Friday, November 21, 2008

Copying Vista firewall rules

The Windows Firewall with Advanced Security in Vista has a way to export a list of rules, but it has no way to import rules. The only import I could see was for policies, and that to a warning that the current policy will be overwritten. So I searched through the registry for a rule name using regedit and I found HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules. All the rules are there, in human readable format.

I exported that to a .reg file. I used find "Dir=Out" to extract the outgoing rules I wanted and then I edited it in a text editor to remove some more rules and the registry file header. (Grep didn't work initially because the file was UTF-16. Find converted it to an 8 bit encoding but that was okay.) After importing the .reg file on another computer, the rules appeared in the console, but they were not in effect, and attempts to disable or enable them caused errors. I thought the firewall hadn't loaded the rules, so I rebooted. Finally everything worked properly.

No comments: