Results 1 to 39 of 39

Thread: Netsh add rule command not working

  1. #1

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Netsh add rule command not working

    I'm trying to use vb.net to make calls to Netsh.exe and things are not going as they should. When I type the command into an Admin Powershell, it returns "Ok.". Which is what it does when the command is successful. But after that I go to the Windows Firewall and export the rules to a text file. And after I "supposedly" made a successful command, the rule is not found in the exported Firewall rules.

    Here's the command I used...
    Code:
    netsh advfirewall firewall add rule name="Everything" dir=in action=allow program="F:\Program Files\Everything\Everything.exe"
    And the path points to the correct file (rule name is not supposed to matter). I've been pounding on this for almost a week and I can't get it to work. What am I missing here. Netsh shows that the command was a success, but the rule is nowhere to be found in the Firewall???

    I have almost all the commands I need working. The exception, however is adding (and removing) an application rule. I'm guessing if I can ever get the "add" command to work, the "delete rule" won't be a problem.

    Thank you in advance for any help!

  2. #2
    Lively Member Grant Swinger's Avatar
    Join Date
    Jul 2015
    Posts
    71

    Re: Netsh add rule command not working

    Try adding "enable=yes" to the end of your command. Like this:

    Code:
    args = "advfirewall firewall add rule name=""" & "UDP-Receiver""" & " dir=in action=allow program=""" & Application.StartupPath & "\bin\udp-receiver.exe""" & " enable=yes"
    It's an example from working program I wrote.

  3. #3
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    What part of this is about VB.NET? Your post makes it sound like the problem is reproducible when manually entering the above command you posted via a command line, which would seem to rule out any interaction with VB.NET at that point.

    In any event, per the below article, I would suggest adding enable=yes at the end of the command and see if that makes a difference.

    https://support.microsoft.com/en-us/...d-of-the-netsh

  4. #4

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Thank you very much. I will try that right now and get back with you

  5. #5

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Here's what I did to make the Firewall take the command:
    Code:
    netsh advfirewall firewall add rule name="Everything" dir=in action=allow program="F:\Program Files\Everything\Everything.exe" enable=yes
    But I still don't see the rule in the firewall.

    OptionBase1: I guess I was trying to not do a lot of explaining, but guess I will then. I am testing the Netsh commands from an Admin Powershell or Dos prompt. Because if it doesn't work there, it won't work in code. That's the way I got all the other commands to work. Once I verify that it works, I put it into a VbScript file, then compile it to an exe and use the executable in my vb.net program.

    This is the ultimate end of where all this is going...
    Code:
       Private Sub AllowProgramAccess(FilePath As String, FlieName As String)
            Dim AppPath As String = Application.StartupPath
            Dim AddTarget As String = AppPath & "\AddRule.exe"
            Dim BlockTarget As String = AppPath & "\BlockProgram.exe"
            Dim retVal As Integer = -3
    
    
            Dim startInfo As New ProcessStartInfo
            If AllowAccess Then
                startInfo.FileName = AddTarget
            Else
                startInfo.FileName = BlockTarget
            End If
    
            startInfo.Arguments = FlieName & " " & FilePath
            startInfo.UseShellExecute = False
            startInfo.RedirectStandardOutput = True
            startInfo.CreateNoWindow = True
            Try
                Dim p As Process = Process.Start(startInfo)
                p.WaitForExit()
                If AllowAccess Then
                    MsgBox("Added: " & FlieName & " to Whitelist")
                Else
                    MsgBox(FlieName & " removed from  Whitelist")
                End If
            Catch ex As Exception
                MsgBox(ex.Message)
            End Try
    
            Visible = False
            AllowAccess = False
        End Sub
    But the end result was the same after I added "enabled=yes" The rule was still not found in the Firewall in inbound or outbound rules.

    I'm going to keep trying to make it work...

  6. #6
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    I understood your process, and fully agree with it. Gotta get it to work manually before you try to automate it in code.

    Your explanation is exactly why I was questioning your decision to post this thread in the VB.NET forum. The problem itself has nothing to do with VB.NET.

  7. #7
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    Did you try cycling the Windows Firewall service to see if that makes the rule visible?

    Have you searched in the registry after issuing the command to see if the rule shows up there?

    HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

  8. #8

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    You are correct and I confess that I thought that was probably the case. But I've just been working on this for a while and have not got it to work yet. Everything else works, why not this??

    if a Mod or Admin decides to move it somewhere (although I don't know where that would be...) I will be fine with it.

    Has anyone been about to get it to work from the command line and be able to find the rule in the Firewall?? I'm running out of things to try. But I can: block all ports, open all ports, dump the interface, reset the Firewall, and view all the TCP ports being used.

  9. #9

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Missed your last message OptionBase1. That's a good idea about checking the registry, I will do that right now. Thanks for letting me know where it is, lol

  10. #10
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    For the sake of thoroughness, what OS are you running?

  11. #11

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Ok, I'm using Windows 10, so I'm using: "netsh advfirewall" instead of "netsh firewall". And I just got through checking the rules in the registry and it is not found there either (sigh).

  12. #12

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Forgot to say that the Firewall is returning "Ok." with this command. And I'm using "enabled=yes" at the end...
    Code:
    netsh advfirewall firewall add rule name="Everything" dir=in action=allow program="F:\Program Files\Everything\Everything.exe" enable=yes

  13. #13
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    All of your testing is being done running things as Administrator, right?

  14. #14

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Yes, the commands won't work at all if you are not running Powershell and Dos Prompt at the elevated Admin rights

  15. #15
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    So, are you sanitizing the path and rule name to "Everything" for the purposes of posting in the forum? Is the path you are actually using in your testing valid (exists)?

  16. #16

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    I'm just using that as my testing base before trying to do it with parameters. But the software is there and the path to the software is correct. And Everything is a cool piece of software. It can find files on the hard drive faster than any other search tool. I've been using it for many years...

  17. #17

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    And BTW: Thanks a lot for your help. As you might can tell, I was pulling my hair out on this one because it doesn't make sense!

  18. #18
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    Have you tried using a path to a different exe file for the sake of trying something different, like the path to notepad.exe.

  19. #19

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    I've done that before, yes, but let me try it again just to make sure.... brb

  20. #20
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    Anything unusual about your F: drive? Just tossing out thoughts at this point.

  21. #21

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Ok, I just tried it with one of my apps that I know would not be in the Firewall rules, and the result is the same. The firewall tells me I've successfully entered a command, but the rule doesn't make it to the Firewall

  22. #22
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    Have you checked through the relevant log sources in Event Viewer to see if it is showing anything? Is it possible that the firewall rules pertaining to application/program rules are being configured via group policy and are prohibited from being modified manually?

  23. #23

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    I just had a thought though. When I look at the dump of Firewall rules, none of the rules has a "Text" type name. Here's an example of one of the rule names: [TWag5fCoOlOW8z]. And they all look like that.. Does that tell us anything? Seems like it might have some importance in what we are dealing with???

  24. #24

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Oops, read my last message. I'm going to check out the event viewer. Good Idea!

  25. #25
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    I've never examined a firewall rule export file before, so I can't help with that.

    Do the rule names look "correct" in the registry? Or do that show up the same as in the exported file?

  26. #26

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Ok, the Event Viewer is clean. And I've done all this enough that there would be a lot of errors there, but there were only 2 entries and they were "Information" entries. I looked in the registry and ALL of the rule names are like the one I showed you,

  27. #27
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    When you were looking for the newly added rule in the registry, were you just eyeballing the list of rule names or were you having regedit do a full search for the .exe name that your rule was adding?

  28. #28

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Haha, I just did a search, just in case and it did not fine any of the files that I've been testing. Will try it the slow way next and see if there's an occurrence of that last filename anywhere

  29. #29
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    Have you ever used Process Monitor from Microsoft? Its a bit overwhelming to use for the first time, but it might shed light on what is going on behind the scenes.

  30. #30
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    I came up with this troubleshooting method back when I was an IT intern in the late 1990's. I call it the poop search.

    Add a new rule where the filename is poop.exe (make sure the file exists). Then search your entire registry for references to poop.exe.

    The idea is, there almost certainly will never be anything in the registry with a name or value of poop, so it weeds out any irrelevant results.

  31. #31

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Haha... I'm laughing away. Sounds like something I would think of. I'll do that. BRB when I'm finished

  32. #32

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Ok, done. I only searched HKEY_LOCAL_MACHINE, and nothing was found, but I will do the whole registry after sending this

  33. #33
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    If you add the same rule manually in the Windows Firewall gui interface, can that rule be found in the registry?

  34. #34

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    I've never tried that. Let me see. Give me a sec...

  35. #35
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    Probably should have asked this 30 posts earlier, but if you've been doing all kinds of testing with these netsh firewall commands today, have you rebooted to clean the slate at any point?

  36. #36

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Yes, I've been rebooting often with this, just in case. When I added the rule manually through the Firewall software, it worked fine. I name have the rule in there and it's about the only rule that isn't a long weird group of letters. So, what does that tell us??? I really don't know at this point. What do you think?

  37. #37
    PowerPoster
    Join Date
    Nov 2017
    Posts
    3,116

    Re: Netsh add rule command not working

    No idea. And unfortunately, I don't have a Windows 10 device here to test with myself. I guess I would suggest familiarizing yourself with Process Monitor (if you aren't already), and get a full capture of all activity from right before you enter that netsh command to right after you get the OK response and then start digging in to the events that are captured. There will be thousands if not 10's of thousands of events captured, and so, after you've captured all these events, you will likely want to start the examination process by adding a "process name" filter that only shows events that come from netsh.exe

    That's about all I can offer at this point, good luck. If you track down the cause, please post the resolution here.

  38. #38

    Thread Starter
    PowerPoster
    Join Date
    Feb 2016
    Location
    Tennessee
    Posts
    2,437

    Re: Netsh add rule command not working

    Sounds good. I'll let you go cause it's getting late. Thank you so much for your help. I really appreciate it. You have a great night my friend. Bye for now....

  39. #39
    Super Moderator si_the_geek's Avatar
    Join Date
    Jul 2002
    Location
    Bristol, UK
    Posts
    41,929

    Re: Netsh add rule command not working

    Quote Originally Posted by jumper77 View Post
    if a Mod or Admin decides to move it somewhere (although I don't know where that would be...) I will be fine with it.
    Thread moved to the 'General Developer' forum.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width