myvtm/Framework/spbase/sp_firewallControl.h

#ifndef SP_FIREWALL_CONTROL_H
#define SP_FIREWALL_CONTROL_H

#include <windows.h>
#include <netfw.h>
#include <vector>
#include <string>
#include <optional>
#include "SpBase.h"

// 防火墙规则详细信息结构体
struct FirewallRuleInfo {
    std::wstring name;
    std::wstring description;
    std::wstring applicationName;
    std::wstring serviceName;
    long direction;  // 1=入站, 2=出站
    bool enabled;
};

// 添加规则方向枚举
enum class FirewallRuleDirection {
    Inbound = NET_FW_RULE_DIR_IN,
    Outbound = NET_FW_RULE_DIR_OUT
};

// 添加规则动作枚举
enum class FirewallRuleAction {
    Allow = NET_FW_ACTION_ALLOW,
    Block = NET_FW_ACTION_BLOCK
};

class FirewallController {
public:
    // 初始化COM环境和防火墙策略
    static bool Initialize();

    // 查询匹配名称的防火墙规则（支持通配符*和?）
    static std::vector<FirewallRuleInfo> QueryRules(const std::wstring& ruleNamePattern);

    static bool AddFirewallRule(
        const std::wstring& ruleName,
        const std::wstring& appPath,
        FirewallRuleDirection direction,
        FirewallRuleAction action,
        const std::wstring& protocol = L"",
        const std::wstring& localPorts = L"",
        const std::wstring& remoteAddresses = L"*",
        const std::wstring& description = L""
    );

    static bool DeleteFirewallRule(const std::wstring& ruleName);
    static bool CleanupRulesExceptWhitelist(
        const std::wstring& ruleNamePattern,
        const std::vector<std::wstring>& whitelistPaths);

    // 释放资源
    static void Shutdown();

private:
    static INetFwPolicy2* firewallPolicy;
    static bool comInitialized;

    // 通配符匹配函数
    static bool WildcardMatch(const std::wstring& pattern, const std::wstring& text);
};


/*
case: VTM upgrade
may add 4 firewall rules
*/

SPBASE_API bool sp_AddFirewallRule(const char *ruleName, const char *appPath);
SPBASE_API bool sp_AddFirewallRuleByPath(const char *pszPath);
SPBASE_API bool sp_CheckAllRules();

#endif // SP_FIREWALL_CONTROL_H