2

I inherited a C# application and working on it. It creates some firewall rules programmatically. By default it disables everything on a specific interface, then allows a few specified TCP ports access, which is fine. I can't figure out how to modify the code to allow that port to respond to ping commands. However, and couldn't find any code online in other searches that would do that.

Does anyone know how to use C# to create a firewall rule to allow a port to respond to ping commands? The app will be deployed in Windows 7 embedded, 64 bit.

Here is some existing code which creates a rule to open a TCP port, which works OK:

private void SetupFirewallAllowIncomingRule(int port)
{
    try
    {
        _log.Debug("Creating instance of Windows Firewall policy (HNetCfg.FwPolicy2)...");
        INetFwPolicy2 firewallPolicy = Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FwPolicy2")) as INetFwPolicy2;

        if (null == firewallPolicy)
        {
            _log.Error("HNetCfg.FwPolicy2 instance could not be created!");
            return;
        }

        string name = "Rule Port " + port.ToString();

        foreach (INetFwRule2 rule in firewallPolicy.Rules)
        {
            if (name.Equals(rule.Name))
            {
                _log.WarnFormat("Windows Firewall Rule ({0}) already exists. It will not be created again.", rule.Name);
                return;
            }
        }

        _log.Debug("Creating new Windows Firewall Rule (HNetCfg.FWRule)...");
        INetFwRule firewallRule = Activator.CreateInstance(Type.GetTypeFromProgID("HNetCfg.FWRule")) as INetFwRule;
    
        if (null == firewallRule)
        {
            _log.Error("HNetCfg.FWRule instance could not be created!");
            return;
        }

        firewallRule.Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW;
        firewallRule.Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN;
        firewallRule.Enabled = true;
        firewallRule.InterfaceTypes = "All";
        firewallRule.Name = name;
        firewallRule.Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_TCP;

        //NOTE: Must do this after setting the Protocol!
        firewallRule.LocalPorts = port.ToString();

        _log.DebugFormat("Adding Windows Firewall Rule {0}...", firewallRule.Name);

        firewallPolicy.Rules.Add(firewallRule);

        _log.InfoFormat("Windows Firewall Rule {0} added.", firewallRule.Name);
    }
    catch (Exception ex)
    {
        _log.Error("Windows Firewall Rule could not be added for port " + port.ToString() + "!", ex);
    }
}
Channa
  • 742
  • 17
  • 28
fred basset
  • 9,774
  • 28
  • 88
  • 138
  • 2
    The default protocol for ping requests is ICMP. Show us some of your existing code. – div Aug 14 '19 at 14:42
  • Thanks, I added some of the code I have now, which opens a TCP port OK. I can't yet see how to adapt it for ICMP. – fred basset Aug 14 '19 at 14:46
  • 1
    Ping doesn't use TCP, and opening TCP ports does nothing for ping. Ping uses ICMP echo requests and ICMP echo replies. ICMP is an integral part of IP (network layer) that is below the transport layer where you find TCP, UDP, and any other transport protocol. – Ron Maupin Aug 14 '19 at 14:48
  • Thanks Ron, aware that ping uses ICMP. I think on my device all traffic to the LAN port is disabled by Windows firewall, and only the 2 TCP ports needed for operation are opened by the C# code. I am looking for some C# code that would allow that LAN port to also respond to pings. The Windows image is locked down at a manufacturer, so changing it would require a whole new release. – fred basset Aug 14 '19 at 16:55
  • 1
    "_I am looking for some C# code that would allow that LAN port to also respond to pings._" Looking for such resources is not allowed here. You opened TCP (protocol 6) port numbers, so simply open ICMP (protocol 1), Type 8 for Echo messages, and Type 0 for Echo replies. – Ron Maupin Aug 14 '19 at 17:55

0 Answers0