Windows Firewall Technologies

Overview of the Windows Firewall Technologies technology.

To develop Windows Firewall Technologies, you need these headers:

For programming guidance for this technology, see:

Enumerations

 
FW_DYNAMIC_KEYWORD_ADDRESS_ENUM_FLAGS

Defines constants that specify the kind(s) of objects to include in an enumeration operation.
FW_DYNAMIC_KEYWORD_ADDRESS_FLAGS

Defines constants that specify how IP addresses are to be resolved.
FW_DYNAMIC_KEYWORD_ORIGIN_TYPE

Defines constants that specify the origin of the dynamic keyword address object in an FW_DYNAMIC_KEYWORD_ADDRESS_DATA0.
INET_FIREWALL_AC_CHANGE_TYPE

The INET_FIREWALL_AC_CHANGE_TYPE enumeration specifies which type of app container change occurred. (INET_FIREWALL_AC_CHANGE_TYPE)
INET_FIREWALL_AC_CHANGE_TYPE

The INET_FIREWALL_AC_CHANGE_TYPE enumeration specifies which type of app container change occurred. (INET_FIREWALL_AC_CHANGE_TYPE)
INET_FIREWALL_AC_CREATION_TYPE

The INET_FIREWALL_AC_CREATION_TYPE enumeration specifies the type of app container creation events for which notifications will be delivered.
INET_FIREWALL_AC_CREATION_TYPE

The INET_FIREWALL_AC_CREATION_TYPE enumeration specifies the type of app container creation events for which notifications will be delivered.
NET_FW_ACTION

Specifies the action for a rule or default setting. (NET_FW_ACTION)
NET_FW_AUTHENTICATE_TYPE

Specifies the type of authentication which must occur in order for traffic to be allowed.
NET_FW_EDGE_TRAVERSAL_TYPE

The conditions under which edge traversal traffic is allowed.
NET_FW_IP_PROTOCOL

Specifies the Internet protocol.
NET_FW_IP_VERSION

Specifies the IP version for a port.
NET_FW_MODIFY_STATE

Specifies the effect of modifications to the current policy.
NET_FW_POLICY_TYPE

The NET_FW_POLICY_TYPE enumerated type specifies the type of policy.
NET_FW_PROFILE_TYPE

Specifies the type of profile. (NET_FW_PROFILE_TYPE)
NET_FW_PROFILE_TYPE2

Specifies the type of profile. (NET_FW_PROFILE_TYPE2)
NET_FW_RULE_CATEGORY

The firewall rule category.
NET_FW_RULE_DIRECTION

Specifies the direction of traffic to which a rule applies.
NET_FW_SCOPE

Specifies the scope of addresses from which a port can listen.
NET_FW_SERVICE_TYPE

Specifies the type of service.
NETCON_CHARACTERISTIC_FLAGS

The NETCON_CHARACTERISTIC_FLAGS enumeration type specifies possible characteristics for a network connection.
NETCON_MEDIATYPE

The values of the NETCON_MEDIATYPE enumerate the possible ways the computer connects to the network.
NETCON_STATUS

The NETCON_STATUS type enumerates possible status conditions for a network connection.
NETCON_TYPE

The NETCON_TYPE type enumerates the various kinds of network connections.
NETISO_ERROR_TYPE

The NETISO_ERROR_TYPE enumeration specifies the type of error related to a network isolation operation.
NETISO_ERROR_TYPE

The NETISO_ERROR_TYPE enumeration specifies the type of error related to a network isolation operation. (NETISO_ERROR_TYPE)
NETISO_FLAG

The NETISO_FLAG enumeration specifies whether binaries should be returned for app containers. (NETISO_FLAG)
NETISO_FLAG

The NETISO_FLAG enumeration specifies whether binaries should be returned for app containers. (NETISO_FLAG)
SHARINGCONNECTIONTYPE

The values of the SHARINGCONNECTIONTYPE type enumerate the possible types of shared connections.

Functions

 
Add

The Add method creates a new port mapping and adds it to the collection.
Add

The Add method adds a new application to the collection.
Add

Opens a new port and adds it to the collection.
Add

The Add method adds a new rule to the collection.
AddPortMapping

Adds a service port mapping for this connection.
Clone

The Clone method creates a new enumeration interface from this enumeration. (IEnumNetSharingEveryConnection.Clone)
Clone

The Clone method creates a new enumeration interface from this enumeration. (IEnumNetSharingPortMapping.Clone)
Clone

The Clone method creates a new enumeration interface from this enumeration. (IEnumNetSharingPrivateConnection.Clone)
Clone

The Clone method creates a new enumeration interface from this enumeration. (IEnumNetSharingPublicConnection.Clone)
Connect

The Connect method connects, or establishes, this network connection.
Delete

The Delete method deletes this connection from connections folder.
Delete

The Delete method deletes a port mapping from the list of port mappings for a particular connection.
Disable

The Disable method disables a port mapping for a particular connection.
DisableInternetFirewall

The DisableInternetFirewall method disables Internet Connection Firewall on this connection.
DisableSharing

The DisableSharing method disables sharing on this connection. It also disables all mappings on this connection. It does not disable Internet Connection Firewall or bridge configuration.
Disconnect

The Disconnect method disconnects this connection.
Duplicate

The Duplicate method creates a duplicate of this connection in the connections folder.
EditDescription

The EditDescription method sets the description property of this port mapping to the specified value.
EditInternalClient

The EditInternalClient method sets the internal client property of this port mapping to the specified value.
EditInternalPort

The EditInternalPort method sets the internal port for this port mapping.
Enable

The Enable method enables or disables this port mapping.
Enable

The Enable method enables a port mapping for a particular connection.
EnableInternetFirewall

The EnableInternetFirewall methods enables Internet Connection Firewall on this connection.
EnableRuleGroup

Enables or disables a specified group of firewall rules.
EnableSharing

The EnableSharing method enables sharing on this connection.
get__NewEnum

The get__NewEnum method retrieves an enumerator for the static port mappings collection.
get__NewEnum

The get__NewEnum method retrieves an enumerator for the connections collection.
get__NewEnum

The get__NewEnum method retrieves an enumerator for the port mapping collection.
get__NewEnum

The get__NewEnum method retrieves an enumerator for the private connections collection.
get__NewEnum

The get__NewEnum method retrieves an enumerator for the public connections collection.
get__NewEnum

Returns an object supporting IEnumVARIANT that can be used to iterate through all the applications in the collection.
get__NewEnum

Returns an object supporting IEnumVARIANT that can be used to iterate through all the ports in the collection.
get__NewEnum

Returns an object supporting IEnumVARIANT that can be used to iterate through all the registered third-party firewall products in the collection.
get__NewEnum

Returns an object supporting IEnumVARIANT that can be used to iterate through all the rules in the collection.
get__NewEnum

Returns an object supporting IEnumVARIANT that can be used to iterate through all the services in the collection.
get_Action

Specifies the action for a rule or default setting. (INetFwRule.get_Action)
get_AllowInboundEchoRequest

Indicates whether this is allowed. (INetFwIcmpSettings.get_AllowInboundEchoRequest)
get_AllowInboundMaskRequest

Indicates whether this is allowed. (INetFwIcmpSettings.get_AllowInboundMaskRequest)
get_AllowInboundRouterRequest

Indicates whether this is allowed. (INetFwIcmpSettings.get_AllowInboundRouterRequest)
get_AllowInboundTimestampRequest

Indicates whether this is allowed. (INetFwIcmpSettings.get_AllowInboundTimestampRequest)
get_AllowOutboundDestinationUnreachable

Indicates whether this is allowed. (INetFwIcmpSettings.get_AllowOutboundDestinationUnreachable)
get_AllowOutboundPacketTooBig

Indicates whether this is allowed. (INetFwIcmpSettings.get_AllowOutboundPacketTooBig)
get_AllowOutboundParameterProblem

Indicates whether this is allowed. (INetFwIcmpSettings.get_AllowOutboundParameterProblem)
get_AllowOutboundSourceQuench

Indicates whether outbound source quench is allowed. (Get)
get_AllowOutboundTimeExceeded

Indicates whether exceeding the outbound time is allowed. (Get)
get_AllowRedirect

Indicates whether redirect is allowed. (Get)
get_ApplicationName

Specifies the friendly name of the application to which this rule applies. (Get)
get_AuthorizedApplications

Retrieves the collection of authorized applications of the profile.
get_BlockAllInboundTraffic

Indicates whether the firewall should not allow inbound traffic. (Get)
get_BuiltIn

Indicates whether the port is defined by the system.
get_Characteristics

The get_Characteristics method retrieves the media type for the connection.
get_Count

The get_Count method retrieves the number of port mappings in the collection.
get_Count

The get__Count method retrieves the number of items in the connections collection.
get_Count

The get__Count method retrieves the number of items in the port mapping collection.
get_Count

The get__Count method retrieves the number of items in the private connections collection.
get_Count

The get_Count method retrieves the number of items in the public connections collection.
get_Count

Specifies the number of items in the collection.
get_Count

Retrieves a read-only element yielding the number of items in the collection. (INetFwOpenPorts.get_Count)
get_Count

Indicates the number of registered third-party firewall products.
get_Count

Returns the number of rules in a collection.
get_Count

Retrieves a read-only element yielding the number of items in the collection. (INetFwServices.get_Count)
get_CurrentProfile

Retrieves the current firewall profile.
get_CurrentProfileType

Retrieves the type of firewall profile currently in effect.
get_CurrentProfileTypes

Retrieves the currently active firewall profile.
get_Customized

Indicates whether at least one of the ports associated with the service has been customized.
get_DefaultInboundAction

Specifies the default action for inbound traffic. These settings are Block by default. (Get)
get_DefaultOutboundAction

Specifies the default action for outbound traffic. These settings are Allow by default. (Get)
get_Description

The get_Description method retrieves the description associated with this port mapping.
get_Description

Specifies the description of this rule. (Get)
get_DeviceName

The get_DeviceName method retrieves the name of the device associated with the connection.
get_Direction

Specifies the direction of traffic for which the rule applies. (Get)
get_DisplayName

Indicates the display name for a third-party firewall product registration. (Get)
get_EdgeTraversal

Indicates whether edge traversal is enabled or disabled for this rule. (Get)
get_EdgeTraversalOptions

This property can be used to access the edge properties of a firewall rule defined by NET_FW_EDGE_TRAVERSAL_TYPE. (Get)
get_Enabled

The get_Enabled method retrieves whether the port mapping is enabled.
get_Enabled

The get_Enabled method retrieves the status for this port mapping.
get_Enabled

Indicates whether the settings for this application are currently enabled. (Get)
get_Enabled

Indicates whether the settings for this port are currently enabled. (Get)
get_Enabled

Indicates whether remote administration is enabled.. (Get)
get_Enabled

Enables or disables a rule. (Get)
get_Enabled

Indicates whether all the ports associated with the service are enabled. (Get)
get_EnumEveryConnection

The get_EnumEveryConnection method retrieves an enumeration interface for all the connections in the connection folder.
get_EnumPortMappings

The get_EnumPortMappings method retrieves an IEnumNetSharingPortMapping interface. Use this interface to enumerate the port mappings for this connection.
get_EnumPrivateConnections

The get_EnumPrivateConnections method retrieves an enumeration interface for privately-shared connections.
get_EnumPublicConnections

The EnumPublicConnections method retrieves an enumeration interface for publicly-shared connections.
get_ExceptionsNotAllowed

Indicates whether the firewall should not allow exceptions. (Get)
get_ExcludedInterfaces

Specifies a list of interfaces on which firewall settings are excluded. (Get)
get_ExternalIPAddress

The get_ExternalIPAddress method retrieves the external IP address for this port mapping on the NAT computer.
get_ExternalPort

The get_ExternalPort method retrieves the external port on the NAT computer for this port mapping.
get_ExternalPort

The get_ExternalPort method retrieves the external port associated with this port mapping.
get_FirewallEnabled

Indicates whether a firewall is enabled locally (the effective result may differ due to group policy settings). (Get)
get_FirewallEnabled

Indicates whether the firewall is enabled. (Get)
get_GloballyOpenPorts

Retrieves the collection of globally open ports of the profile.
get_GloballyOpenPorts

Retrieves the collection of globally open ports associated with the service.
get_Grouping

Specifies the group to which an individual rule belongs. (Get)
get_Guid

The get_Guid method retrieves the globally-unique identifier (GUID) for the connection.
get_IcmpSettings

Retrieves the ICMP settings of the profile.
get_IcmpTypesAndCodes

Specifies the list of ICMP types and codes for this rule. (Get)
get_INetSharingConfigurationForINetConnection

The get_INetSharingConfigurationForINetConnection method retrieves an INetSharingConfiguration interface for the specified connection.
get_Interfaces

Specifies the list of interfaces for which the rule applies. (Get)
get_InterfaceTypes

Specifies the list of interface types for which the rule applies. (Get)
get_InternalClient

The get_InternalClient method retrieves the name of the internal client for this port mapping.
get_InternalPort

The get_InternalPort method retrieves the internal port on the client computer for this port mapping.
get_InternalPort

The get_InternalPort method retrieves the internal port associated with this port mapping.
get_InternetFirewallEnabled

The get_InternetFirewallEnabled method determines whether Internet Connection Firewall is enabled on this connection.
get_IPProtocol

The get_IPProtocol method retrieves the IP Protocol associated with this port mapping.
get_IpVersion

Specifies the IP version setting for this application. (Get)
get_IpVersion

Specifies the IP version setting for this port. (Get)
get_IpVersion

Specifies the IP version. (INetFwRemoteAdminSettings.get_IpVersion)
get_IpVersion

Specifies the firewall IP version for which the service is authorized. (Get)
get_IsRuleGroupCurrentlyEnabled

Determines whether a specified group of firewall rules are enabled or disabled. (INetFwPolicy2.get_IsRuleGroupCurrentlyEnabled)
get_Item

The get_Item method retrieves the specified port mapping from the collection.
get_LocalAddresses

Specifies the list of local addresses for this rule. (Get)
get_LocalAppPackageId

Specifies the package identifier or the app container identifier of a process, whether from a Windows Store app or a desktop app. (Get)
get_LocalPolicy

Retrieves the local firewall policy.
get_LocalPolicyModifyState

Determines if adding or setting a rule or group of rules will take effect in the current firewall profile.
get_LocalPorts

Specifies the list of local ports for this rule. (Get)
get_LocalUserAuthorizedList

Specifies a list of authorized local users for an app container. (Get)
get_LocalUserOwner

Specifies the user security identifier (SID) of the user who is the owner of the rule. (Get)
get_MediaType

The get_MediaType method retrieves the media type for the connection.
get_Name

The get_Name method retrieves the name of the connection.
get_Name

The get_Name method retrieves the name for this port mapping.
get_Name

Specifies the friendly name of this application. (Get)
get_Name

Specifies the friendly name of this port. (Get)
get_Name

Specifies the friendly name of this rule. (Get)
get_Name

Retrieves the friendly name of the service.
get_NATEventManager

The get_NATEventManager method retrieves an INATEventManager interface for the NAT used by the local computer.
get_NetConnectionProps

The get_NetConnectionProps method retrieves a properties interface for the specified connection.
get_NotificationsDisabled

Indicates whether interactive firewall notifications are disabled. (INetFwPolicy2.get_NotificationsDisabled)
get_NotificationsDisabled

Indicates whether interactive firewall notifications are disabled. (INetFwProfile.get_NotificationsDisabled)
get_Options

The get_Options method retrieves the options associated with this port mapping.
get_PathToSignedProductExe

Indicates the path to the signed executable file of a third-party firewall product registration.
get_Port

Specifies the host-ordered port number for this port. (Get)
get_ProcessImageFileName

Specifies the process image file name for this application. (Get)
get_Profiles

Specifies the profiles to which the rule belongs. (Get)
get_Properties

The get_Properties method retrieves the properties for a port mapping.
get_Protocol

The get_Protocol method retrieves the protocol associated with this port mapping.
get_Protocol

Specifies the protocol type setting for this port. (Get)
get_Protocol

Specifies the IP protocol of this rule. (Get)
get_RemoteAddresses

Specifies a set of the remote addresses from which the application can listen for traffic. (Get)
get_RemoteAddresses

Specifies a set of remote addresses from which the port can listen for traffic. (Get)
get_RemoteAddresses

Specifies a set of remote addresses from which remote administration is allowed. (Get)
get_RemoteAddresses

Specifies the list of remote addresses for this rule. (Get)
get_RemoteAddresses

Specifies a set of the remote addresses from which the service ports can listen for traffic. (Get)
get_RemoteAdminSettings

Specifies the settings governing remote administration.
get_RemoteMachineAuthorizedList

Specifies a list of remote computers which are authorized to access an app container. (Get)
get_RemotePorts

Specifies the list of remote ports for this rule. (Get)
get_RemoteUserAuthorizedList

Specifies a list of remote users who are authorized to access an app container. (Get)
get_RuleCategories

For a third-party firewall product registration, indicates the rule categories for which the third-party firewall wishes to take ownership from Windows Firewall. (Get)
get_Rules

Retrieves the collection of firewall rules.
get_Rules

Retrieves the collection of Windows Service Hardening networking rules.
get_Scope

Controls the network scope from which the port can listen. (INetFwAuthorizedApplication.get_Scope)
get_Scope

Controls the network scope from which the port can listen. (INetFwOpenPort.get_Scope)
get_Scope

Controls the network scope from which remote administration is allowed. (Get)
get_Scope

Controls the network scope from which the port can listen. (INetFwService.get_Scope)
get_SecureFlags

Specifies which firewall verifications of security levels provided by IPsec must be guaranteed to allow the collection. The allowed values must correspond to those of the NET_FW_AUTHENTICATE_TYPE enumeration. (Get)
get_ServiceName

Specifies the service name property of the application. (Get)
get_ServiceRestriction

Retrieves the interface used to access the Windows Service Hardening store.
get_Services

Retrieves the collection of services of the profile.
get_SharingConnectionType

The get_SharingConnectionType method determines the type of sharing that is enabled on this connection.
get_SharingEnabled

The get_SharingEnabled method determines whether sharing is enabled on this connection.
get_SharingInstalled

Reports whether the currently-installed version of Windows XP supports connection sharing.
get_StaticPortMappingCollection

The get_StaticPortMappingCollection method retrieves an interface for the collection of static port mappings on the NAT used by the local computer.
get_Status

The get_Status method retrieves the status of the connection.
get_TargetIPAddress

The get_TargetIPAddress method retrieves the IP address of the target computer for this port mapping.
get_TargetName

The get_TargetName method retrieves the name of the target computer for this port mapping.
get_Type

Specifies the type of the profile.
get_Type

Retrieves the type of the service.
get_UnicastResponsesToMulticastBroadcastDisabled

Indicates whether the firewall should not allow unicast responses to multicast and broadcast traffic. (INetFwPolicy2.get_UnicastResponsesToMulticastBroadcastDisabled)
get_UnicastResponsesToMulticastBroadcastDisabled

Indicates whether the firewall should not allow unicast responses to multicast and broadcast traffic. (INetFwProfile.get_UnicastResponsesToMulticastBroadcastDisabled)
GetProfileByType

Retrieves the profile of the requested type.
GetProperties

The GetProperties method retrieves a structure that contains the properties for this network connection.
GetUiObjectClassId

The GetUiObjectClassId method retrieves the class identifier of the user interface object for this connection.
IsIcmpTypeAllowed

Determines whether the specified ICMP type is allowed.
IsPortAllowed

Determines whether an application can listen for inbound traffic on the specified port.
IsRuleGroupEnabled

Determines whether a specified group of firewall rules are enabled or disabled. (INetFwPolicy2.IsRuleGroupEnabled)
Item

The Item method returns the specified application if it is in the collection.
Item

Returns the specified port if it is in the collection.
Item

The Item method returns the product with the specified index if it is in the collection.
Item

The Item method returns the specified rule if it is in the collection.
Item

Returns the specified service if it is in the collection.
NcFreeNetconProperties

The NcFreeNetconProperties function frees memory associated with NETCON_PROPERTIES structures.
NcIsValidConnectionName

The NcIsValidConnectionName function verifies if the passed in connection name is valid.
NetworkIsolationDiagnoseConnectFailure

Determines whether the calling application has the required AppContainer capabilities to make a network connection to a target server.
NetworkIsolationDiagnoseConnectFailureAndGetInfo

The NetworkIsolationDiagnoseConnectFailureAndGetInfo function gets information about a network isolation connection failure due to a missing capability.
NetworkIsolationDiagnoseConnectFailureAndGetInfo

The NetworkIsolationDiagnoseConnectFailureAndGetInfo function gets information about a network isolation connection failure due to a missing capability.
NetworkIsolationEnumAppContainers

The NetworkIsolationEnumAppContainers function enumerates all of the app containers that have been created in the system.
NetworkIsolationEnumAppContainers

The NetworkIsolationEnumAppContainers function enumerates all of the app containers that have been created in the system. (NetworkIsolationEnumAppContainers)
NetworkIsolationEnumerateAppContainerRules

Enumerates all of the rules related to app containers.
NetworkIsolationFreeAppContainers

The NetworkIsolationFreeAppContainers function is used to release memory resources allocated to one or more app containers.
NetworkIsolationFreeAppContainers

The NetworkIsolationFreeAppContainers function is used to release memory resources allocated to one or more app containers. (NetworkIsolationFreeAppContainers)
NetworkIsolationGetAppContainerConfig

The NetworkIsolationGetAppContainerConfig function is used to retrieve configuration information about one or more app containers.
NetworkIsolationGetAppContainerConfig

The NetworkIsolationGetAppContainerConfig function is used to retrieve configuration information about one or more app containers.
NetworkIsolationGetEnterpriseIdAsync

Gets the Enterprise ID based on Network Isolation endpoints in the context of the Windows Information Protection (WIP) or the Microsoft Defender Application Guard (MDAG) scenarios.
NetworkIsolationGetEnterpriseIdClose

This API is used for closing the handle returned by NetworkIsolationGetEnterpriseIdAsync as well as for synchronizing the operation.
NetworkIsolationRegisterForAppContainerChanges

The NetworkIsolationRegisterForAppContainerChanges function is used to register for the delivery of notifications regarding changes to an app container.
NetworkIsolationRegisterForAppContainerChanges

The NetworkIsolationRegisterForAppContainerChanges function is used to register for the delivery of notifications regarding changes to an app container.
NetworkIsolationSetAppContainerConfig

The NetworkIsolationSetAppContainerConfig function is used to set the configuration of one or more app containers.
NetworkIsolationSetAppContainerConfig

The NetworkIsolationSetAppContainerConfig function is used to set the configuration of one or more app containers. (NetworkIsolationSetAppContainerConfig)
NetworkIsolationSetupAppContainerBinaries

The NetworkIsolationSetupAppContainerBinaries function is used by software installers to provide information about the image paths of applications that are running in an app container.
NetworkIsolationSetupAppContainerBinaries

The NetworkIsolationSetupAppContainerBinaries function is used by software installers to provide information about the image paths of applications that are running in an app container.
NetworkIsolationUnregisterForAppContainerChanges

The NetworkIsolationUnregisterForAppContainerChanges function is used to cancel an app container change registration and stop receiving notifications.
NetworkIsolationUnregisterForAppContainerChanges

The NetworkIsolationUnregisterForAppContainerChanges function is used to cancel an app container change registration and stop receiving notifications.
NewExternalIPAddress

The system calls the NewExternalIPAddress method if the external IP address of the NAT computer changes.
NewNumberOfEntries

The system calls the NewNumberOfEntries method if the total number of NAT port mappings changes.
Next

The Next method retrieves the specified number of connections from the Connections folder starting from the current enumeration position.
Next

The Next method retrieves the specified number of port mappings that start from the current enumeration position.
Next

The Next method retrieves the specified number of privately-shared connections that start from the current enumeration position. (IEnumNetSharingPrivateConnection.Next)
Next

The Next method retrieves the specified number of privately-shared connections that start from the current enumeration position. (IEnumNetSharingPublicConnection.Next)
PAC_CHANGES_CALLBACK_FN

The PAC_CHANGES_CALLBACK_FN callback function is used to add custom behavior to the app container change notification process.
PAC_CHANGES_CALLBACK_FN

The PAC_CHANGES_CALLBACK_FN callback function is used to add custom behavior to the app container change notification process.
PFN_FWADDDYNAMICKEYWORDADDRESS0

Function pointer type of the entry point in the service that you call to add the specified dynamic keyword address.
PFN_FWDELETEDYNAMICKEYWORDADDRESS0

Function pointer type of the entry point in the service that you call to delete the dynamic keyword address with the specified ID.
PFN_FWENUMDYNAMICKEYWORDADDRESSBYID0

Function pointer type of the entry point in the service that you call to enumerate the specific dynamic keyword addresses by ID.
PFN_FWENUMDYNAMICKEYWORDADDRESSESBYTYPE0

Function pointer type of the entry point in the service that you call to enumerate dynamic keyword addresses by type. You can request a particular subset of objects based on the enumeration flags passed in.
PFN_FWFREEDYNAMICKEYWORDADDRESSDATA0

Function pointer type of the entry point in the service that you call to free dynamic keyword address data structs allocated by the service.
PFN_FWUPDATEDYNAMICKEYWORDADDRESS0

Function pointer type of the entry point in the service that you call to update the dynamic keyword address with the input ID.
put_Action

Specifies the action for a rule or default setting. (INetFwRule.put_Action)
put_AllowInboundEchoRequest

Indicates whether this is allowed. (INetFwIcmpSettings.put_AllowInboundEchoRequest)
put_AllowInboundMaskRequest

Indicates whether this is allowed. (INetFwIcmpSettings.put_AllowInboundMaskRequest)
put_AllowInboundRouterRequest

Indicates whether this is allowed. (INetFwIcmpSettings.put_AllowInboundRouterRequest)
put_AllowInboundTimestampRequest

Indicates whether this is allowed. (INetFwIcmpSettings.put_AllowInboundTimestampRequest)
put_AllowOutboundDestinationUnreachable

Indicates whether this is allowed. (INetFwIcmpSettings.put_AllowOutboundDestinationUnreachable)
put_AllowOutboundPacketTooBig

Indicates whether this is allowed. (INetFwIcmpSettings.put_AllowOutboundPacketTooBig)
put_AllowOutboundParameterProblem

Indicates whether this is allowed. (INetFwIcmpSettings.put_AllowOutboundParameterProblem)
put_AllowOutboundSourceQuench

Indicates whether outbound source quench is allowed. (Put)
put_AllowOutboundTimeExceeded

Indicates whether exceeding the outbound time is allowed. (Put)
put_AllowRedirect

Indicates whether redirect is allowed. (Put)
put_ApplicationName

Specifies the friendly name of the application to which this rule applies. (Put)
put_BlockAllInboundTraffic

Indicates whether the firewall should not allow inbound traffic. (Put)
put_DefaultInboundAction

Specifies the default action for inbound traffic. These settings are Block by default. (Put)
put_DefaultOutboundAction

Specifies the default action for outbound traffic. These settings are Allow by default. (Put)
put_Description

Specifies the description of this rule. (Put)
put_Direction

Specifies the direction of traffic for which the rule applies. (Put)
put_DisplayName

Indicates the display name for a third-party firewall product registration. (Put)
put_EdgeTraversal

Indicates whether edge traversal is enabled or disabled for this rule. (Put)
put_EdgeTraversalOptions

This property can be used to access the edge properties of a firewall rule defined by NET_FW_EDGE_TRAVERSAL_TYPE. (Put)
put_Enabled

Indicates whether the settings for this application are currently enabled. (Put)
put_Enabled

Indicates whether the settings for this port are currently enabled. (Put)
put_Enabled

Indicates whether remote administration is enabled.. (Put)
put_Enabled

Enables or disables a rule. (Put)
put_Enabled

Indicates whether all the ports associated with the service are enabled. (Put)
put_ExceptionsNotAllowed

Indicates whether the firewall should not allow exceptions. (Put)
put_ExcludedInterfaces

Specifies a list of interfaces on which firewall settings are excluded. (Put)
put_ExternalIPAddressCallback

The put_ExternalIPAddressCallback method enables the NAT application with UPnP technology to register a callback interface with the NAT. The system calls the first method in this callback interface if the external IP address of the NAT changes.
put_FirewallEnabled

Indicates whether a firewall is enabled locally (the effective result may differ due to group policy settings). (Put)
put_FirewallEnabled

Indicates whether the firewall is enabled. (Put)
put_Grouping

Specifies the group to which an individual rule belongs. (Put)
put_IcmpTypesAndCodes

Specifies the list of ICMP types and codes for this rule. (Put)
put_Interfaces

Specifies the list of interfaces for which the rule applies. (Put)
put_InterfaceTypes

Specifies the list of interface types for which the rule applies. (Put)
put_IpVersion

Specifies the IP version setting for this application. (Put)
put_IpVersion

Specifies the IP version setting for this port. (Put)
put_IpVersion

Specifies the IP version. (INetFwRemoteAdminSettings.put_IpVersion)
put_IpVersion

Specifies the firewall IP version for which the service is authorized. (Put)
put_LocalAddresses

Specifies the list of local addresses for this rule. (Put)
put_LocalAppPackageId

Specifies the package identifier or the app container identifier of a process, whether from a Windows Store app or a desktop app. (Put)
put_LocalPorts

Specifies the list of local ports for this rule. (Put)
put_LocalUserAuthorizedList

Specifies a list of authorized local users for an app container. (Put)
put_LocalUserOwner

Specifies the user security identifier (SID) of the user who is the owner of the rule. (Put)
put_Name

Specifies the friendly name of this application. (Put)
put_Name

Specifies the friendly name of this port. (Put)
put_Name

Specifies the friendly name of this rule. (Put)
put_NotificationsDisabled

Indicates whether interactive firewall notifications are disabled. (INetFwPolicy2.put_NotificationsDisabled)
put_NotificationsDisabled

Indicates whether interactive firewall notifications are disabled. (INetFwProfile.put_NotificationsDisabled)
put_NumberOfEntriesCallback

The put_NumberOfEntriesCallback method enables the NAT application with UPnP technology to register a callback interface with the NAT. The system calls the first method in this callback interface if the number of NAT port mappings changes.
put_Port

Specifies the host-ordered port number for this port. (Put)
put_ProcessImageFileName

Specifies the process image file name for this application. (Put)
put_Profiles

Specifies the profiles to which the rule belongs. (Put)
put_Protocol

Specifies the protocol type setting for this port. (Put)
put_Protocol

Specifies the IP protocol of this rule. (Put)
put_RemoteAddresses

Specifies a set of the remote addresses from which the application can listen for traffic. (Put)
put_RemoteAddresses

Specifies a set of remote addresses from which the port can listen for traffic. (Put)
put_RemoteAddresses

Specifies a set of remote addresses from which remote administration is allowed. (Put)
put_RemoteAddresses

Specifies the list of remote addresses for this rule. (Put)
put_RemoteAddresses

Specifies a set of the remote addresses from which the service ports can listen for traffic. (Put)
put_RemoteMachineAuthorizedList

Specifies a list of remote computers which are authorized to access an app container. (Put)
put_RemotePorts

Specifies the list of remote ports for this rule. (Put)
put_RemoteUserAuthorizedList

Specifies a list of remote users who are authorized to access an app container. (Put)
put_RuleCategories

For a third-party firewall product registration, indicates the rule categories for which the third-party firewall wishes to take ownership from Windows Firewall. (Put)
put_Scope

Controls the network scope from which the port can listen. (INetFwAuthorizedApplication.put_Scope)
put_Scope

Controls the network scope from which the port can listen. (INetFwOpenPort.put_Scope)
put_Scope

Controls the network scope from which remote administration is allowed. (Put)
put_Scope

Controls the network scope from which the port can listen. (INetFwService.put_Scope)
put_SecureFlags

Specifies which firewall verifications of security levels provided by IPsec must be guaranteed to allow the collection. The allowed values must correspond to those of the NET_FW_AUTHENTICATE_TYPE enumeration. (Put)
put_ServiceName

Specifies the service name property of the application. (Put)
put_UnicastResponsesToMulticastBroadcastDisabled

Indicates whether the firewall should not allow unicast responses to multicast and broadcast traffic. (INetFwPolicy2.put_UnicastResponsesToMulticastBroadcastDisabled)
put_UnicastResponsesToMulticastBroadcastDisabled

Indicates whether the firewall should not allow unicast responses to multicast and broadcast traffic. (INetFwProfile.put_UnicastResponsesToMulticastBroadcastDisabled)
Register

The Register method registers a third-party firewall product.
Remove

The Remove method removes the specified port mapping from the collection.
Remove

The Remove method removes an application from the collection.
Remove

Closes a port and removes it from the collection.
Remove

The Remove method removes a rule from the collection.
RemovePortMapping

The RemovePortMapping method removes a service port mapping from the list of mappings for this connection.
Rename

The Rename method renames this connection.
Reset

The Reset method causes subsequent enumeration calls to operate from the beginning of the enumeration. (IEnumNetSharingEveryConnection.Reset)
Reset

The Reset method causes subsequent enumeration calls to operate from the beginning of the enumeration. (IEnumNetSharingPortMapping.Reset)
Reset

The Reset method causes subsequent enumeration calls to operate from the beginning of the enumeration. (IEnumNetSharingPrivateConnection.Reset)
Reset

The Reset method causes subsequent enumeration calls to operate from the beginning of the enumeration. (IEnumNetSharingPublicConnection.Reset)
RestoreDefaults

Restores the local configuration to its default, installed state.
RestoreLocalFirewallDefaults

Restores the local firewall configuration to its default state.
RestrictService

The RestrictService method turns service restriction on or off for a given service.
ServiceRestricted

The ServiceRestricted method indicates whether service restriction rules are enabled to limit traffic to the resources specified by the firewall rules.
Skip

The Skip method skips the specified number of privately-shared connections for this enumeration. (IEnumNetSharingEveryConnection.Skip)
Skip

The Skip method skips the specified number of port mappings for this enumeration.
Skip

The Skip method skips the specified number of privately-shared connections for this enumeration. (IEnumNetSharingPrivateConnection.Skip)
Skip

The Skip method skips the specified number of publicly-shared connections for this enumeration.

Interfaces

 
IEnumNetSharingEveryConnection

The IEnumNetSharingEveryConnection interface provides methods for enumerating all the connections in the Connections folder.
IEnumNetSharingPortMapping

The IEnumNetSharingPortMapping interface provides methods to enumerate the port mappings for a particular connection.
IEnumNetSharingPrivateConnection

The IEnumNetSharingPrivateConnection interface provides methods for enumerating the currently configured privately-shared connections.
IEnumNetSharingPublicConnection

The IEnumNetSharingPublicConnection interface provides methods for enumerating the currently configured publicly-shared connections.
INATEventManager

The INATEventManager interface provides methods for NAT applications with UPnP technology to register callback interfaces with the NAT. The system calls the methods in these interfaces when the configuration of the NAT changes.
INATExternalIPAddressCallback

The INATExternalIPAddressCallback interface is implemented by the NAT application with UPnP technology. It provides a method that the system calls if the external IP address of the NAT computer changes.
INATNumberOfEntriesCallback

The INATNumberOfEntriesCallback interface provides a method that the system calls if the number of port mappings changes.
INetConnection

The INetConnection interface provides methods to manage network connections.
INetConnectionProps

Use the INetConnectionProps interface to retrieve the properties for a connection.
INetFwAuthorizedApplication

The INetFwAuthorizedApplication interface provides access to the properties of an application that has been authorized have openings in the firewall.
INetFwAuthorizedApplications

The INetFwAuthorizedApplications interface provides access to a collection of applications authorized open ports in the firewall.
INetFwIcmpSettings

The INetFwIcmpSettings interface provides access to the settings controlling ICMP packets.
INetFwMgr

The INetFwMgr interface provides access to the firewall settings for a computer.
INetFwOpenPort

The INetFwOpenPort interface provides access to the properties of a port that has been opened in the firewall.
INetFwOpenPorts

The INetFwOpenPorts interface is a standard Automation collection interface.
INetFwPolicy

The INetFwPolicy interface provides access to a firewall policy.
INetFwPolicy2

To access the firewall policy.
INetFwProduct

To access the properties of a third-party firewall registration.
INetFwProducts

To access the methods and properties for registering third-party firewall products with Windows Firewall and for enumerating registered products.
INetFwProfile

The INetFwProfile interface provides access to the firewall settings profile.
INetFwRemoteAdminSettings

The INetFwRemoteAdminSettings interface provides access to the settings that control remote administration.
INetFwRule

To the properties of a rule.
INetFwRule2

Allows an application or service to access all the properties of INetFwRule as well as the four edge properties of a firewall rule specified by NET_FW_EDGE_TRAVERSAL_TYPE.
INetFwRule3

Allows an application or service to access all the properties of INetFwRule2 and to provide access to the requirements of app containers.
INetFwRules

Collection of firewall rules.
INetFwService

The INetFwService interface provides access to the properties of a service that may be authorized to listen through the firewall.
INetFwServiceRestriction

Access to the Windows Service Hardening networking rules.
INetFwServices

The INetFwServices interface is a standard Automation interface which provides access to a collection of services that may be authorized to listen through the firewall.
INetSharingConfiguration

The INetSharingConfiguration interface provides methods to manage connection sharing, port mapping, and Internet Connection Firewall.
INetSharingEveryConnectionCollection

The INetSharingEveryConnectionCollection interface makes it possible for scripting languages such as VBScript and JScript to enumerate all the connections in the connections folder.
INetSharingManager

The INetSharingManager interface is the primary interface for the Manager object. INetSharingManager provides methods to determine if sharing is installed, to manage port mappings, and to obtain enumeration interfaces for public and private connections.
INetSharingPortMapping

The INetSharingPortMapping interface provides methods for managing a particular port mapping.
INetSharingPortMappingCollection

The INetSharingPortMappingCollection interface makes it possible for scripting languages such as VBScript and JScript to enumerate port mappings.
INetSharingPortMappingProps

The INetSharingPortMappingProps interface provides methods that retrieve and set the properties of a network connection port mapping.
INetSharingPrivateConnectionCollection

The INetSharingPrivateConnectionCollection interface makes it possible for scripting languages such as VBScript and JScript to enumerate private connections.
INetSharingPublicConnectionCollection

The INetSharingPublicConnectionCollection interface makes it possible for scripting languages such as VBScript and JScript to enumerate public connections.
IStaticPortMapping

The IStaticPortMapping interface provides methods to retrieve and change the information for a particular port mapping.
IStaticPortMappingCollection

The IStaticPortMappingCollection interface provides methods to manage the collection of static port mappings.
IUPnPNAT

The IUPnPNAT interface is the primary interface for managing Network Address Translation (NAT) with UPnP. The IUPnPNAT interface provides access directly or indirectly to all the other interfaces in the NAT API with UPnP technology.

Structures

 
FW_DYNAMIC_KEYWORD_ADDRESS_DATA0

Holds the data returned to the client when the Enumeration APIs are called.
FW_DYNAMIC_KEYWORD_ADDRESS0

Allows the client to create a dynamic keyword address, which holds a list of IP addresses.
INET_FIREWALL_AC_BINARIES

The INET_FIREWALL_AC_BINARIES structure contains the binary paths to applications running in an app container.
INET_FIREWALL_AC_BINARIES

The INET_FIREWALL_AC_BINARIES structure contains the binary paths to applications running in an app container. (INET_FIREWALL_AC_BINARIES)
INET_FIREWALL_AC_CAPABILITIES

The INET_FIREWALL_AC_CAPABILITIES structure contains information about the capabilities of an app container.
INET_FIREWALL_AC_CAPABILITIES

The INET_FIREWALL_AC_CAPABILITIES structure contains information about the capabilities of an app container. (INET_FIREWALL_AC_CAPABILITIES)
INET_FIREWALL_AC_CHANGE

The INET_FIREWALL_AC_CHANGE structure contains information about a change made to an app container. (INET_FIREWALL_AC_CHANGE)
INET_FIREWALL_AC_CHANGE

The INET_FIREWALL_AC_CHANGE structure contains information about a change made to an app container. (INET_FIREWALL_AC_CHANGE)
INET_FIREWALL_APP_CONTAINER

The INET_FIREWALL_APP_CONTAINER structure contains information about a specific app container. (INET_FIREWALL_APP_CONTAINER)
INET_FIREWALL_APP_CONTAINER

The INET_FIREWALL_APP_CONTAINER structure contains information about a specific app container. (INET_FIREWALL_APP_CONTAINER)
NETCON_PROPERTIES

The NETCON_PROPERTIES structure stores values that describe the properties of a network connection.