使用API更新现有防火墙规则

下面的代码适用于我：

INetFwPolicy2 firewallPolicy = (INetFwPolicy2) Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
var rule = firewallPolicy.Rules.Item("Block Bad IP Addresses"); // Name of your rule here
rule.Name = "Block Block Block"; // Update the rule here. Nothing else needed to persist the changes

除了amdmax的答案（很抱歉我不能添加注释），我发现没有简单的方法调用来检查规则是否存在，所以我想出了这个方法来确保创建规则，无论它是否存在：

  INetFwPolicy2 firewallPolicy = (INetFwPolicy2)Activator.CreateInstance(
      Type.GetTypeFromProgID("HNetCfg.FwPolicy2"));
  INetFwRule firewallRule = firewallPolicy.Rules.OfType<INetFwRule>().Where(x => x.Name == RULE_NAME).FirstOrDefault();
  if (firewallRule == null)
  {
    firewallRule = (INetFwRule)Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule"));
    firewallRule.Name = RULE_NAME;
    firewallPolicy.Rules.Add(firewallRule);
  }

我找到了这个包，它可以通过nuget-WindowsFirewallHelper 获得

PM> install-package WindowsFirewallHelper

示例

var rule = FirewallManager.Instance.Rules.Where(o => 
    o.Direction == FirewallDirection.Inbound &&
    o.Name.Equals("Allow Remote Desktop")
).FirstOrDefault();
if (rule != null)
{
    //Update an existing Rule
    rule.RemoteAddresses = new IAddress[]
    {
        SingleIP.Parse("192.168.184.1"),
        SingleIP.Parse("192.168.184.2")
    };
    return;
}
//Create a new rule
rule = FirewallManager.Instance.CreateApplicationRule(
     FirewallManager.Instance.GetProfile().Type,
     @"Allow Remote Desktop",
     FirewallAction.Allow,
     null
);
rule.Direction = FirewallDirection.Inbound;
rule.LocalPorts = new ushort[] { 3389 };
rule.Action = FirewallAction.Allow;
rule.Protocol = FirewallProtocol.TCP;
rule.Scope = FirewallScope.All;
rule.Profiles = FirewallProfiles.Public | FirewallProfiles.Private;
rule.RemoteAddresses = new IAddress[] { SingleIP.Parse("192.168.184.1") };
FirewallManager.Instance.Rules.Add(rule);