0430 ICF WINXP SP2 Internet Connection Firewall
由于作通信程序,结果发现一个严重的问题,该死的WINXP SP2防火墙。
Internet 连接防火墙 (ICF) 如何工作
ICF 被视为状态防火墙。状态防火墙可监视通过其路径的所有通讯方面,并且检查所处理的每个消息的源和目标地址。为了防止来自连接公用端的未经请求的通信进入专用端,ICF 保留了所有源自ICF 计算机的通讯表。在单独的计算机中,ICF 将跟踪源自该计算机的通信。与 ICS 一起使用时,ICF 将跟踪所有源自 ICF/ICS 计算机的通信和所有源自专用网络计算机的通信。所有Internet 传入通信都会针对于该表中的各项进行比较。只有当表中有匹配项时(这说明通讯交换是从计算机或专用网络内部开始的),才允许将传入 Internet 通信传送给网络中的计算机。源自外部源 ICF 计算机的通讯(如 Internet)将被防火墙阻止,除非在“服务”选项卡上建立了允许该通讯通过的条目。ICF 不会向您发送活动通知,而是静态地阻止未经请求的通讯,防止像端口扫描这样的常见黑客袭击。这样的通知可能过于频繁以至于成为一种干扰。ICF 可能创建安全日志以查看被防火墙跟踪的活动。
这样的话,如果一段时间内,本地端口没有往外端口主动发送数据,过了一段时间,外端口再往本地端口发送数据,会被屏蔽掉
想了想,有两种办法,一种办法就是程序里面间隔的往服务器发送数据,还有一个办法就是编程控制ICF Internet Connection Firewall
好像很多网络电视程序安装的时候都会把 自己的程序加入到例外里面?
找了找资料
MSDN Home > MSDN Library > Win32 and COM Development > Network Security > Internet Connection Sharing and Internet Connection Firewall
IPv6 Internet Connection Firewall Downloads
The IPv6 Internet Connection Firewall (IPv6 ICF) protects connections on which it is running from unsolicited network traffic. The IPv6 Internet Connection Firewall SDK is intended for developers whose software applications or setup programs require adjustments to the configurations of the networking environments in which they run.
Microsoft IPv6 Internet Connection Firewall Software Development Kit (SDK)
The IPv6 Internet Connection Firewall SDK includes documentation as well as header and library files that allow developers to programmatically manage the features of IPv6 ICF, making it possible to open and close ports on an IPv6 ICF network connection.
Date: July 22, 2003
大多数第三方防火墙软件提供商如Zone Labs、McAfee和Symantec公司都将在近期提供和SP2兼容的新版本防火墙软件。这些新版软件在安装的时候会自动禁用Windows防火墙,而在卸载时又会自动启用Windows防火墙。第三方厂商通过调用Windows Firewall API来实现这一功能。然而,既然防火墙软件可以这么做,其他病毒或木马等恶意代码就同样也可以。病毒或木马可以修改Windows防火墙程序,甚至干脆关闭它。而Zone Labs公司声明,他们采取了一些锁定技术来保证他们的防火墙软件不会被其他第三方软件关闭,除非你将整个防火墙卸载掉。
Larry Osterman\’s WebLog
Confessions of an Old Fogey
How do I open ports in the Windows Firewall
Using the Internet Connection Sharing (ICS) and Internet Connection Firewall (ICF) COM Interfaces
Introduction
With the release of Windows XP\’s Service Pack 2, Microsoft\’s Internet Connection Sharing (ICS) and Internet Connection Firewall (ICF) features quickly obtained a large degree of notoriety. Many developers have been actively looking for ways to easily "peek and poke" at the ICS & ICF configurations on a given machine.
The good news is that Microsoft released the interfaces with a COM wrapper. The bad news is that it isn\’t well advertised and it\’s not very intuitive to use. Getting a full set of details on a particular connection\’s configuration can require several method calls.
References
Microsoft has exposed the API for the ICS & ICF in a couple of places, but this code uses the COM interface HNetCfg.HNetShare. You can add a reference to this interface to your own projects by using the Reference Browser to select HNETCFG.DLL (typically located in the "C:\\Windows\\System32\\" directory).
\’ In addition, this class requires that the project have a COM reference
\’ to the "HNetCfg.HNetShare" interface, which can be found in the "hnetcfg.dll"
\’ server (typically located in the "C:\\WINDOWS\\system32\\" directory).
Public Sub DisableSharing() Implements INetSharingConfiguration.DisableSharing
Call _icsMgr.INetSharingConfigurationForINetConnection(_icsConn).DisableSharing()
End Sub
Public Sub EnableInternetFirewall() Implements INetSharingConfiguration.EnableInternetFirewall
Call _icsMgr.INetSharingConfigurationForINetConnection(_icsConn).EnableInternetFirewall()
End Sub
Public Sub EnableSharing(ByVal Type As tagSHARINGCONNECTIONTYPE) Implements INetSharingConfiguration.EnableSharing
Call _icsMgr.INetSharingConfigurationForINetConnection(_icsConn).EnableSharing(Type)
End Sub
Public Sub RemovePortMapping(ByVal pMapping As INetSharingPortMapping) Implements INetSharingConfiguration.RemovePortMapping
Call _icsMgr.INetSharingConfigurationForINetConnection(_icsConn).RemovePortMapping(pMapping)
End Sub
历史博文
- 20071221 权限管理 asp.net - 2008
- 20070513 vs2005 最近的项目 ProjectMRUList - 2007
- SuperStar 2000 1.2 EN - 2005