Go 调用netsh添加防火墙异常失败
嗨,我试图通过我的go代码在计算机中为我的exe添加防火墙例外 这是我的密码Go 调用netsh添加防火墙异常失败,go,netsh,Go,Netsh,嗨,我试图通过我的go代码在计算机中为我的exe添加防火墙例外 这是我的密码 // Firewall.go package main import ( "fmt" "os/exec" ) func main() { cmdArgs := []string{"advfirewall", "firewall", "add","rule","name=\"Allow My Service\"","dir=in","action=allow","program=\"C:\\P
// Firewall.go
package main
import (
"fmt"
"os/exec"
)
func main() {
cmdArgs := []string{"advfirewall", "firewall", "add","rule","name=\"Allow My Service\"","dir=in","action=allow","program=\"C:\\Program Files\\Product\\Product.exe\""}
out,err:=exec.Command("netsh",cmdArgs...).Output()
if err !=nil{
fmt.Println("err:::",err)
}
fmt.Println("Out::",string(out))
}
err::: exit status 1
Out::
A specified value is not valid.
Usage: add rule name=<string>
dir=in|out
action=allow|block|bypass
[program=<program path>]
[service=<service short name>|any]
[description=<string>]
[enable=yes|no (default=yes)]
[profile=public|private|domain|any[,...]]
[localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=
ny)]
[remoteport=0-65535|<port range>[,...]|any (default=any)]
[protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
tcp|udp|any (default=any)]
[interfacetype=wireless|lan|ras|any]
[rmtcomputergrp=<SDDL string>]
[rmtusrgrp=<SDDL string>]
[edge=yes|deferapp|deferuser|no (default=no)]
[security=authenticate|authenc|authdynenc|authnoencap|notrequired
(default=notrequired)]
Remarks:
- Add a new inbound or outbound rule to the firewall policy.
- Rule name should be unique and cannot be "all".
- If a remote computer or user group is specified, security must be
authenticate, authenc, authdynenc, or authnoencap.
- Setting security to authdynenc allows systems to dynamically
negotiate the use of encryption for traffic that matches
a given Windows Firewall rule. Encryption is negotiated based on
existing connection security rule properties. This option
enables the ability of a machine to accept the first TCP
or UDP packet of an inbound IPsec connection as long as
it is secured, but not encrypted, using IPsec.
Once the first packet is processed, the server will
re-negotiate the connection and upgrade it so that
all subsequent communications are fully encrypted.
- If action=bypass, the remote computer group must be specified when dir=
n.
- If service=any, the rule applies only to services.
- ICMP type or code can be "any".
- Edge can only be specified for inbound rules.
- AuthEnc and authnoencap cannot be used together.
- Authdynenc is valid only when dir=in.
- When authnoencap is set, the security=authenticate option becomes an
optional parameter.
Examples:
Add an inbound rule with no encapsulation security for messenger.exe:
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\programfiles\messenger\msmsgs.exe"
security=authnoencap action=allow
Add an outbound rule for port 80:
netsh advfirewall firewall add rule name="allow80"
protocol=TCP dir=out localport=80 action=block
Add an inbound rule requiring security and encryption
for TCP port 80 traffic:
netsh advfirewall firewall add rule
name="Require Encryption for Inbound TCP/80"
protocol=TCP dir=in localport=80 security=authdynenc
action=allow
Add an inbound rule for messenger.exe and require security
netsh advfirewall firewall add rule name="allow messenger"
dir=in program="c:\program files\messenger\msmsgs.exe"
security=authenticate action=allow
Add an authenticated firewall bypass rule for group
acmedomain\scanners identified by a SDDL string:
netsh advfirewall firewall add rule name="allow scanners"
dir=in rmtcomputergrp=<SDDL string> action=bypass
security=authenticate
Add an outbound allow rule for local ports 5000-5010 for udp-
Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010
action=allow
err::退出状态1
输出::
指定的值无效。
用法:添加规则名称=
dir=输入|输出
动作=允许|阻塞|旁路
[程序=]
[服务=|任何]
[说明=]
[启用=是|否(默认值=是)]
[profile=public | private | domain | any[,…]
[localip=any | | | |]
[remoteip=any | localsubnet | dns | dhcp | wins | defaultgateway|
||||]
[localport=0-65535 |[,…]| RPC | RPC EPMap | IPHTTPS | any(默认值=
纽约)]
[remoteport=0-65535 |[,…]任意(默认值为任意)]
[协议=0-255 | icmpv4 | icmpv6 | icmpv4:类型,代码| icmpv6:类型,代码|
tcp | udp |任意(默认值=任意)]
[interfacetype=wireless | lan | ras | any]
[rmtcomputergrp=]
[rmtusrgrp=]
[边缘=是|延迟应用程序|延迟用户|否(默认值=否)]
[security=authenticate | authenc | authdynec | authnoencap |不需要
(默认值=不需要)]
评论:
-向防火墙策略添加新的入站或出站规则。
-规则名称应该是唯一的,不能是“全部”。
-如果指定了远程计算机或用户组,则必须确保安全性
验证、验证、验证或验证。
-将安全性设置为authdynec允许系统动态
协商对匹配的流量使用加密
给定的Windows防火墙规则。加密是基于
现有连接安全规则属性。此选项
使计算机能够接受第一个TCP
或入站IPsec连接的UDP数据包,只要
它是安全的,但不是加密的,使用IPsec。
处理第一个数据包后,服务器将
重新协商连接并升级,以便
所有后续通信都完全加密。
-如果action=bypass,则必须在dir时指定远程计算机组=
N
-如果service=any,则该规则仅适用于服务。
-ICMP类型或代码可以是“任意”。
-只能为入站规则指定边缘。
-AuthEnc和authnoencap不能一起使用。
-authdynec仅在dir=in时有效。
-设置authnoencap时,security=authenticate选项将变为
可选参数。
示例:
为messenger.exe添加没有封装安全性的入站规则:
netsh advfirewall firewall add rule name=“允许messenger”
dir=in program=“c:\programfiles\messenger\msmsgs.exe”
安全性=authnoencap操作=允许
为端口80添加出站规则:
netsh advfirewall firewall add rule name=“allow80”
协议=TCP目录=输出本地端口=80操作=块
添加需要安全性和加密的入站规则
对于TCP端口80流量:
netsh advfirewall防火墙添加规则
name=“需要对入站TCP/80进行加密”
协议=TCP目录=本地端口中=80安全性=authdynec
动作=允许
为messenger.exe添加入站规则并要求安全性
netsh advfirewall firewall add rule name=“允许messenger”
dir=in program=“c:\program files\messenger\msmsgs.exe”
安全性=身份验证操作=允许
为组添加经过身份验证的防火墙绕过规则
acmedomain \由SDDL字符串标识的扫描仪:
netsh advfirewall firewall add rule name=“允许扫描程序”
dir=在rmtcomputergrp=操作=旁路中
安全性=验证
为udp的本地端口5000-5010添加出站允许规则-
添加规则name=“允许端口范围”dir=out协议=udp本地端口=5000-5010
动作=允许
帮我解决这个问题。提前感谢如果您从路径中删除
\““name=Allow My Service”netshcmd.exeos/execnetsh\“”name=Allow My Service“cmd.exenetsh