public static TestFirewallRule GetServiceFabricDNSRule()
{
string FirewallGroupName = FabricNodeFirewallRules.WindowsFabricGrouping;
string FirewallRuleName = FirewallGroupName + ".Dns.v1";
string FirewallRuleDescription = "Inbound rule for ServiceFabric DNS operations";
int PortNumber = 53;
NetFwRule rule = new NetFwRuleClass
{
Name = FirewallRuleName,
Grouping = FirewallGroupName,
Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
LocalPorts = PortNumber.ToString(),
Profiles = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL,
Description = FirewallRuleDescription,
LocalAddresses = "*",
RemoteAddresses = "*",
Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
Enabled = true,
};
TestFirewallRule dnsRule = new TestFirewallRule(rule);
return(dnsRule);
}
/// <summary>
/// Creates firewall rule to allow multi-ip containers
/// to communicate with each other.
/// </summary>
/// <returns></returns>
private bool CreateFirewallRule()
{
DeployerTrace.WriteInfo("Creating firewall rule {0}.", FlatNetworkConstants.FirewallRuleName);
INetFwPolicy2 fwPolicy2 = GetFirewallPolicy();
if (fwPolicy2 == null)
{
DeployerTrace.WriteError("Unable to get firewall policy.");
return(false);
}
bool exists = DoesFirewallRuleExist(fwPolicy2);
if (exists)
{
DeployerTrace.WriteInfo("Firewall rule {0} already exists.", FlatNetworkConstants.FirewallRuleName);
return(true);
}
NetFwRule rule = new NetFwRuleClass
{
Name = FlatNetworkConstants.FirewallRuleName,
Grouping = FlatNetworkConstants.FirewallGroupName,
Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
LocalPorts = FlatNetworkConstants.PortNumber.ToString(),
Profiles = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL,
Description = FlatNetworkConstants.FirewallRuleDescription,
Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
Enabled = true,
};
fwPolicy2.Rules.Add(rule);
string details = string.Format("Name: {0}, Grouping: {1}, Protocol: {2}, Direction: {3}, LocalPorts: {4}, Profiles: {5}, LocalAddresses: {6}, RemoteAddresses: {7}, Action: {8}, Enabled: {9}",
rule.Name,
rule.Grouping,
rule.Protocol,
rule.Direction,
rule.LocalPorts,
rule.Profiles,
rule.LocalAddresses,
rule.RemoteAddresses,
rule.Action,
rule.Enabled);
DeployerTrace.WriteInfo("Firewall rule {0} created.\nRule details: {1}.", FlatNetworkConstants.FirewallRuleName, details);
return(true);
}
internal static void CreateFirewallRule()
{
DeployerTrace.WriteInfo("Creating firewall rule {0} if required...", FirewallRuleName);
#if !DotNetCoreClrLinux
INetFwPolicy2 fwPolicy2 = GetFirewallPolicy();
if (fwPolicy2 == null)
{
string message = StringResources.Warning_FabricDeployer_DockerDnsSetup_ErrorGettingFirewallPolicy1;
DeployerTrace.WriteWarning(message);
throw new InvalidOperationException(message);
}
bool exists = DoesFirewallRuleExist(fwPolicy2);
if (exists)
{
DeployerTrace.WriteInfo("Firewall rule {0} already exists", FirewallRuleName);
return;
}
DeployerTrace.WriteInfo("Firewall rule {0} doesn't exist. Creating it...", FirewallRuleName);
NetFwRule rule = new NetFwRuleClass
{
Name = FirewallRuleName,
Grouping = FirewallGroupName,
Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
LocalPorts = PortNumber.ToString(),
Profiles = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL,
Description = FirewallRuleDescription,
LocalAddresses = "*",
RemoteAddresses = "*",
Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
Enabled = true,
};
fwPolicy2.Rules.Add(rule);
string details = "Name: {0}, Grouping: {1}, Protocol: {2}, Direction: {3}, LocalPorts: {4}, Profiles: {5}, LocalAddresses: {6}, RemoteAddresses: {7}, Action: {8}, Enabled: {9}"
.ToFormat(rule.Name, rule.Grouping, rule.Protocol, rule.Direction, rule.LocalPorts, rule.Profiles,
rule.LocalAddresses, rule.RemoteAddresses, rule.Action, rule.Enabled);
#else
Firewall fw = new Firewall();
FirewallRule rule = new FirewallRule()
{
Name = FirewallRuleName,
Ports = PortNumber.ToString(),
Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
Grouping = FirewallGroupName,
Profile = NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL
};
List <FirewallRule> newRules = new List <FirewallRule>()
{
rule
};
fw.UpdateRules(newRules, false);
string details = "Name: {0}, Grouping: {1}, Protocol: {2}, Direction: {3}, Ports: {4}, Profile: {5}"
.ToFormat(rule.Name, rule.Grouping, rule.Protocol, rule.Direction, rule.Ports, rule.Profile);
#endif
DeployerTrace.WriteInfo("Firewall rule {0} created.{1}Rule details: {2}", FirewallRuleName, Environment.NewLine, details);
}
