编程的改变IPsec规则用C＃方法？ [英] Methods of programatically altering ipsec rules with C#?

问题描述

我知道如何执行IPsec的变化，唯一的方法需要调用的netsh做的修改。有没有直接使用System.Management和WMI对象的方法？如果是这样，是什么呢？我有一个很难找到与MSDN相关WMI信息。

The only method I know how to execute IPsec changes involves calling netsh to do the changes. Is there a method using System.Management and WMI objects directly? If so, what is it? I am having a hard time finding relevant WMI information with MSDN.

或者是有一些其他有用的方法，有人在那里使用了？

Or is there some other useful method someone out there has used?

编辑：！我在C＃中的工作，并希望C＃示例对于基于.NET System.Management答案

I am working in C#, and would prefer C# examples with regard to .NET System.Management based answers.

感谢您

推荐答案

1）精确：WMI

EnableIPFilterSec WMI类的静态方法可以在所有绑定了IP的网络适配器全局启用IP安全性。启用的安全性，对于任何特定的适配器的安全特征可以与的EnableIPSec WMI类方法来改变。 MSDN前者的位置：

The EnableIPFilterSec WMI class static method can enable IP security globally across all IP-bound network adapters. With security enabled, security characteristics for any specific adapter can be altered with the EnableIPSec WMI class method. MSDN for the former here:

的 http://msdn.microsoft.com/en-us/library/aa390381%28VS.85%29.aspx

和参阅有关的EnableIPSec及其参数（允许你声明的端口和协议的列表）信息这个MSDN项：

And see this MSDN entry for information about EnableIPSec and its parameters (that allow you to declare a list of ports and protocols):

的 http://msdn.microsoft.com/en-us/library/aa390382%28VS。 85％29.aspx

最后，这是对WMI.NET代码目录，其中有使用System.Management的代码有用样本链接执行WQL查询。

Finally, this is a link to the WMI.NET code directory, where there are useful samples of code using System.Management to execute WQL queries.

http://msdn.microsoft.com/en-us/library/ms257338.aspx

请注意：

如果您需要更动广泛地与WQL测试您的ObjectQuery / SelectQuery System.Management对象，像我一样，给WBEMTEST一试。它是Windows Management Instrumentation测试，并使得写作，测试和磨炼WQL为您的应用程序更漂亮。

If you need to mess around extensively with WQL tests for your ObjectQuery/SelectQuery System.Management objects, as I did, give wbemtest a try. It is the Windows Management Instrumentation tester, and makes writing, testing, and honing WQL for your applications much nicer.

2）相关阅读：在Vista或更高版本编程更改防火墙使用FirewallAPI，INetFwRule接口，和其他任何人不得需要。

2) Related: Programmatic firewall changes on Vista or later using FirewallAPI, INetFwRule Interface, and anything else one may need.

在Vista或更高版本，使用FirewallAPI.dll是一个容易的选择，如果你需要安全功能，但不关心传统PolicyAgent将实施。

On Vista or later, using the FirewallAPI.dll is an easy option if you need ipsec functionality but don't care about the legacy PolicyAgent implementation.

我不知道这是在第一种选择，因为我不知道该高级防火墙在Vista中，后来真正融合了IPSec和防火墙世界粮食计划署（Windows过滤平台），并保持传统的IPSec实现通过PolicyAgent将去之内。

I did not realize this was an option at first because I did not know that the Advanced Firewall in Vista and later truly combines IPSec and firewalling within the WFP (Windows Filtering Platform), and keeps legacy IPSec implementations going through PolicyAgent.

这意味着使用FirewallAPI.dll能给安全的所有功能与状态防火墙，这正是我想要的情报。我只是添加黑名单规则（因为黑名单规则的优先级），并通过API在需要时添加到黑名单，世界粮食计划署开始丢弃流量。完成！

This means that using FirewallAPI.dll can give all the functionality of IPSec with the stateful intelligence of the firewall, which is exactly what I wanted. I just add blacklist rules (since blacklist rules take precedence), and add to the blacklist when needed through the API and WFP starts dropping the traffic. Done!

这篇关于编程的改变IPsec规则用C＃方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！