Add and enable/disable Windows Firewall rules with Python












5












$begingroup$


I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys

from subprocess import Popen, DEVNULL



def chkAdmin():

    """ Force to start application with admin rights """

    try:

        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()

    except AttributeError:

        isAdmin = False

    if not isAdmin:

        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)



def addRule(rule_name, file_path):

    """ Add rule to Windows Firewall """

    subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)

    print("Rule", rule_name, "for", file_path, "added")



def modifyRule(rule_name, state):

    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """

    if state:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Enabled")

    else:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Disabled")



chkAdmin()

addRule("RULE_NAME", "PATH_TO_FILE")

modifyRule("RULE_NAME", 1)





python python-3.x networking windows







share|improve this question











$endgroup$








  • 1




    $begingroup$
    could it be this : stackoverflow.com/a/5486837/6212957
    $endgroup$
    – Feelsbadman
    Jan 9 at 7:23






  • 1




    $begingroup$
    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.
    $endgroup$
    – jpmc26
    Jan 9 at 10:37












  • $begingroup$
    Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.
    $endgroup$
    – sudo rm -rf slash
    Jan 9 at 17:35
















5












$begingroup$


I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys

from subprocess import Popen, DEVNULL



def chkAdmin():

    """ Force to start application with admin rights """

    try:

        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()

    except AttributeError:

        isAdmin = False

    if not isAdmin:

        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)



def addRule(rule_name, file_path):

    """ Add rule to Windows Firewall """

    subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)

    print("Rule", rule_name, "for", file_path, "added")



def modifyRule(rule_name, state):

    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """

    if state:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Enabled")

    else:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Disabled")



chkAdmin()

addRule("RULE_NAME", "PATH_TO_FILE")

modifyRule("RULE_NAME", 1)





python python-3.x networking windows







share|improve this question











$endgroup$








  • 1




    $begingroup$
    could it be this : stackoverflow.com/a/5486837/6212957
    $endgroup$
    – Feelsbadman
    Jan 9 at 7:23






  • 1




    $begingroup$
    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.
    $endgroup$
    – jpmc26
    Jan 9 at 10:37












  • $begingroup$
    Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.
    $endgroup$
    – sudo rm -rf slash
    Jan 9 at 17:35














5












5








5


3



$begingroup$


I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys

from subprocess import Popen, DEVNULL



def chkAdmin():

    """ Force to start application with admin rights """

    try:

        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()

    except AttributeError:

        isAdmin = False

    if not isAdmin:

        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)



def addRule(rule_name, file_path):

    """ Add rule to Windows Firewall """

    subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)

    print("Rule", rule_name, "for", file_path, "added")



def modifyRule(rule_name, state):

    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """

    if state:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Enabled")

    else:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Disabled")



chkAdmin()

addRule("RULE_NAME", "PATH_TO_FILE")

modifyRule("RULE_NAME", 1)





python python-3.x networking windows







share|improve this question











$endgroup$




I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys

from subprocess import Popen, DEVNULL



def chkAdmin():

    """ Force to start application with admin rights """

    try:

        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()

    except AttributeError:

        isAdmin = False

    if not isAdmin:

        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)



def addRule(rule_name, file_path):

    """ Add rule to Windows Firewall """

    subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)

    print("Rule", rule_name, "for", file_path, "added")



def modifyRule(rule_name, state):

    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """

    if state:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Enabled")

    else:

        subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)

        print("Rule", rule_name, "Disabled")



chkAdmin()

addRule("RULE_NAME", "PATH_TO_FILE")

modifyRule("RULE_NAME", 1)





python python-3.x networking windows




python python-3.x networking windows






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Jan 9 at 19:24









200_success

129k15152415




129k15152415










asked Jan 9 at 7:19









phwtphwt

806




806








  • 1




    $begingroup$
    could it be this : stackoverflow.com/a/5486837/6212957
    $endgroup$
    – Feelsbadman
    Jan 9 at 7:23






  • 1




    $begingroup$
    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.
    $endgroup$
    – jpmc26
    Jan 9 at 10:37












  • $begingroup$
    Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.
    $endgroup$
    – sudo rm -rf slash
    Jan 9 at 17:35














  • 1




    $begingroup$
    could it be this : stackoverflow.com/a/5486837/6212957
    $endgroup$
    – Feelsbadman
    Jan 9 at 7:23






  • 1




    $begingroup$
    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.
    $endgroup$
    – jpmc26
    Jan 9 at 10:37












  • $begingroup$
    Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.
    $endgroup$
    – sudo rm -rf slash
    Jan 9 at 17:35








1




1




$begingroup$
could it be this : stackoverflow.com/a/5486837/6212957
$endgroup$
– Feelsbadman
Jan 9 at 7:23




$begingroup$
could it be this : stackoverflow.com/a/5486837/6212957
$endgroup$
– Feelsbadman
Jan 9 at 7:23




1




1




$begingroup$
I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.
$endgroup$
– jpmc26
Jan 9 at 10:37






$begingroup$
I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.
$endgroup$
– jpmc26
Jan 9 at 10:37














$begingroup$
Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.
$endgroup$
– sudo rm -rf slash
Jan 9 at 17:35




$begingroup$
Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.
$endgroup$
– sudo rm -rf slash
Jan 9 at 17:35










2 Answers
2






active

oldest

votes


















7












$begingroup$

This seems OK



We can add a little flavor to it:




  1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



  2. Your modify rule, can be simplified



    The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



  3. Consider to chop up the lines, to make it a little more readable


  4. Functions and variables should be snake_case according to PEP8


  5. Use a if __name__ == '__main__' guard



  6. As mentioned, you could use os.system("command") instead of subprocess



    But honestly I would stick with subprocess, since it will give greater control over how commands are executed




Code



import subprocess, ctypes, os, sys

from subprocess import Popen, DEVNULL



def check_admin():

    """ Force to start application with admin rights """

    try:

        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()

    except AttributeError:

        isAdmin = False

    if not isAdmin:

        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)



def add_rule(rule_name, file_path):

    """ Add rule to Windows Firewall """

    subprocess.call(

        f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}", 

        shell=True, 

        stdout=DEVNULL, 

        stderr=DEVNULL

    )

    print(f"Rule {rule_name} for {file_path} added")



def modify_rule(rule_name, state):

    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """

    state, message = ("yes", "Enabled") if state else ("no", "Disabled")

    subprocess.call(

        f"netsh advfirewall firewall set rule name={rule_name} new enable={state}", 

        shell=True, 

        stdout=DEVNULL, 

        stderr=DEVNULL

    )

    print(f"Rule {rule_name} {message}")



if __name__ == '__main__':

    check_admin()

    add_rule("RULE_NAME", "PATH_TO_FILE")

    modify_rule("RULE_NAME", 1)





share|improve this answer









$endgroup$













  • $begingroup$
    Thanks! and may I ask another question? Why you recommend against using string concatenation?
    $endgroup$
    – phwt
    Jan 9 at 8:55






  • 3




    $begingroup$
    Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)
    $endgroup$
    – Ludisposed
    Jan 9 at 9:02





















8












$begingroup$

I agree with @Ludisposed answer, but you have a few subprocess gotchas:




  • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


  • Replace the old subprocess.call by subprocess.run;

  • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


Applying these changes to e.g. modify_rule can lead to:



def modify_rule(rule_name, enabled=True):

    """Enable or Disable a specific rule"""

    subprocess.run(

        [

            'netsh', 'advfirewall', 'firewall',

            'set', 'rule', f'name={rule_name}',

            'new', f'enable={"yes" if enabled else "no"}',

        ],

        check=True,

        stdout=DEVNULL,

        stderr=DEVNULL

    )


Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






share|improve this answer









$endgroup$













    Your Answer





    StackExchange.ifUsing("editor", function () {
    return StackExchange.using("mathjaxEditing", function () {
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
    });
    });
    }, "mathjax-editing");

    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "196"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f211163%2fadd-and-enable-disable-windows-firewall-rules-with-python%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    7












    $begingroup$

    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    
from subprocess import Popen, DEVNULL
    

    
def check_admin():
    
    """ Force to start application with admin rights """
    
    try:
    
        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    
    except AttributeError:
    
        isAdmin = False
    
    if not isAdmin:
    
        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
    

    
def add_rule(rule_name, file_path):
    
    """ Add rule to Windows Firewall """
    
    subprocess.call(
    
        f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} for {file_path} added")
    

    
def modify_rule(rule_name, state):
    
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    
    subprocess.call(
    
        f"netsh advfirewall firewall set rule name={rule_name} new enable={state}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} {message}")
    

    
if __name__ == '__main__':
    
    check_admin()
    
    add_rule("RULE_NAME", "PATH_TO_FILE")
    
    modify_rule("RULE_NAME", 1)





    share|improve this answer









    $endgroup$













    • $begingroup$
      Thanks! and may I ask another question? Why you recommend against using string concatenation?
      $endgroup$
      – phwt
      Jan 9 at 8:55






    • 3




      $begingroup$
      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)
      $endgroup$
      – Ludisposed
      Jan 9 at 9:02


















    7












    $begingroup$

    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    
from subprocess import Popen, DEVNULL
    

    
def check_admin():
    
    """ Force to start application with admin rights """
    
    try:
    
        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    
    except AttributeError:
    
        isAdmin = False
    
    if not isAdmin:
    
        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
    

    
def add_rule(rule_name, file_path):
    
    """ Add rule to Windows Firewall """
    
    subprocess.call(
    
        f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} for {file_path} added")
    

    
def modify_rule(rule_name, state):
    
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    
    subprocess.call(
    
        f"netsh advfirewall firewall set rule name={rule_name} new enable={state}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} {message}")
    

    
if __name__ == '__main__':
    
    check_admin()
    
    add_rule("RULE_NAME", "PATH_TO_FILE")
    
    modify_rule("RULE_NAME", 1)





    share|improve this answer









    $endgroup$













    • $begingroup$
      Thanks! and may I ask another question? Why you recommend against using string concatenation?
      $endgroup$
      – phwt
      Jan 9 at 8:55






    • 3




      $begingroup$
      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)
      $endgroup$
      – Ludisposed
      Jan 9 at 9:02
















    7












    7








    7





    $begingroup$

    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    
from subprocess import Popen, DEVNULL
    

    
def check_admin():
    
    """ Force to start application with admin rights """
    
    try:
    
        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    
    except AttributeError:
    
        isAdmin = False
    
    if not isAdmin:
    
        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
    

    
def add_rule(rule_name, file_path):
    
    """ Add rule to Windows Firewall """
    
    subprocess.call(
    
        f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} for {file_path} added")
    

    
def modify_rule(rule_name, state):
    
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    
    subprocess.call(
    
        f"netsh advfirewall firewall set rule name={rule_name} new enable={state}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} {message}")
    

    
if __name__ == '__main__':
    
    check_admin()
    
    add_rule("RULE_NAME", "PATH_TO_FILE")
    
    modify_rule("RULE_NAME", 1)





    share|improve this answer









    $endgroup$



    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    
from subprocess import Popen, DEVNULL
    

    
def check_admin():
    
    """ Force to start application with admin rights """
    
    try:
    
        isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    
    except AttributeError:
    
        isAdmin = False
    
    if not isAdmin:
    
        ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)
    

    
def add_rule(rule_name, file_path):
    
    """ Add rule to Windows Firewall """
    
    subprocess.call(
    
        f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} for {file_path} added")
    

    
def modify_rule(rule_name, state):
    
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    
    subprocess.call(
    
        f"netsh advfirewall firewall set rule name={rule_name} new enable={state}", 
    
        shell=True, 
    
        stdout=DEVNULL, 
    
        stderr=DEVNULL
    
    )
    
    print(f"Rule {rule_name} {message}")
    

    
if __name__ == '__main__':
    
    check_admin()
    
    add_rule("RULE_NAME", "PATH_TO_FILE")
    
    modify_rule("RULE_NAME", 1)






    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Jan 9 at 8:23









    LudisposedLudisposed

    7,28521959




    7,28521959












    • $begingroup$
      Thanks! and may I ask another question? Why you recommend against using string concatenation?
      $endgroup$
      – phwt
      Jan 9 at 8:55






    • 3




      $begingroup$
      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)
      $endgroup$
      – Ludisposed
      Jan 9 at 9:02




















    • $begingroup$
      Thanks! and may I ask another question? Why you recommend against using string concatenation?
      $endgroup$
      – phwt
      Jan 9 at 8:55






    • 3




      $begingroup$
      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)
      $endgroup$
      – Ludisposed
      Jan 9 at 9:02


















    $begingroup$
    Thanks! and may I ask another question? Why you recommend against using string concatenation?
    $endgroup$
    – phwt
    Jan 9 at 8:55




    $begingroup$
    Thanks! and may I ask another question? Why you recommend against using string concatenation?
    $endgroup$
    – phwt
    Jan 9 at 8:55




    3




    3




    $begingroup$
    Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)
    $endgroup$
    – Ludisposed
    Jan 9 at 9:02






    $begingroup$
    Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)
    $endgroup$
    – Ludisposed
    Jan 9 at 9:02















    8












    $begingroup$

    I agree with @Ludisposed answer, but you have a few subprocess gotchas:




    • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


    • Replace the old subprocess.call by subprocess.run;

    • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


    Applying these changes to e.g. modify_rule can lead to:



    def modify_rule(rule_name, enabled=True):
    
    """Enable or Disable a specific rule"""
    
    subprocess.run(
    
        [
    
            'netsh', 'advfirewall', 'firewall',
    
            'set', 'rule', f'name={rule_name}',
    
            'new', f'enable={"yes" if enabled else "no"}',
    
        ],
    
        check=True,
    
        stdout=DEVNULL,
    
        stderr=DEVNULL
    
    )


    Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






    share|improve this answer









    $endgroup$


















      8












      $begingroup$

      I agree with @Ludisposed answer, but you have a few subprocess gotchas:




      • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


      • Replace the old subprocess.call by subprocess.run;

      • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


      Applying these changes to e.g. modify_rule can lead to:



      def modify_rule(rule_name, enabled=True):
      
    """Enable or Disable a specific rule"""
      
    subprocess.run(
      
        [
      
            'netsh', 'advfirewall', 'firewall',
      
            'set', 'rule', f'name={rule_name}',
      
            'new', f'enable={"yes" if enabled else "no"}',
      
        ],
      
        check=True,
      
        stdout=DEVNULL,
      
        stderr=DEVNULL
      
    )


      Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






      share|improve this answer









      $endgroup$
















        8












        8








        8





        $begingroup$

        I agree with @Ludisposed answer, but you have a few subprocess gotchas:




        • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


        • Replace the old subprocess.call by subprocess.run;

        • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


        Applying these changes to e.g. modify_rule can lead to:



        def modify_rule(rule_name, enabled=True):
        
    """Enable or Disable a specific rule"""
        
    subprocess.run(
        
        [
        
            'netsh', 'advfirewall', 'firewall',
        
            'set', 'rule', f'name={rule_name}',
        
            'new', f'enable={"yes" if enabled else "no"}',
        
        ],
        
        check=True,
        
        stdout=DEVNULL,
        
        stderr=DEVNULL
        
    )


        Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






        share|improve this answer









        $endgroup$



        I agree with @Ludisposed answer, but you have a few subprocess gotchas:




        • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


        • Replace the old subprocess.call by subprocess.run;

        • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


        Applying these changes to e.g. modify_rule can lead to:



        def modify_rule(rule_name, enabled=True):
        
    """Enable or Disable a specific rule"""
        
    subprocess.run(
        
        [
        
            'netsh', 'advfirewall', 'firewall',
        
            'set', 'rule', f'name={rule_name}',
        
            'new', f'enable={"yes" if enabled else "no"}',
        
        ],
        
        check=True,
        
        stdout=DEVNULL,
        
        stderr=DEVNULL
        
    )


        Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 9 at 9:47









        Mathias EttingerMathias Ettinger

        24k33182




        24k33182






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Code Review Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            Use MathJax to format equations. MathJax reference.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f211163%2fadd-and-enable-disable-windows-firewall-rules-with-python%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            How to change which sound is reproduced for terminal bell?

            Image
            3 Recently upgrade to 18.10 from 18.04, and using the terminal is becoming annoying: the new alert sound is a drip ( /usr/share/sounds/gnome/default/alerts/drip.ogg ), and the previous one is still located at ( /usr/share/sounds/ubuntu/stereo/bell.ogg ). My issue is that at the gnome-terminal, when autocompleting or pressing left BOTH sounds are reproduced, at the same time. I want to just have ubuntu/stereo/bell.ogg active, not both . At the moment I have been only able to reduce the volume of the alerts (but still both are played), or turn the alerts down (but I dislike both "solutions"). gnome-terminal 18.10 teminal-bell share | improve this question
            Read more

            Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

            Image
            up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx
            Read more

            Can I use Tabulator js library in my java Spring + Thymeleaf project?

            Image
            0 I want to add Tabulator js to my java project. I added tabulator.min.js, tabulator.min.css to resources folder. After that added to my html page these dependencies as recommending in readme.md. <link rel="stylesheet" th:href="@{/css/tabulator.min.css}"> <script type="text/javascript" th:src="@{/js/tabulator.min.js}"></script> Now my tables view all elements, that I have in the html page, but not correct. In the documentation of Tabulator is example how to create header and table, var table = new Tabulator("#example-table", { columns:[ {title:"Name", field:"name", sorter:"string", width:200, editor:true}, {title:"Age", field:"age", sorter:"
            Read more