2

I am trying to write automation to a little project that I'm doing in work. In the proccess I need to disable Windows Firewall (for every Windows version) using python (I prefer activepython because it already installed).

I looked for many answers but I didn't found any answer that suits my needs.

I found this site: https://mail.python.org/pipermail/python-win32/2012-July/012434.html But the problem is that when I check from the control panel the actual disabling of Firewall is not happening...

Can someone help me with this problem?

Improve this question
3
  • Please state "your needs" for us to be able to guess what might "suit" them. 1) do you need to stop/disable the Windows Firewall service or set its settings to "off" as seen in firewall.cpl? If the latter - for all network interfaces or only specific ones? 2) what are you trying to achieve? There's likely a better way than a Python program (like Group Policy or a regular command line). Commented Jan 30, 2016 at 17:09
  • netsh.exe works for me in Windows 10, e.g. subprocess.check_call('netsh.exe advfirewall set publicprofile state off'). The default profiles are "domainprofile", "privateprofile", and "publicprofile", and the state is either "on" or "off". Commented Jan 31, 2016 at 5:33
  • @ivan_pozdeev - I need to set it to "off" as seen in firewall.cpl Commented Feb 2, 2016 at 12:45

4 Answers 4

Reset to default
2

The best way to do it would be using WMI:

import wmi,os

c = wmi.WMI("WinMgmts:\root\Microsoft\HomeNet")

for obj in c.HNet_ConnectionProperties():
    print obj
    print obj.IsFirewalled
    obj.IsFirewalled = False
    obj.Put_()

Of course to do this you will need to be running the program as an administrator.

Hope this helps,

Jason.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This disables FW for each connection ("advanced" tab in UI) rather than globally.
2

Ways to control Windows Firewall - both with UI and programmatically - are covered extensively in the Windows Firewall Tools and Settings MSDN article. They are:

  • Registry settings at

    • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\<profile> (local settings) and
    • HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\<profile> (group policy settings).

    Changing a setting has an instant effect: the Firewall service sets up notifications for the keys apparently.

  • Facilities that work with the settings:

    • COM interface HNetCfg.FwMgr
    • netsh firewall (netsh advfirewall for Advanced Firewall)
    • WMI winmgmts:root/Microsoft/HomeNet
    • %windir%\Inf\Netfw.inf (absent unless created manually)

firewall.cpl reflects the local registry settings (or overriding Group Policy ones if they are present and doesn't allow to change them) and the currently active profile (for predefined profiles and how one is selected, see How Windows Firewall Works, "Windows Firewall Profile Determination" section for XP/2003 and Understanding Firewall Profiles for Vista+).

Python can work with any of the aforementioned facilities. Though other tools (Group Policy, .reg files, netsh command line) may be more convenient depending on your task (e.g. netsh auto-selects the active profile).

Improve this answer

Comments

1

The simplest approach is to have another program do the work for you. In this case, netsh.exe has a set of commands to control the Advanced Firewall that's used by Windows Vista and later. For example:

import subprocess
subprocess.check_call('netsh.exe advfirewall set publicprofile state off')

The default profiles are "domainprofile", "privateprofile", and "publicprofile", and the state is either "on" or "off".

Improve this answer

2 Comments

Only works if Advanced Firewall is installed. The profiles names are for Vista+.
@ivan_pozdeev, thanks for the catch, I no longer write answers for XP since I don't have an XP VM to test on and, frankly, wouldn't be bothered to do so even if I did. I would not recommend modifying the registry directly, and using COM (e.g. INetFwPolicy2) is not something I'd recommend because the light approach, comtypes (extension of ctypes) is a bit half baked, and the alternative, PyWin32, is a large dependency to add to a project, plus there's the cost of learning basic COM programming. Using netsh is simple and reliable.
-2 
# -*- coding: utf-8 -*-
'''
State for configuring Windows Firewall
'''


def __virtual__():
'''
Load if the module firewall is loaded
'''
return 'win_firewall' if 'firewall.get_config' in __salt__ else False


def disabled(name):
'''
Disable all the firewall profiles (Windows only)
'''
ret = {'name': name,
       'result': True,
       'changes': {},
       'comment': ''}

# Determine what to do
action = False
current_config = __salt__['firewall.get_config']()
for key in current_config:
    if current_config[key]:
        action = True
        ret['changes'] = {'fw': 'disabled'}
        break

if __opts__['test']:
    ret['result'] = None
    return ret

# Disable it
if action:
    ret['result'] = __salt__['firewall.disable']()
    if not ret['result']:
        ret['comment'] = 'Could not disable the FW'
else:
    ret['comment'] = 'All the firewall profiles are disabled'

return ret
Improve this answer

1 Comment

I had a little problem with this code, can you explain what are you doing? Do I need external modules?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.