Test disable firewall for interface

Author: nekohasekai

system.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"net"
 	"net/netip"
+	"runtime"
 	"syscall"
 	"time"
 
@@ -97,6 +98,12 @@ func (s *System) Close() error {
 }
 
 func (s *System) Start() error {
+	if runtime.GOOS == "windows" {
+		err := fixFirewall()
+		if err != nil {
+			return E.Cause(err, "fix windows firewall for system stack")
+		}
+	}
 	var listener net.ListenConfig
 	if s.bindInterface {
 		listener.Control = control.Append(listener.Control, func(network, address string, conn syscall.RawConn) error {

system_windows.go

@@ -0,0 +1,25 @@
+package tun
+
+import (
+	E "github.com/sagernet/sing/common/exceptions"
+	"os"
+
+	"github.com/sagernet/sing/common/shell"
+)
+
+func fixFirewall() error {
+	profiles := []string{"Public", "Private"}
+	for _, profile := range profiles {
+		output, err := shell.Exec("powershell.exe",
+			"New-NetFirewallRule", "-DisplayName", "sing-box: allow system tun stack for path "+os.Args[0],
+			"-Direction", "Inbound",
+			"-Program", os.Args[0],
+			"-Action", "Allow",
+			"-Profile", profile,
+		).CombinedOutput()
+		if err != nil {
+			return E.Extend(err, output)
+		}
+	}
+	return nil
+}