Solved Netsh firewall issue

Hi,

I'm trying to add a rule for our program when installing the application. However it doesn't work for a private profile but it does work on a domain profile. Even weirder is when I delete the rule after setup and add the same rule again it does work!

The rule I'm adding during setup (InstallShield) is:

netsh advfirewall firewall add rule name=MyApp dir=in program="c:\myapp\appie.exe" action=allow protocol=UDP edge=deferuser profile=any

When retrieving the rule info (netsh advfirewall firewall show rule name=MyApp) I get:

Rule Name: MyApp
----------------------------------------------------------------------
Enabled: Yes
Direction: In
Profiles: Domain,Private,Public
Grouping:
LocalIP: Any
RemoteIP: Any
Protocol: UDP
LocalPort: Any
RemotePort: Any
Edge traversal: Defer to user
Action: Allow

Like I said when I delete the rule and add it again on the command line it does work but the output when retrieving the info is exactly the same !

TIA,
Erik

Annay,

Any reason why you can't use the power of advanced firewall via the control panel?

Control Panel | Window Firewall | Advanced Setings (left-side pane) |
Left-clk on Inbound Rules | rt-clk and choose New Rule |
Program radio button | NEXT |
in This Program Path enter c:\myapp\appie.exe | NEXT |
Allow the connection radio button | NEXT |
checkmark Domain, Public, and Private boxes | NEXT |
enter MyApp in the Name box | FINISH

Now if you really want to worry about the protocol and edge transversal you can either edit the rule OR back at the dialog where you chose Program, you can choose Custom.

Well, I need to do it programmatically during install. I can't bother the end-users with adding/modifying entries to the firewall

I suggestyou go ahead and generate your rule using the method I described.

Then try the rule out. Personally, I would block edge transversal.

You can click on your new rule and choose properties. There you will see everything that was set/reset/configured. You can also use the List option and save the list as a .csv file (easier to read than a .txt file). Look at what is there and make corresponding statements in the netsh advfirewall command.

I don't use the netsh advfireall except for the couple of cases where the control panel, wf.msc, or gpedit.msc don't do the job for me.

Thanx for the info! I forgot all about the advanced settings screen. It gives more detailed info then the logging of netsh. It appeared that the installer was adding the rule without path info. It's working fine now.