R
Rainer Budde
Hi,
I hope this is the correct newgroup
.
I want to add a firewall rule to the Windows Vista Firewall Advanced.
Everything works fine but if I add a group description I got the message
"The value is outside of the expected range"
Here is my code:
--------------------
Dim fwPolicy2 As NetFwTypeLib.INetFwPolicy2 =
CreateObject("HNetCfg.FwPolicy2")
Dim fwRules As NetFwTypeLib.INetFwRules = fwPolicy2.Rules
Dim NewRule As NetFwTypeLib.INetFwRule =
CreateObject("HNetCfg.FWRule")
NewRule.Name = "Per_InterfaceType_Rule"
NewRule.Description = "Allow incoming network traffic over port
2400 coming from LAN interfcace type"
NewRule.Protocol =
NetFwTypeLib.NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP
NewRule.LocalPorts = 2300
NewRule.Enabled = True
'
' This fails
'
NewRule.Grouping = "TEST"
NewRule.Profiles = fwPolicy2.CurrentProfileTypes
NewRule.Action = NetFwTypeLib.NET_FW_ACTION_.NET_FW_ACTION_ALLOW
--------------------
If I change the group to "@firewallapi.dll,-23255" everythink works.
First I thought I can use only indirect strings but in the MSDN
Documentation it looks that I can use it like my example.
Heres the doc:
--------------------
Using the Grouping property is highly recommended as it groups multiple
rules into a single line in the Windows Firewall control panel. This
allows the user to enable or disable multiple rules with a single click.
The Grouping property can also be specified using indirect strings. In
which case, a group description can also be specified that will appear
in the rule group properties in the Windows Firewall control panel. For
example if the group string is specified by an indirect string at index
1005 ("@yourresources.dll,-1005"), the group description can be
specified at a resource string higher by 10000 "@youresources.dll,-11005."
When indirect strings in the form of "@yourresourcedll.dll,-23255" are
passed as parameters to the Windows Firewall with Apvanced Security
APIs, they should either be placed under the System32 Windows directory
or specified by a full path. Further the file should have a secure
access that permits the Local Service account read access to allow the
Windows Firewall Service to read the strings. To avoid non-privileged
security principals from modifying the strings, the DLLs should only
allow write access to the Administrator account.
-------------------
Does anybody know how I can get it to work?
Best regards
Rainer Budde
I hope this is the correct newgroup
.I want to add a firewall rule to the Windows Vista Firewall Advanced.
Everything works fine but if I add a group description I got the message
"The value is outside of the expected range"
Here is my code:
--------------------
Dim fwPolicy2 As NetFwTypeLib.INetFwPolicy2 =
CreateObject("HNetCfg.FwPolicy2")
Dim fwRules As NetFwTypeLib.INetFwRules = fwPolicy2.Rules
Dim NewRule As NetFwTypeLib.INetFwRule =
CreateObject("HNetCfg.FWRule")
NewRule.Name = "Per_InterfaceType_Rule"
NewRule.Description = "Allow incoming network traffic over port
2400 coming from LAN interfcace type"
NewRule.Protocol =
NetFwTypeLib.NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP
NewRule.LocalPorts = 2300
NewRule.Enabled = True
'
' This fails
'
NewRule.Grouping = "TEST"
NewRule.Profiles = fwPolicy2.CurrentProfileTypes
NewRule.Action = NetFwTypeLib.NET_FW_ACTION_.NET_FW_ACTION_ALLOW
--------------------
If I change the group to "@firewallapi.dll,-23255" everythink works.
First I thought I can use only indirect strings but in the MSDN
Documentation it looks that I can use it like my example.
Heres the doc:
--------------------
Using the Grouping property is highly recommended as it groups multiple
rules into a single line in the Windows Firewall control panel. This
allows the user to enable or disable multiple rules with a single click.
The Grouping property can also be specified using indirect strings. In
which case, a group description can also be specified that will appear
in the rule group properties in the Windows Firewall control panel. For
example if the group string is specified by an indirect string at index
1005 ("@yourresources.dll,-1005"), the group description can be
specified at a resource string higher by 10000 "@youresources.dll,-11005."
When indirect strings in the form of "@yourresourcedll.dll,-23255" are
passed as parameters to the Windows Firewall with Apvanced Security
APIs, they should either be placed under the System32 Windows directory
or specified by a full path. Further the file should have a secure
access that permits the Local Service account read access to allow the
Windows Firewall Service to read the strings. To avoid non-privileged
security principals from modifying the strings, the DLLs should only
allow write access to the Administrator account.
-------------------
Does anybody know how I can get it to work?
Best regards
Rainer Budde