/// <summary>
/// This function disables all firewall exceptions for the nodes.
/// </summary>
/// <param name="nodes">The nodes for which exceptions are to be disabled.</param>
/// <returns>true if exceptions are disabled false otherwise.</returns>
public static bool DisableFirewallSettings()
{
Firewall fw = new Firewall();
if (!fw.IsEnabled())
{
return(true);
}
fw.RemoveWindowsFabricRules();
return(true);
}
public void VerifyWindowsFirewallDisabledScenario()
{
string machineName = ".";
string serviceName = "MpsSvc";
Verify.IsTrue(FirewallUtility.IsAdminUser(), "user session is elevated.");
ServiceController windowsFirewallService = ServiceController.GetServices(machineName)
.SingleOrDefault(s => string.Equals(s.ServiceName, serviceName, StringComparison.OrdinalIgnoreCase));
if (windowsFirewallService == null)
{
Verify.Fail("Cannot proceed if windowsFirewallService is null");
}
if (windowsFirewallService.Status != ServiceControllerStatus.Stopped)
{
if (!windowsFirewallService.CanStop)
{
Console.WriteLine("Windows Firewall Service can not be stopped");
}
else
{
try
{
windowsFirewallService.Stop();
}
catch (InvalidOperationException e)
{
Verify.Fail(string.Format("Hit InvalidOperationException trying to call windowsFirewallService.Stop() : {0}", e));
throw;
}
windowsFirewallService.WaitForStatus(ServiceControllerStatus.Stopped);
}
}
try
{
Firewall fsFirewall = new Firewall();
}
catch (Exception ex)
{
Verify.Fail(ex.ToString());
}
if (windowsFirewallService.Status == ServiceControllerStatus.Stopped)
{
windowsFirewallService.Start();
windowsFirewallService.WaitForStatus(ServiceControllerStatus.Running);
}
}
/// <summary>
/// This function enables the firewall exceptions for all the nodes provied. The exceptions are for lease driver port, application ports and fabric process.
/// </summary>
/// <param name="nodes">The list of nodes for which exceptions need to be provided.</param>
/// <param name="isScaleMin">Whether te deployment is scale min or not.</param>
/// <param name="securitySection"> The security section which specifies what type of firewall profiles to set.</param>
/// <param name="removeRulesIfNotRequired">Should we delete the existing rules that are not required.</param>
/// <returns>true if exceptions are all enabled, false otherwise.</returns>
public static bool EnableFirewallSettings(List <NodeSettings> nodes, bool isScaleMin, SettingsOverridesTypeSection securitySection, bool removeRulesIfNotrequired)
{
Firewall fw = new Firewall();
if (!fw.IsEnabled())
{
return(true);
}
if (isScaleMin && NetworkApiHelper.IsAddressLoopback(nodes[0].IPAddressOrFQDN))
{
return(true);
}
List <FirewallRule> newRules = GetRulesForNodes(nodes, securitySection);
fw.UpdateRules(newRules, removeRulesIfNotrequired);
return(true);
}
internal static void CreateFirewallRule()
{
DeployerTrace.WriteInfo("Creating firewall rule {0} if required...", FirewallRuleName);
#if !DotNetCoreClrLinux
INetFwPolicy2 fwPolicy2 = GetFirewallPolicy();
if (fwPolicy2 == null)
{
string message = StringResources.Warning_FabricDeployer_DockerDnsSetup_ErrorGettingFirewallPolicy1;
DeployerTrace.WriteWarning(message);
throw new InvalidOperationException(message);
}
bool exists = DoesFirewallRuleExist(fwPolicy2);
if (exists)
{
DeployerTrace.WriteInfo("Firewall rule {0} already exists", FirewallRuleName);
return;
}
DeployerTrace.WriteInfo("Firewall rule {0} doesn't exist. Creating it...", FirewallRuleName);
NetFwRule rule = new NetFwRuleClass
{
Name = FirewallRuleName,
Grouping = FirewallGroupName,
Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
LocalPorts = PortNumber.ToString(),
Profiles = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL,
Description = FirewallRuleDescription,
LocalAddresses = "*",
RemoteAddresses = "*",
Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
Enabled = true,
};
fwPolicy2.Rules.Add(rule);
string details = "Name: {0}, Grouping: {1}, Protocol: {2}, Direction: {3}, LocalPorts: {4}, Profiles: {5}, LocalAddresses: {6}, RemoteAddresses: {7}, Action: {8}, Enabled: {9}"
.ToFormat(rule.Name, rule.Grouping, rule.Protocol, rule.Direction, rule.LocalPorts, rule.Profiles,
rule.LocalAddresses, rule.RemoteAddresses, rule.Action, rule.Enabled);
#else
Firewall fw = new Firewall();
FirewallRule rule = new FirewallRule()
{
Name = FirewallRuleName,
Ports = PortNumber.ToString(),
Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
Grouping = FirewallGroupName,
Profile = NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL
};
List <FirewallRule> newRules = new List <FirewallRule>()
{
rule
};
fw.UpdateRules(newRules, false);
string details = "Name: {0}, Grouping: {1}, Protocol: {2}, Direction: {3}, Ports: {4}, Profile: {5}"
.ToFormat(rule.Name, rule.Grouping, rule.Protocol, rule.Direction, rule.Ports, rule.Profile);
#endif
DeployerTrace.WriteInfo("Firewall rule {0} created.{1}Rule details: {2}", FirewallRuleName, Environment.NewLine, details);
}