Add and enable/disable Windows Firewall rules with Python












5















I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys
from subprocess import Popen, DEVNULL

def chkAdmin():
""" Force to start application with admin rights """
try:
isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
except AttributeError:
isAdmin = False
if not isAdmin:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

def addRule(rule_name, file_path):
""" Add rule to Windows Firewall """
subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "for", file_path, "added")

def modifyRule(rule_name, state):
""" Enable/Disable specific rule, 0 = Disable / 1 = Enable """
if state:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Enabled")
else:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Disabled")

chkAdmin()
addRule("RULE_NAME", "PATH_TO_FILE")
modifyRule("RULE_NAME", 1)









share|improve this question




















  • 1





    could it be this : stackoverflow.com/a/5486837/6212957

    – Feelsbadman
    Jan 9 at 7:23






  • 1





    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.

    – jpmc26
    2 days ago













  • Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.

    – sudo rm -rf slash
    2 days ago
















5















I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys
from subprocess import Popen, DEVNULL

def chkAdmin():
""" Force to start application with admin rights """
try:
isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
except AttributeError:
isAdmin = False
if not isAdmin:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

def addRule(rule_name, file_path):
""" Add rule to Windows Firewall """
subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "for", file_path, "added")

def modifyRule(rule_name, state):
""" Enable/Disable specific rule, 0 = Disable / 1 = Enable """
if state:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Enabled")
else:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Disabled")

chkAdmin()
addRule("RULE_NAME", "PATH_TO_FILE")
modifyRule("RULE_NAME", 1)









share|improve this question




















  • 1





    could it be this : stackoverflow.com/a/5486837/6212957

    – Feelsbadman
    Jan 9 at 7:23






  • 1





    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.

    – jpmc26
    2 days ago













  • Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.

    – sudo rm -rf slash
    2 days ago














5












5








5


3






I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys
from subprocess import Popen, DEVNULL

def chkAdmin():
""" Force to start application with admin rights """
try:
isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
except AttributeError:
isAdmin = False
if not isAdmin:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

def addRule(rule_name, file_path):
""" Add rule to Windows Firewall """
subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "for", file_path, "added")

def modifyRule(rule_name, state):
""" Enable/Disable specific rule, 0 = Disable / 1 = Enable """
if state:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Enabled")
else:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Disabled")

chkAdmin()
addRule("RULE_NAME", "PATH_TO_FILE")
modifyRule("RULE_NAME", 1)









share|improve this question
















I have this following module using for adding and enabling/disabling Windows Firewall rules using Python.



I currently use subprocess.call to execute the netsh command inside Python. I'm wondering if there is any better method to do this? Executing the cmd command inside Python seems to be impractical to me.



import subprocess, ctypes, os, sys
from subprocess import Popen, DEVNULL

def chkAdmin():
""" Force to start application with admin rights """
try:
isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
except AttributeError:
isAdmin = False
if not isAdmin:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

def addRule(rule_name, file_path):
""" Add rule to Windows Firewall """
subprocess.call("netsh advfirewall firewall add rule name="+ rule_name +" dir=out action=block enable=no program=" + file_path, shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "for", file_path, "added")

def modifyRule(rule_name, state):
""" Enable/Disable specific rule, 0 = Disable / 1 = Enable """
if state:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=yes", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Enabled")
else:
subprocess.call("netsh advfirewall firewall set rule name="+ rule_name +" new enable=no", shell=True, stdout=DEVNULL, stderr=DEVNULL)
print("Rule", rule_name, "Disabled")

chkAdmin()
addRule("RULE_NAME", "PATH_TO_FILE")
modifyRule("RULE_NAME", 1)






python python-3.x networking windows






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 days ago









200_success

129k15152414




129k15152414










asked Jan 9 at 7:19









phwtphwt

806




806








  • 1





    could it be this : stackoverflow.com/a/5486837/6212957

    – Feelsbadman
    Jan 9 at 7:23






  • 1





    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.

    – jpmc26
    2 days ago













  • Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.

    – sudo rm -rf slash
    2 days ago














  • 1





    could it be this : stackoverflow.com/a/5486837/6212957

    – Feelsbadman
    Jan 9 at 7:23






  • 1





    I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.

    – jpmc26
    2 days ago













  • Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.

    – sudo rm -rf slash
    2 days ago








1




1





could it be this : stackoverflow.com/a/5486837/6212957

– Feelsbadman
Jan 9 at 7:23





could it be this : stackoverflow.com/a/5486837/6212957

– Feelsbadman
Jan 9 at 7:23




1




1





I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.

– jpmc26
2 days ago







I would at least give PowerShell a look. It supports remote execution and is as close as you can get to a tool intended to manage Windows via script.

– jpmc26
2 days ago















Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.

– sudo rm -rf slash
2 days ago





Is it possible for these commands to fail? If netsh returns an error for any reason, it will go undetected (correct me if I'm wrong). At least assert things went smoothly even if you don't want to handle errors.

– sudo rm -rf slash
2 days ago










2 Answers
2






active

oldest

votes


















7














This seems OK



We can add a little flavor to it:




  1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



  2. Your modify rule, can be simplified



    The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



  3. Consider to chop up the lines, to make it a little more readable


  4. Functions and variables should be snake_case according to PEP8


  5. Use a if __name__ == '__main__' guard



  6. As mentioned, you could use os.system("command") instead of subprocess



    But honestly I would stick with subprocess, since it will give greater control over how commands are executed




Code



import subprocess, ctypes, os, sys
from subprocess import Popen, DEVNULL

def check_admin():
""" Force to start application with admin rights """
try:
isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
except AttributeError:
isAdmin = False
if not isAdmin:
ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

def add_rule(rule_name, file_path):
""" Add rule to Windows Firewall """
subprocess.call(
f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}",
shell=True,
stdout=DEVNULL,
stderr=DEVNULL
)
print(f"Rule {rule_name} for {file_path} added")

def modify_rule(rule_name, state):
""" Enable/Disable specific rule, 0 = Disable / 1 = Enable """
state, message = ("yes", "Enabled") if state else ("no", "Disabled")
subprocess.call(
f"netsh advfirewall firewall set rule name={rule_name} new enable={state}",
shell=True,
stdout=DEVNULL,
stderr=DEVNULL
)
print(f"Rule {rule_name} {message}")

if __name__ == '__main__':
check_admin()
add_rule("RULE_NAME", "PATH_TO_FILE")
modify_rule("RULE_NAME", 1)





share|improve this answer
























  • Thanks! and may I ask another question? Why you recommend against using string concatenation?

    – phwt
    2 days ago






  • 3





    Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)

    – Ludisposed
    2 days ago





















8














I agree with @Ludisposed answer, but you have a few subprocess gotchas:




  • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


  • Replace the old subprocess.call by subprocess.run;

  • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


Applying these changes to e.g. modify_rule can lead to:



def modify_rule(rule_name, enabled=True):
"""Enable or Disable a specific rule"""
subprocess.run(
[
'netsh', 'advfirewall', 'firewall',
'set', 'rule', f'name={rule_name}',
'new', f'enable={"yes" if enabled else "no"}',
],
check=True,
stdout=DEVNULL,
stderr=DEVNULL
)


Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






share|improve this answer























    Your Answer





    StackExchange.ifUsing("editor", function () {
    return StackExchange.using("mathjaxEditing", function () {
    StackExchange.MarkdownEditor.creationCallbacks.add(function (editor, postfix) {
    StackExchange.mathjaxEditing.prepareWmdForMathJax(editor, postfix, [["\$", "\$"]]);
    });
    });
    }, "mathjax-editing");

    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "196"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f211163%2fadd-and-enable-disable-windows-firewall-rules-with-python%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    7














    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    from subprocess import Popen, DEVNULL

    def check_admin():
    """ Force to start application with admin rights """
    try:
    isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    except AttributeError:
    isAdmin = False
    if not isAdmin:
    ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

    def add_rule(rule_name, file_path):
    """ Add rule to Windows Firewall """
    subprocess.call(
    f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} for {file_path} added")

    def modify_rule(rule_name, state):
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    subprocess.call(
    f"netsh advfirewall firewall set rule name={rule_name} new enable={state}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} {message}")

    if __name__ == '__main__':
    check_admin()
    add_rule("RULE_NAME", "PATH_TO_FILE")
    modify_rule("RULE_NAME", 1)





    share|improve this answer
























    • Thanks! and may I ask another question? Why you recommend against using string concatenation?

      – phwt
      2 days ago






    • 3





      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)

      – Ludisposed
      2 days ago


















    7














    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    from subprocess import Popen, DEVNULL

    def check_admin():
    """ Force to start application with admin rights """
    try:
    isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    except AttributeError:
    isAdmin = False
    if not isAdmin:
    ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

    def add_rule(rule_name, file_path):
    """ Add rule to Windows Firewall """
    subprocess.call(
    f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} for {file_path} added")

    def modify_rule(rule_name, state):
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    subprocess.call(
    f"netsh advfirewall firewall set rule name={rule_name} new enable={state}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} {message}")

    if __name__ == '__main__':
    check_admin()
    add_rule("RULE_NAME", "PATH_TO_FILE")
    modify_rule("RULE_NAME", 1)





    share|improve this answer
























    • Thanks! and may I ask another question? Why you recommend against using string concatenation?

      – phwt
      2 days ago






    • 3





      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)

      – Ludisposed
      2 days ago
















    7












    7








    7







    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    from subprocess import Popen, DEVNULL

    def check_admin():
    """ Force to start application with admin rights """
    try:
    isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    except AttributeError:
    isAdmin = False
    if not isAdmin:
    ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

    def add_rule(rule_name, file_path):
    """ Add rule to Windows Firewall """
    subprocess.call(
    f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} for {file_path} added")

    def modify_rule(rule_name, state):
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    subprocess.call(
    f"netsh advfirewall firewall set rule name={rule_name} new enable={state}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} {message}")

    if __name__ == '__main__':
    check_admin()
    add_rule("RULE_NAME", "PATH_TO_FILE")
    modify_rule("RULE_NAME", 1)





    share|improve this answer













    This seems OK



    We can add a little flavor to it:




    1. Don't use string concatenation, but use f"{strings}" or "{}".format(strings)



    2. Your modify rule, can be simplified



      The if else don't differ that much, you can use a (Python)ternary to calculate the variables beforehand



    3. Consider to chop up the lines, to make it a little more readable


    4. Functions and variables should be snake_case according to PEP8


    5. Use a if __name__ == '__main__' guard



    6. As mentioned, you could use os.system("command") instead of subprocess



      But honestly I would stick with subprocess, since it will give greater control over how commands are executed




    Code



    import subprocess, ctypes, os, sys
    from subprocess import Popen, DEVNULL

    def check_admin():
    """ Force to start application with admin rights """
    try:
    isAdmin = ctypes.windll.shell32.IsUserAnAdmin()
    except AttributeError:
    isAdmin = False
    if not isAdmin:
    ctypes.windll.shell32.ShellExecuteW(None, "runas", sys.executable, __file__, None, 1)

    def add_rule(rule_name, file_path):
    """ Add rule to Windows Firewall """
    subprocess.call(
    f"netsh advfirewall firewall add rule name={rule_name} dir=out action=block enable=no program={file_path}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} for {file_path} added")

    def modify_rule(rule_name, state):
    """ Enable/Disable specific rule, 0 = Disable / 1 = Enable """
    state, message = ("yes", "Enabled") if state else ("no", "Disabled")
    subprocess.call(
    f"netsh advfirewall firewall set rule name={rule_name} new enable={state}",
    shell=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )
    print(f"Rule {rule_name} {message}")

    if __name__ == '__main__':
    check_admin()
    add_rule("RULE_NAME", "PATH_TO_FILE")
    modify_rule("RULE_NAME", 1)






    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered 2 days ago









    LudisposedLudisposed

    7,20321959




    7,20321959













    • Thanks! and may I ask another question? Why you recommend against using string concatenation?

      – phwt
      2 days ago






    • 3





      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)

      – Ludisposed
      2 days ago





















    • Thanks! and may I ask another question? Why you recommend against using string concatenation?

      – phwt
      2 days ago






    • 3





      Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)

      – Ludisposed
      2 days ago



















    Thanks! and may I ask another question? Why you recommend against using string concatenation?

    – phwt
    2 days ago





    Thanks! and may I ask another question? Why you recommend against using string concatenation?

    – phwt
    2 days ago




    3




    3





    Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)

    – Ludisposed
    2 days ago







    Sure,.. it has no significant influence, but it does read a lot smoother, especially with the introduction of f"{strings}". (Python 3.6+)

    – Ludisposed
    2 days ago















    8














    I agree with @Ludisposed answer, but you have a few subprocess gotchas:




    • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


    • Replace the old subprocess.call by subprocess.run;

    • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


    Applying these changes to e.g. modify_rule can lead to:



    def modify_rule(rule_name, enabled=True):
    """Enable or Disable a specific rule"""
    subprocess.run(
    [
    'netsh', 'advfirewall', 'firewall',
    'set', 'rule', f'name={rule_name}',
    'new', f'enable={"yes" if enabled else "no"}',
    ],
    check=True,
    stdout=DEVNULL,
    stderr=DEVNULL
    )


    Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






    share|improve this answer




























      8














      I agree with @Ludisposed answer, but you have a few subprocess gotchas:




      • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


      • Replace the old subprocess.call by subprocess.run;

      • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


      Applying these changes to e.g. modify_rule can lead to:



      def modify_rule(rule_name, enabled=True):
      """Enable or Disable a specific rule"""
      subprocess.run(
      [
      'netsh', 'advfirewall', 'firewall',
      'set', 'rule', f'name={rule_name}',
      'new', f'enable={"yes" if enabled else "no"}',
      ],
      check=True,
      stdout=DEVNULL,
      stderr=DEVNULL
      )


      Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






      share|improve this answer


























        8












        8








        8







        I agree with @Ludisposed answer, but you have a few subprocess gotchas:




        • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


        • Replace the old subprocess.call by subprocess.run;

        • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


        Applying these changes to e.g. modify_rule can lead to:



        def modify_rule(rule_name, enabled=True):
        """Enable or Disable a specific rule"""
        subprocess.run(
        [
        'netsh', 'advfirewall', 'firewall',
        'set', 'rule', f'name={rule_name}',
        'new', f'enable={"yes" if enabled else "no"}',
        ],
        check=True,
        stdout=DEVNULL,
        stderr=DEVNULL
        )


        Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.






        share|improve this answer













        I agree with @Ludisposed answer, but you have a few subprocess gotchas:




        • You don't need to spawn a shell in order to run the command, simply build your command as a list of arguments and it will be fine. This is especially important if your rules names may contains spaces as the command would be treated entirelly differently in your implementation;


        • Replace the old subprocess.call by subprocess.run;

        • You may be interested to run subprocess.run by specifying check=True in order to generate an exception and be alerted if something does not go according to plan.


        Applying these changes to e.g. modify_rule can lead to:



        def modify_rule(rule_name, enabled=True):
        """Enable or Disable a specific rule"""
        subprocess.run(
        [
        'netsh', 'advfirewall', 'firewall',
        'set', 'rule', f'name={rule_name}',
        'new', f'enable={"yes" if enabled else "no"}',
        ],
        check=True,
        stdout=DEVNULL,
        stderr=DEVNULL
        )


        Also note that I removed the print call from the function as it impairs reusability. If the caller want this kind of messages, it should be responsible for printing them, not this function.







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered 2 days ago









        Mathias EttingerMathias Ettinger

        23.9k33182




        23.9k33182






























            draft saved

            draft discarded




















































            Thanks for contributing an answer to Code Review Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            Use MathJax to format equations. MathJax reference.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fcodereview.stackexchange.com%2fquestions%2f211163%2fadd-and-enable-disable-windows-firewall-rules-with-python%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            "Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

            Alcedinidae

            Origin of the phrase “under your belt”?