In Vista the Firewall API changed a lot in comparison to the previous versions.
You can drive the Windows Firewall using a COM API, a layer over the Windows Filtering Platform. If you are thinking to develop directly the WFP, it's better to change your idea. WFP is a low level API to build Firewalls and not to be managed directly from traditional applications.
On the other side it's a long time that Visual C++ ship with the powerful #import directive that can save you a lot of time in COM client applications.
The starting point to use the firewall API in a Visual C++ project is the following statements in the stdafx.h:
The import statement trigger the creation of two files:
The rename_namespace directive is the way you can choose the C++ namespace name for all the code created in those two files, in our case "fw".
Using the COM API is now very simple. Let's see how to list the firewall rules:
typedef BOOL (*RuleCallback)(fw::INetFwRulePtr& Rule);
void ListRules(RuleCallback Callback)
// Connect to the firewall
hr = Pol2.CreateInstance(__uuidof(fw::NetFwPolicy2));
if(Pol2 == NULL)
// Retrieve collection rules
fw::INetFwRulesPtr Rules = Pol2->Rules;
if(Rules == NULL)
// enumerate the collection and call a callback function
IEnumVARIANTPtr enumerator = Rules->Get_NewEnum();
while(enumerator->Next(1, &obj, &num) == S_OK)
fw::INetFwRulePtr Rule = obj;
Adding, deleting, and working on service rules, is again very simple. The attached file contains a working Visual C++ 2008 sample with all those functions.
Copyright (c) Raffaele Rialdi 2009, Senior Software Developer, Consultant, p.iva IT01741850992, hosted by Vevy Europe Advanced Technologies Division. Site created by Raffaele Rialdi, 2009 - 2011