
/+[id(4)]+/
HRESULT Item(
in LONG portNumber,
in NET_FW_IP_PROTOCOL ipProtocol,
/+[out, retval]+/ INetFwOpenPort * openPort
);
// Returns an object supporting IEnumVARIANT that can be used to iterate
// through all the ports in the collection.
/+[id(DISPID_NEWENUM), propget , restricted]+/
HRESULT get__NewEnum(
/+[out, retval]+/ IUnknown * newEnum
);
}
// Provides access to the properties of a service that may be authorized to
// listen through the firewall. Instances of this interface are retrieved
// through the INetFwServices collection. All configuration changes take
// effect immediately.
const GUID IID_INetFwService = INetFwService.iid;
interface INetFwService : IDispatch
{
static const GUID iid = { 0x79FD57C8,0x908E,0x4A36,[ 0x98,0x88,0xD5,0xB3,0xF0,0xA4,0x44,0xCF ] };
// Friendly name of the service.
/+[id(1), propget]+/
HRESULT get_Name(
/+[out, retval]+/ BSTR* name
);
// Enumerator that uniquely identifies the service.
/+[id(2), propget]+/
HRESULT get_Type(
/+[out, retval]+/ NET_FW_SERVICE_TYPE* type
);
// Indicates whether at least one of the ports associated with the service
// has been customized. If a service has been customized, the values
// returned by the service properties do not reflect the configuration of
// all the ports associated with the service.
/+[id(3), propget]+/
HRESULT get_Customized(
/+[out, retval]+/ VARIANT_BOOL* customized
);
// IP version for which the service is authorized. Only
// NET_FW_IP_VERSION_ANY is supported.
/+[id(4), propget]+/
HRESULT get_IpVersion(
/+[out, retval]+/ NET_FW_IP_VERSION* ipVersion
);
/+[id(4), propput]+/
HRESULT put_IpVersion(
in NET_FW_IP_VERSION ipVersion
);
// Network scope from which the service can listen. When setting the
// property, only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid.
// To create a custom scope, use the RemoteAddresses property.
/+[id(5), propget]+/
HRESULT get_Scope(
/+[out, retval]+/ NET_FW_SCOPE* idl_scope
);
/+[id(5), propput]+/
HRESULT put_Scope(
in NET_FW_SCOPE idl_scope
);
// Remote addresses from which the service ports can listen for traffic. If
// the service has been customized, get returns the union of the remote
// addresses for all the service ports.
/+[id(6), propget]+/
HRESULT get_RemoteAddresses(
/+[out, retval]+/ BSTR* remoteAddrs
);
/+[id(6), propput]+/
HRESULT put_RemoteAddresses(
in BSTR remoteAddrs
);
// True if all the ports associated with the service are enabled.
/+[id(7), propget]+/
HRESULT get_Enabled(
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(7), propput]+/
HRESULT put_Enabled(
in VARIANT_BOOL enabled
);
// The collection of globally open ports associated with the service.
/+[id(8), propget]+/
HRESULT get_GloballyOpenPorts(
/+[out, retval]+/ INetFwOpenPorts * openPorts
);
}
// Provides access to a collection of services that may be authorized to listen
// through the firewall. An instance of this interface is retrieved through the
// Services property of the INetFwProfile interface. All configuration
// changes take effect immediately.
const GUID IID_INetFwServices = INetFwServices.iid;
interface INetFwServices : IDispatch
{
static const GUID iid = { 0x79649BB4,0x903E,0x421B,[ 0x94,0xC9,0x79,0x84,0x8E,0x79,0xF6,0xEE ] };
// Returns the number of services in the collection.
/+[id(1), propget]+/
HRESULT get_Count(
/+[out, retval]+/ int* count
);
// Return the specified service.
/+[id(2)]+/
HRESULT Item(
in NET_FW_SERVICE_TYPE svcType,
/+[out, retval]+/ INetFwService * service
);
// Returns an object supporting IEnumVARIANT that can be used to iterate
// through all the services in the collection.
/+[id(DISPID_NEWENUM), propget , restricted]+/
HRESULT get__NewEnum(
/+[out, retval]+/ IUnknown * newEnum
);
}
// Provides access to the properties of an app that has been authorized to open
// holes in the firewall. When creating new apps, this interface is supported
// by the HNetCfg.FwAuthorizedApplication COM object. For reading or
// modifying existing apps, instances of this interface are retrieved through
// the INetFwAuthorizedApplications collection. All configuration changes
// take effect immediately.
const GUID IID_INetFwAuthorizedApplication = INetFwAuthorizedApplication.iid;
interface INetFwAuthorizedApplication : IDispatch
{
static const GUID iid = { 0xB5E64FFA,0xC2C5,0x444E,[ 0xA3,0x01,0xFB,0x5E,0x00,0x01,0x80,0x50 ] };
// Friendly name of the app. Mandatory.
/+[id(1), propget]+/
HRESULT get_Name(
/+[out, retval]+/ BSTR* name
);
/+[id(1), propput]+/
HRESULT put_Name(
in BSTR name
);
// Process image file name. This must be a fully-qualified path, but it may
// contain environment variables. Mandatory.
/+[id(2), propget]+/
HRESULT get_ProcessImageFileName(
/+[out, retval]+/ BSTR* imageFileName
);
/+[id(2), propput]+/
HRESULT put_ProcessImageFileName(
in BSTR imageFileName
);
// IP version for which the app is authorized. Only NET_FW_IP_VERSION_ANY is
// supported, and this is the default for new apps.
/+[id(3), propget]+/
HRESULT get_IpVersion(
/+[out, retval]+/ NET_FW_IP_VERSION* ipVersion
);
/+[id(3), propput]+/
HRESULT put_IpVersion(
in NET_FW_IP_VERSION ipVersion
);
// Network scope from which the app can listen. When setting the property,
// only NET_FW_SCOPE_ALL and NET_FW_SCOPE_LOCAL_SUBNET are valid. To create
// a custom scope, use the RemoteAddresses property. Default is
// NET_FW_SCOPE_ALL for new apps.
/+[id(4), propget]+/
HRESULT get_Scope(
/+[out, retval]+/ NET_FW_SCOPE* idl_scope
);
/+[id(4), propput]+/
HRESULT put_Scope(
in NET_FW_SCOPE idl_scope
);
// Remote addresses from which the app can listen for traffic.
/+[id(5), propget]+/
HRESULT get_RemoteAddresses(
/+[out, retval]+/ BSTR* remoteAddrs
);
/+[id(5), propput]+/
HRESULT put_RemoteAddresses(
in BSTR remoteAddrs
);
// True if the settings for this app are currently enabled. This can be set
// to False to allow app settings to be stored in the authorized apps
// collection without actually authorizing the app. Default is True for new
// apps.
/+[id(6), propget]+/
HRESULT get_Enabled(
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(6), propput]+/
HRESULT put_Enabled(
in VARIANT_BOOL enabled
);
}
// Provides access to a collection of apps authorized to open ports in the
// firewall. An instance of this interface is retrieved through the
// AuthorizedApplications property of the INetFwProfile interface. All
// configuration changes take effect immediately.
const GUID IID_INetFwAuthorizedApplications = INetFwAuthorizedApplications.iid;
interface INetFwAuthorizedApplications : IDispatch
{
static const GUID iid = { 0x644EFD52,0xCCF9,0x486C,[ 0x97,0xA2,0x39,0xF3,0x52,0x57,0x0B,0x30 ] };
// Returns the number of apps in the collection.
/+[id(1), propget]+/
HRESULT get_Count(
/+[out, retval]+/ int* count
);
// Adds a new app to the collection. If an app with the same image file name
// already exists, the settings are overwritten.
/+[id(2)]+/
HRESULT Add(
/+[in]+/ INetFwAuthorizedApplication app
);
// Removes an app from the collection. If the app doesn't exist, it has no
// effect.
/+[id(3)]+/
HRESULT Remove(
in BSTR imageFileName
);
// Return the specified app if present.
/+[id(4)]+/
HRESULT Item(
in BSTR imageFileName,
/+[out, retval]+/ INetFwAuthorizedApplication * app
);
// Returns an object supporting IEnumVARIANT that can be used to iterate
// through all the apps in the collection.
/+[id(DISPID_NEWENUM), propget , restricted]+/
HRESULT get__NewEnum(
/+[out, retval]+/ IUnknown * newEnum
);
}
// Provides access to the properties of a rule. When creating new rules, this
// interface is supported by the HNetCfg.FwRule COM object. For reading or
// modifying existing rules, instances of this interface are retrieved through
// the INetFwRules collection. All configuration changes take effect immediately.
const GUID IID_INetFwRule = INetFwRule.iid;
interface INetFwRule : IDispatch
{
static const GUID iid = { 0xAF230D27,0xBABA,0x4E42,[ 0xAC,0xED,0xF5,0x24,0xF2,0x2C,0xFC,0xE2 ] };
// Friendly name of the rule.
/+[id(1), propget]+/
HRESULT get_Name(
/+[out, retval]+/ BSTR* name
);
/+[id(1), propput]+/
HRESULT put_Name(
in BSTR name
);
// Description for the rule.
/+[id(2), propget]+/
HRESULT get_Description(
/+[out, retval]+/ BSTR* desc
);
/+[id(2), propput]+/
HRESULT put_Description(
in BSTR desc
);
// Application name. This must be a fully-qualified path, but it may
// contain environment variables.
/+[id(3), propget]+/
HRESULT get_ApplicationName(
/+[out, retval]+/ BSTR* imageFileName
);
/+[id(3), propput]+/
HRESULT put_ApplicationName(
in BSTR imageFileName
);
// Win32 Service name.
/+[id(4), propget]+/
HRESULT get_ServiceName(
/+[out, retval]+/ BSTR* serviceName
);
/+[id(4), propput]+/
HRESULT put_ServiceName(
in BSTR serviceName
);
// IP protocol property of the rule.
/+[id(5), propget]+/
HRESULT get_Protocol(
/+[out, retval]+/ LONG* protocol
);
/+[id(5), propput]+/
HRESULT put_Protocol(
in LONG protocol
);
// Local ports property of the rule.
/+[id(6), propget]+/
HRESULT get_LocalPorts(
/+[out, retval]+/ BSTR* portNumbers
);
/+[id(6), propput]+/
HRESULT put_LocalPorts(
in BSTR portNumbers
);
// Remote ports property of the rule.
/+[id(7), propget]+/
HRESULT get_RemotePorts(
/+[out, retval]+/ BSTR* portNumbers
);
/+[id(7), propput]+/
HRESULT put_RemotePorts(
in BSTR portNumbers
);
// Local addresses property of the rule.
/+[id(8), propget]+/
HRESULT get_LocalAddresses(
/+[out, retval]+/ BSTR* localAddrs
);
/+[id(8), propput]+/
HRESULT put_LocalAddresses(
in BSTR localAddrs
);
// Remote addresses property of the rule.
/+[id(9), propget]+/
HRESULT get_RemoteAddresses(
/+[out, retval]+/ BSTR* remoteAddrs
);
/+[id(9), propput]+/
HRESULT put_RemoteAddresses(
in BSTR remoteAddrs
);
// ICMP types and codes for the rule.
/+[id(10), propget]+/
HRESULT get_IcmpTypesAndCodes(
/+[out, retval]+/ BSTR* icmpTypesAndCodes
);
/+[id(10), propput]+/
HRESULT put_IcmpTypesAndCodes(
in BSTR icmpTypesAndCodes
);
// The direction property of the rule. Default is In for new rules.
/+[id(11), propget]+/
HRESULT get_Direction(
/+[out, retval]+/ NET_FW_RULE_DIRECTION* dir
);
/+[id(11), propput]+/
HRESULT put_Direction(
in NET_FW_RULE_DIRECTION dir
);
// The interfaces for the rule.
/+[id(12), propget]+/
HRESULT get_Interfaces(
/+[out, retval]+/ VARIANT* interfaces
);
/+[id(12), propput]+/
HRESULT put_Interfaces(
in VARIANT interfaces
);
// The interface types for the rule.
/+[id(13), propget]+/
HRESULT get_InterfaceTypes(
/+[out, retval]+/ BSTR* interfaceTypes
);
/+[id(13), propput]+/
HRESULT put_InterfaceTypes(
in BSTR interfaceTypes
);
// The enabled property of the rule. Default is not Enabled for new rules.
/+[id(14), propget]+/
HRESULT get_Enabled(
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(14), propput]+/
HRESULT put_Enabled(
in VARIANT_BOOL enabled
);
// The grouping property of the rule.
/+[id(15), propget]+/
HRESULT get_Grouping(
/+[out, retval]+/ BSTR* context
);
/+[id(15), propput]+/
HRESULT put_Grouping(
in BSTR context
);
// The profiles that this rule applies to.
/+[id(16), propget]+/
HRESULT get_Profiles(
/+[out, retval]+/ int* profileTypesBitmask
);
/+[id(16), propput]+/
HRESULT put_Profiles(
in int profileTypesBitmask
);
// The EdgeTraversal property of the rule. Default is false for new rules.
/+[id(17), propget]+/
HRESULT get_EdgeTraversal(
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(17), propput]+/
HRESULT put_EdgeTraversal(
in VARIANT_BOOL enabled
);
// Rule's action
/+[id(18), propget]+/
HRESULT get_Action(
/+[out, retval]+/ NET_FW_ACTION* action
);
/+[id(18), propput]+/
HRESULT put_Action(
in NET_FW_ACTION action
);
}
// Provides access to the dynamic edge properties of a rule.
const GUID IID_INetFwRule2 = INetFwRule2.iid;
interface INetFwRule2 : INetFwRule
{
static const GUID iid = { 0x9C27C8DA,0x189B,0x4DDE,[ 0x89,0xF7,0x8B,0x39,0xA3,0x16,0x78,0x2C ] };
/+[id(19), propget]+/
HRESULT get_EdgeTraversalOptions(
/+[out, retval]+/ int* lOptions
);
/+[id(19), propput]+/
HRESULT put_EdgeTraversalOptions(
in int lOptions
);
}
// Provides access to a collection of rules in the specified profile. An instance
// of this interface is retrieved through the Rules property of the INetFwPolicy2
// interface. All configuration changes take effect immediately.
const GUID IID_INetFwRules = INetFwRules.iid;
interface INetFwRules : IDispatch
{
static const GUID iid = { 0x9C4C6277,0x5027,0x441E,[ 0xAF,0xAE,0xCA,0x1F,0x54,0x2D,0xA0,0x09 ] };
// Returns the number of rules in the collection.
/+[id(1), propget]+/
HRESULT get_Count(
/+[out, retval]+/ int* count
);
// Adds a new rule to the collection. If an rule with the same rule id
// already exists, the settings are overwritten.
/+[id(2)]+/
HRESULT Add(
/+[in]+/ INetFwRule rule
);
// Removes a rule from the collection. If the rule doesn't exist, it has no
// effect.
/+[id(3)]+/
HRESULT Remove(
in BSTR name
);
// Return the specified rule if present.
/+[id(4)]+/
HRESULT Item(
in BSTR name,
/+[out, retval]+/ INetFwRule * rule
);
// Returns an object supporting IEnumVARIANT that can be used to iterate
// through all the rules in the collection.
/+[id(DISPID_NEWENUM), propget , restricted]+/
HRESULT get__NewEnum(
/+[out, retval]+/ IUnknown * newEnum
);
}
// Provides access to the service hardening firewall policy. Instances of this
// interface are retrieved through the ServiceRestriction property of the
// INetFwPolicy2 interface. All configuration changes take effect immediately.
const GUID IID_INetFwServiceRestriction = INetFwServiceRestriction.iid;
interface INetFwServiceRestriction : IDispatch
{
static const GUID iid = { 0x8267BBE3,0xF890,0x491C,[ 0xB7,0xB6,0x2D,0xB1,0xEF,0x0E,0x5D,0x2B ] };
// Adds inbound and outbound rules to block the service.
/+[id(1)]+/
HRESULT RestrictService(
in BSTR serviceName,
in BSTR appName,
in VARIANT_BOOL restrictService,
in VARIANT_BOOL serviceSidRestricted
);
// TRUE if inbound and outbound rules are present to block the service.
/+[id(2)]+/
HRESULT ServiceRestricted(
in BSTR serviceName,
in BSTR appName,
/+[out, retval]+/ VARIANT_BOOL* serviceRestricted
);
// Returns the collection of firewall rules.
/+[id(3), propget]+/
HRESULT get_Rules(
/+[out, retval]+/ INetFwRules * rules
);
}
// Provides access to a firewall settings profile. Instances of this interface
// are retrieved through the CurrentProfile property or GetProfileByType method
// of the INetFwPolicy interface. All configuration changes take effect
// immediately.
const GUID IID_INetFwProfile = INetFwProfile.iid;
interface INetFwProfile : IDispatch
{
static const GUID iid = { 0x174A0DDA,0xE9F9,0x449D,[ 0x99,0x3B,0x21,0xAB,0x66,0x7C,0xA4,0x56 ] };
// Type of profile
/+[id(1), propget]+/
HRESULT get_Type(
/+[out, retval]+/ NET_FW_PROFILE_TYPE* type
);
// True if firewall is enabled.
/+[id(2), propget]+/
HRESULT get_FirewallEnabled(
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(2), propput]+/
HRESULT put_FirewallEnabled(
in VARIANT_BOOL enabled
);
// True if the firewall should not allow exceptions. In other words, all the
// exceptions (e.g., GloballyOpenPorts) specified in the profile are ignored
// and only locally initiated traffic is allowed.
/+[id(3), propget]+/
HRESULT get_ExceptionsNotAllowed(
/+[out, retval]+/ VARIANT_BOOL* notAllowed
);
/+[id(3), propput]+/
HRESULT put_ExceptionsNotAllowed(
in VARIANT_BOOL notAllowed
);
// True if interactive firewall notifications are disabled.
/+[id(4), propget]+/
HRESULT get_NotificationsDisabled(
/+[out, retval]+/ VARIANT_BOOL* disabled
);
/+[id(4), propput]+/
HRESULT put_NotificationsDisabled(
in VARIANT_BOOL disabled
);
// True if the firewall should not allow unicast responses to multicast and
// broadcast traffic.
/+[id(5), propget]+/
HRESULT get_UnicastResponsesToMulticastBroadcastDisabled(
/+[out, retval]+/ VARIANT_BOOL* disabled
);
/+[id(5), propput]+/
HRESULT put_UnicastResponsesToMulticastBroadcastDisabled(
in VARIANT_BOOL disabled
);
// Settings governing remote administration.
/+[id(6), propget]+/
HRESULT get_RemoteAdminSettings(
/+[out, retval]+/ INetFwRemoteAdminSettings * remoteAdminSettings
);
// Settings governing ICMP packets.
/+[id(7), propget]+/
HRESULT get_IcmpSettings(
/+[out, retval]+/ INetFwIcmpSettings * icmpSettings
);
// Returns the collection of globally open ports.
/+[id(8), propget]+/
HRESULT get_GloballyOpenPorts(
/+[out, retval]+/ INetFwOpenPorts * openPorts
);
// Returns the collection of services.
/+[id(9), propget]+/
HRESULT get_Services(
/+[out, retval]+/ INetFwServices * services
);
// Returns the collection of authorized apps.
/+[id(10), propget]+/
HRESULT get_AuthorizedApplications(
/+[out, retval]+/ INetFwAuthorizedApplications * apps
);
}
// Provides access to a firewall policy. Instances of this interface are
// retrieved through the LocalPolicy method of the INetFwMgr interface. All
// configuration changes take effect immediately.
const GUID IID_INetFwPolicy = INetFwPolicy.iid;
interface INetFwPolicy : IDispatch
{
static const GUID iid = { 0xD46D2478,0x9AC9,0x4008,[ 0x9D,0xC7,0x55,0x63,0xCE,0x55,0x36,0xCC ] };
// Returns the profile currently in effect.
/+[id(1), propget]+/
HRESULT get_CurrentProfile(
/+[out, retval]+/ INetFwProfile * profile
);
// Returns the profile of the requested type.
/+[id(2)]+/
HRESULT GetProfileByType(
in NET_FW_PROFILE_TYPE profileType,
/+[out, retval]+/ INetFwProfile * profile
);
}
// Provides access to the firewall settings for a computer. This interface is
// supported by the HNetCfg.FwPolicy2 COM object. All configuration changes take
// effect immediately.
const GUID IID_INetFwPolicy2 = INetFwPolicy2.iid;
interface INetFwPolicy2 : IDispatch
{
static const GUID iid = { 0x98325047,0xC671,0x4174,[ 0x8D,0x81,0xDE,0xFC,0xD3,0xF0,0x31,0x86 ] };
// Bitmask of currently active profiles from NET_FW_PROFILE_TYPE2
/+[id(1), propget]+/
HRESULT get_CurrentProfileTypes(
/+[out, retval]+/ int* profileTypesBitmask
);
// True if firewall is enabled on the specified profile
/+[id(2), propget]+/
HRESULT get_FirewallEnabled(
in NET_FW_PROFILE_TYPE2 profileType,
/+[out, retval]+/ VARIANT_BOOL* enabled
);
/+[id(2), propput]+/
HRESULT put_FirewallEnabled(
in NET_FW_PROFILE_TYPE2 profileType,
in VARIANT_BOOL enabled
);
// Exclude firewall settings on these interfaces.
/+[id(3), propget]+/
HRESULT get_ExcludedInterfaces(
in NET_FW_PROFILE_TYPE2 profileType,
/+[out, retval]+/ VARIANT* interfaces
);
/+[id(3), propput]+/
HRESULT put_ExcludedInterfaces(
in NET_FW_PROFILE_TYPE2 profileType,
in VARIANT interfaces
);
// True if the firewall should block all unsolicited inbound traffic.
// All inbound rules specified in the profile are ignored and only outbound initiated
// traffic is allowed.
/+[id(4), propget]+/
HRESULT get_BlockAllInboundTraffic(
in NET_FW_PROFILE_TYPE2 profileType,
/+[out, retval]+/ VARIANT_BOOL* Block
);
/+[id(4), propput]+/
HRESULT put_BlockAllInboundTraffic(
in NET_FW_PROFILE_TYPE2 profileType,
in VARIANT_BOOL Block
);
// True if interactive firewall notifications are disabled.
/+[id(5), propget]+/
HRESULT get_NotificationsDisabled(
in NET_FW_PROFILE_TYPE2 profileType,
/+[out, retval]+/ VARIANT_BOOL* disabled
);
/+[id(5), propput]+/
HRESULT put_NotificationsDisabled(
in NET_FW_PROFILE_TYPE2 profileType,
in VARIANT_BOOL disabled
);
// True if the firewall should not allow unicast responses to multicast and
// broadcast traffic.
/+[id(6), propget]+/
HRESULT get_UnicastResponsesToMulticastBroadcastDisabled(
in NET_FW_PROFILE_TYPE2 profileType,
/+[out, retval]+/ VARIANT_BOOL* disabled
);
/+[id(6), propput]+/
HRESULT put_UnicastResponsesToMulticastBroadcastDisabled(
in NET_FW_PROFILE_TYPE2 profileType,
in VARIANT_BOOL disabled
);
// Returns the collection of firewall rules.
/+[id(7), propget]+/
HRESULT get_Rules(
/+[out, retval]+/ INetFwRules * rules
);
// Returns the interface to manipulate Windows Service Hardening store.
/+[id(8), propget]+/
HRESULT get_ServiceRestriction(
/+[out, retval]+/ INetFwServiceRestriction * ServiceRestriction
);
// Enable or disable a group of rules for a specified list of interfaces.
/+[id(9)]+/
HRESULT EnableRuleGroup(
in int profileTypesBitmask,
in BSTR group,
in VARIANT_BOOL enable
);
// Determines if a group of rules with the specified grouping string are
// active.
/+[id(10)]+/
HRESULT IsRuleGroupEnabled(
in int profileTypesBitmask,
in BSTR group,
/+[out, retval]+/ VARIANT_BOOL* enabled
);
// Restores the local configuration to its default state.
/+[id(11)]+/
HRESULT RestoreLocalFirewallDefaults();
// The default inbound action of the firewall per-profile
/+[id(12), propget]+/
HRESULT get_DefaultInboundAction(
in NET_FW_PROFILE_TYPE2 profileType,
/+[out, retval]+/ NET_FW_ACTION* action
);
/+[id(12), propput]+/
HRESULT put_DefaultInboundAction(
in NET_FW_PROFILE_TYPE2 profileType,
in NET_FW_ACTION action
);
// The default outbound action of the firewall per-profile
/+[id(13), propget]+/
HRESULT get_DefaultOutboundAction(
in NET_FW_PROFILE_TYPE2 profileType,
/+[out, retval]+/ NET_FW_ACTION* action
);
/+[id(13), propput]+/
HRESULT put_DefaultOutboundAction(
in NET_FW_PROFILE_TYPE2 profileType,
in NET_FW_ACTION action
);
// The current state of a firewall group of rules
/+[id(14), propget]+/
HRESULT get_IsRuleGroupCurrentlyEnabled(
in BSTR group,
/+[out, retval]+/ VARIANT_BOOL* enabled
);
// Checks if adding/changing local firewall rules/groups of rules will have an effect on the current profile.
/+[id(15), propget]+/
HRESULT get_LocalPolicyModifyState(
/+[out, retval]+/ NET_FW_MODIFY_STATE *modifyState
);
}
// Provides access to the firewall settings for a computer. This interface is
// supported by the HNetCfg.FwMgr COM object. All configuration changes take
// effect immediately.
const GUID IID_INetFwMgr = INetFwMgr.iid;
interface INetFwMgr : IDispatch
{
static const GUID iid = { 0xF7898AF5,0xCAC4,0x4632,[ 0xA2,0xEC,0xDA,0x06,0xE5,0x11,0x1A,0xF2 ] };
// Returns the local firewall policy.
/+[id(1), propget]+/
HRESULT get_LocalPolicy(
/+[out, retval]+/ INetFwPolicy * localPolicy
);
// Returns the type of firewall profile currently in effect.
/+[id(2), propget]+/
HRESULT get_CurrentProfileType(
/+[out, retval]+/ NET_FW_PROFILE_TYPE* profileType
);
// Restores the local configuration to its default state.
/+[id(3)]+/
HRESULT RestoreDefaults();
// Determines whether an application can listen for inbound traffic on the
// specified port.
//
// Parameters:
//
// imageFileName - The image filename of the process listening on the
// network. It must be a fully-qualified path, but it may contain
// environment variables. If 'imageFileName' is NULL, the function
// determines whether the port is allowed for all applications.
//
// ipVersion - IP version of the traffic. If 'localAddress' is non-NULL,
// this must not be NET_FW_IP_VERSION_ANY.
//
// portNumber - Local IP port number of the traffic. If 'portNumber' is
// zero, 'imageFileName' must not be NULL and the function checks if the
// application is allowed to listen on any port.
//
// localAddress - Either a dotted-decimal IPv4 address or an IPv6 hex
// address specifying the local address of the traffic. Typically, this is
// the address passed to bind. If 'localAddress' is NULL, the function
// determines whether the port is allowed for all interfaces.
//
// ipProtocol - IP protocol of the traffic, either NET_FW_IP_PROTOCOL_TCP or
// NET_FW_IP_PROTOCOL_UDP. Ignored if 'portNumber' is zero.
//
// allowed - Returns a VARIANT of type VT_BOOL indicating whether the port
// is allowed for at least some local interfaces and remote addresses.
//
// restricted - Returns a VARIANT of type VT_BOOL indicating whether some
// local interfaces or remote addresses are blocked for this port. For
// example, if the port is restricted to the local subnet only.
//
/+[id(4)]+/
HRESULT IsPortAllowed(
in BSTR imageFileName,
in NET_FW_IP_VERSION ipVersion,
in LONG portNumber,
in BSTR localAddress,
in NET_FW_IP_PROTOCOL ipProtocol,
/+[out]+/ VARIANT* allowed,
/+[out]+/ VARIANT* restricted
);
// Determines whether the specified ICMP type is allowed.
/+[id(5)]+/
HRESULT IsIcmpTypeAllowed(
in NET_FW_IP_VERSION ipVersion,
in BSTR localAddress,
in BYTE type,
/+[out]+/ VARIANT* allowed,
/+[out]+/ VARIANT* restricted
);
}
// Provides access to the properties of a third-party firewall registration.
const GUID IID_INetFwProduct = INetFwProduct.iid;
interface INetFwProduct : IDispatch
{
static const GUID iid = { 0x71881699,0x18f4,0x458b,[ 0xb8,0x92,0x3f,0xfc,0xe5,0xe0,0x7f,0x75 ] };
// VARIANT containing a SAFEARRAY of VARIANTs of type VT_I4. Each element is
// a member of the NET_FW_RULE_CATEGORY enum, specifying the categories
// controlled by the third-party firewall. The VARIANT may be empty or the
// SAFEARRAY zero-length in which case branding is confirmed but Windows
// Firewall functionality is not replaced.
//
// The RuleCategories may not be modified after the product is registered.
/+[id(1), propget]+/
HRESULT get_RuleCategories(/+[out, retval]+/ VARIANT* ruleCategories);
/+[id(1), propput]+/
HRESULT put_RuleCategories(in VARIANT ruleCategories);
// Friendly name of the third-party firewall product. The DisplayName may
// not be modified after the product is registered.
/+[id(2), propget]+/
HRESULT get_DisplayName(
/+[out, retval]+/ BSTR* displayName
);
/+[id(2), propput]+/
HRESULT put_DisplayName(
in BSTR displayName
);
// Path to the executable that registered the product or NULL if the product
// hasn't been registered yet.
/+[id(3), propget]+/
HRESULT get_PathToSignedProductExe(
/+[out, retval]+/ BSTR* path
);
}
// Provides access to the collection of third-party firewalls registered with
// the Windows Firewall. This interface is supported by the HNetCfg.FwProducts
// COM object.
const GUID IID_INetFwProducts = INetFwProducts.iid;
interface INetFwProducts : IDispatch
{
static const GUID iid = { 0x39EB36E0,0x2097,0x40BD,[ 0x8A,0xF2,0x63,0xA1,0x3B,0x52,0x53,0x62 ] };
// Returns the number of products in the collection.
/+[id(1), propget]+/
HRESULT get_Count(
/+[out, retval]+/ int* count
);
// Register a third-party firewall product. Registrations only last for the
// lifetime of the Windows Firewall service. Third-party firewalls that call
// this API should have a service dependency on mpssvc to prevent the
// Windows Firewall from being stopped underneath them. If they don't and
// the Windows Firewall service is stopped, all registrations will be lost.
//
// The registration is removed when the returned registration object is
// released or the calling process exits.
/+[id(2)]+/
HRESULT Register(
/+[in]+/ INetFwProduct product,
/+[out, retval]+/ IUnknown * registration
);
// Retrieves the product with the specified zero-based index in the
// collection.
/+[id(3)]+/
HRESULT Item(
in int index,
/+[out, retval]+/ INetFwProduct * product
);
// Returns an object supporting IEnumVARIANT that can be used to iterate
// through all the products in the collection.
/+[id(DISPID_NEWENUM), propget , restricted]+/
HRESULT get__NewEnum(
/+[out, retval]+/ IUnknown * newEnum
);
}
/+[
uuid(DB4F3345-3EF8-45ED-B976-25A6D3B81B71),
version(1.0)
]+/
version(all)
{ /+ library NetFwPublicTypeLib +/
import sdk.port.stdole2;
/+ interface INetFwRemoteAdminSettings; +/
/+ interface INetFwIcmpSettings; +/
/+ interface INetFwOpenPort; +/
/+ interface INetFwOpenPorts; +/
/+ interface INetFwService; +/
/+ interface INetFwServices; +/
/+ interface INetFwAuthorizedApplication; +/
/+ interface INetFwAuthorizedApplications; +/
/+ interface INetFwServiceRestriction; +/
/+ interface INetFwRule; +/
/+ interface INetFwRules; +/
/+ interface INetFwProfile; +/
/+ interface INetFwPolicy; +/
/+ interface INetFwPolicy2; +/
/+ interface INetFwMgr; +/
/+ interface INetFwProduct; +/
/+ interface INetFwProducts; +/
const GUID CLSID_NetFwRule = NetFwRule.iid;
interface NetFwRule
{
static const GUID iid = { 0x2C5BC43E,0x3369,0x4C33,[ 0xAB,0x0C,0xBE,0x94,0x69,0x67,0x7A,0xF4 ] };
/+
/+[default]+/+/ /+ interface INetFwRule; +/
}
const GUID CLSID_NetFwOpenPort = NetFwOpenPort.iid;
interface NetFwOpenPort
{
static const GUID iid = { 0x0CA545C6,0x37AD,0x4A6C,[ 0xBF,0x92,0x9F,0x76,0x10,0x06,0x7E,0xF5 ] };
/+
/+[default]+/+/ /+ interface INetFwOpenPort; +/
}
const GUID CLSID_NetFwAuthorizedApplication = NetFwAuthorizedApplication.iid;
interface NetFwAuthorizedApplication
{
static const GUID iid = { 0xEC9846B3,0x2762,0x4A6B,[ 0xA2,0x14,0x6A,0xCB,0x60,0x34,0x62,0xD2 ] };
/+
/+[default]+/+/ /+ interface INetFwAuthorizedApplication; +/
}
const GUID CLSID_NetFwPolicy2 = NetFwPolicy2.iid;
interface NetFwPolicy2
{
static const GUID iid = { 0xE2B3C97F,0x6AE1,0x41AC,[ 0x81,0x7A,0xF6,0xF9,0x21,0x66,0xD7,0xDD ] };
/+
/+[default]+/+/ /+ interface INetFwPolicy2; +/
}
const GUID CLSID_NetFwProduct = NetFwProduct.iid;
interface NetFwProduct
{
static const GUID iid = { 0x9D745ED8,0xC514,0x4D1D,[ 0xBF,0x42,0x75,0x1F,0xED,0x2D,0x5A,0xC7 ] };
/+
/+[default]+/+/ /+ interface INetFwProduct; +/
}
const GUID CLSID_NetFwProducts = NetFwProducts.iid;
interface NetFwProducts
{
static const GUID iid = { 0xCC19079B,0x8272,0x4D73,[ 0xBB,0x70,0xCD,0xB5,0x33,0x52,0x7B,0x61 ] };
/+
/+[default]+/+/ /+ interface INetFwProducts; +/
}
const GUID CLSID_NetFwMgr = NetFwMgr.iid;
interface NetFwMgr
{
static const GUID iid = { 0x304CE942,0x6E39,0x40D8,[ 0x94,0x3A,0xB9,0x13,0xC4,0x0C,0x9C,0xD4 ] };
/+
/+[default]+/+/ /+ interface INetFwMgr; +/
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment