NsisFirewall plug-in

From NSIS Wiki

Author: Wizou (talk, contrib)


nsisFirewall Plugin Homepage - Version 1.1


nsisFirewall is a small NSIS plugin that allows you to perform easily 2 tasks :

  • Add an application to Windows Firewall exception list
  • Remove an application from Windows Firewall exception list

There exist already 2 NSIS plugins that deal with Windows built-in Firewall :

  • A big one providing a lot of functionalities : Most of them you will probably never use
  • A small one that can only disable/enable the firewall globally : This is a completely insecure idea !!! (nsisFirewall is even smaller than this one)

But what most installers requires is only a simple way to ensure the application about to be installed will be able to access Internet. And in particular :

  • You don't want to wonder if this version of Windows has a built-in Firewall : nsisFirewall can be used on all version of Windows and will report gracefully if the action could not be performed
  • You don't want to wonder if the built-in Firewall is currently enabled or not : Just register your application. So if the Firewall gets activated, you can still access Internet
  • You don't want to disable the Firewall globally, even temporarily : This is insecure ! Do you think the user would be happy with that ?
  • You don't need to open a specific port : By registering your application, you give it already full right to access Internet and listen to incoming connection

So here comes nsisFirewall


The following is taken from the readme file in the downloadable zip file:

nsisFirewall::AddAuthorizedApplication "<application path>" "<rule name>"
nsisFirewall::RemoveAuthorizedApplication "<application path>"

<application path> is the full path to the application you want to be authorized
	to access the network (or accept incoming connections)

<rule name> is the title that will be given to this exception entry in the
	firewall control panel list

Return Value

Those 2 functions returns an integer status on the top of the stack
Possible status are:
	0:  Action was performed successfully
	<0: An error occured (the value is an HRESULT error code, see MSDN for
	>0: this should never be returned (positive HRESULTs are success codes)

Common HRESULT values: 0x800706D9 - The firewall is not running, the exact error is "There are no more endpoints available from the endpoint mapper."


nsisFirewall Plugin Homepage

ZIP archive contains the plug-in DLL as well as documentation, source code and sample script

Personal tools