private void RemoveRulesNotRequried(List <FirewallRule> newRules) { #if !DotNetCoreClrIOT List <string> rulesToBeDeleted = new List <string>(); foreach (var rule in this.rules) { NetFwRule fwRule = (NetFwRule)rule; if (fwRule == null) { continue; } if (FabricNodeFirewallRules.IsFabricFirewallRule(fwRule)) { if (newRules.All(newRule => newRule.Name != fwRule.Name)) // Firewall rule is not in the set of new rules { rulesToBeDeleted.Add(fwRule.Name); } } } foreach (string ruleToBeDeleted in rulesToBeDeleted) { rules.Remove(ruleToBeDeleted); } #endif }
public void RemoveWindowsFabricRules() { #if !DotNetCoreClrIOT List <string> windowsFabricRuleNames = new List <string>(); foreach (var rule in this.rules) { NetFwRule fwRule = (NetFwRule)rule; if (FabricNodeFirewallRules.IsFabricFirewallRule(fwRule)) { windowsFabricRuleNames.Add(fwRule.Name); } } foreach (var ruleName in windowsFabricRuleNames) { this.rules.Remove(ruleName); } #endif }
public static List <FirewallRule> GetRulesForNode(string nodeName, string leaseDriverPort, string applicationPorts, string httpGatewayPort, string httpAppGatewayPort, string fabricPath, string dcaPath, string fileStoreServicePath, string fabricGatewayPath, string fabricAppGatewayPath, string faultAnalysisServicePath, string backupRestoreServicePath, string fabricUpgradeServicePath, string fabricRepairServicePath, string fabricInfrastructureServicePath, string upgradeOrchestrationServicePath, string centralSecretServicePath, string eventStoreServicePath, string gatewayResourceManagerPath, string dynamicPorts, SettingsOverridesTypeSection securitySection) { FabricNodeFirewallRules nodeRules = new FabricNodeFirewallRules() { ApplicationPorts = applicationPorts, FabricPath = fabricPath, LeaseDriverPort = leaseDriverPort, NodeName = nodeName, DCAPath = dcaPath, FileStoreServicePath = fileStoreServicePath, HttpGatewayPort = httpGatewayPort, FabricGatewayPath = fabricGatewayPath, HttpAppGatewayPort = httpAppGatewayPort, FabricAppGatewayPath = fabricAppGatewayPath, FaultAnalysisServicePath = faultAnalysisServicePath, BackupRestoreServicePath = backupRestoreServicePath, FabricUpgradeServicePath = fabricUpgradeServicePath, FabricRepairServicePath = fabricRepairServicePath, FabricInfrastructureServicePath = fabricInfrastructureServicePath, UpgradeOrchestrationServicePath = upgradeOrchestrationServicePath, CentralSecretServicePath = centralSecretServicePath, EventStoreServicePath = eventStoreServicePath, GatewayResourceManagerPath = gatewayResourceManagerPath, DynamicPorts = dynamicPorts }; #if !DotNetCoreClrLinux && !DotNetCoreClrIOT policy = (INetFwPolicy2)Activator.CreateInstance(policyType); #endif fwProfileSet = GetAllRequiredProfiles(securitySection); List <FirewallRule> rules = new List <FirewallRule>(); #if !DotNetCoreClrLinux && !DotNetCoreClrIOT // Application Path specific rules are not valid for Linux AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricExceptionTemplate, nodeRules.FabricPath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricExceptionTemplate, nodeRules.FabricPath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricDCaExceptionTemplate, nodeRules.DCAPath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FileStoreServiceExceptionTemplate, nodeRules.FileStoreServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FileStoreServiceExceptionTemplate, nodeRules.FileStoreServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricGatewayExceptionTemplate, nodeRules.FabricGatewayPath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricGatewayExceptionTemplate, nodeRules.FabricGatewayPath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FaultAnalysisServiceExceptionTemplate, nodeRules.FaultAnalysisServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FaultAnalysisServiceExceptionTemplate, nodeRules.FaultAnalysisServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.BackupRestoreServiceExceptionTemplate, nodeRules.BackupRestoreServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.BackupRestoreServiceExceptionTemplate, nodeRules.BackupRestoreServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.UpgradeOrchestrationServiceExceptionTemplate, nodeRules.UpgradeOrchestrationServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.UpgradeOrchestrationServiceExceptionTemplate, nodeRules.UpgradeOrchestrationServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.CentralSecretServiceExceptionTemplate, nodeRules.CentralSecretServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.CentralSecretServiceExceptionTemplate, nodeRules.CentralSecretServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricUpgradeServiceExceptionTemplate, nodeRules.FabricUpgradeServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricUpgradeServiceExceptionTemplate, nodeRules.FabricUpgradeServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricRepairServiceExceptionTemplate, nodeRules.FabricRepairServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricRepairServiceExceptionTemplate, nodeRules.FabricRepairServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricInfrastructureServiceExceptionTemplate, nodeRules.FabricInfrastructureServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.FabricInfrastructureServiceExceptionTemplate, nodeRules.FabricInfrastructureServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.EventStoreServiceExceptionTemplate, nodeRules.EventStoreServicePath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.EventStoreServiceExceptionTemplate, nodeRules.EventStoreServicePath, FabricNodeFirewallRules.outDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.GatewayResourceManagerExceptionTemplate, nodeRules.GatewayResourceManagerPath, FabricNodeFirewallRules.inDirection); AddApplicationPathExceptionProfileRules(rules, nodeRules, FabricNodeFirewallRules.GatewayResourceManagerExceptionTemplate, nodeRules.GatewayResourceManagerPath, FabricNodeFirewallRules.outDirection); #endif AddLeaseDriverExceptionProfileRule(rules, nodeRules, FabricNodeFirewallRules.inDirection); AddLeaseDriverExceptionProfileRule(rules, nodeRules, FabricNodeFirewallRules.outDirection); if (!string.IsNullOrEmpty(httpGatewayPort)) { AddHttpGatewayExceptionProfilesRule(rules, nodeRules); } if (!string.IsNullOrEmpty(httpAppGatewayPort)) { AddHttpAppGatewayExceptionProfilesRule(rules, nodeRules); } if (!string.IsNullOrEmpty(applicationPorts)) { AddApplicationPortRangeExceptionProfileRules(rules, nodeRules); } if (!string.IsNullOrEmpty(dynamicPorts)) { AddDynamicPortRangeExceptionProfileRules(rules, nodeRules); } return(rules); }
private static void AddDynamicPortRangeExceptionProfileRules(List <FirewallRule> rules, FabricNodeFirewallRules nodeRules) { foreach (NET_FW_PROFILE_TYPE2_ fwProfile in fwProfileSet) { rules.Add(nodeRules.GetDynamicPortRangeExceptionRule(FabricNodeFirewallRules.inDirection, FabricNodeFirewallRules.ProtocolTcp, fwProfile)); rules.Add(nodeRules.GetDynamicPortRangeExceptionRule(FabricNodeFirewallRules.outDirection, FabricNodeFirewallRules.ProtocolTcp, fwProfile)); rules.Add(nodeRules.GetDynamicPortRangeExceptionRule(FabricNodeFirewallRules.inDirection, FabricNodeFirewallRules.ProtocolUdp, fwProfile)); rules.Add(nodeRules.GetDynamicPortRangeExceptionRule(FabricNodeFirewallRules.outDirection, FabricNodeFirewallRules.ProtocolUdp, fwProfile)); } }
private static void AddHttpAppGatewayExceptionProfilesRule(List <FirewallRule> rules, FabricNodeFirewallRules nodeRules) { foreach (NET_FW_PROFILE_TYPE2_ fwProfile in fwProfileSet) { rules.Add(nodeRules.GetHttpGatewayExceptionRule( FabricNodeFirewallRules.FabricHttpAppGatewayExceptionTemplate, nodeRules.HttpAppGatewayPort, FabricNodeFirewallRules.outDirection, fwProfile)); rules.Add(nodeRules.GetHttpGatewayExceptionRule( FabricNodeFirewallRules.FabricHttpAppGatewayExceptionTemplate, nodeRules.HttpAppGatewayPort, FabricNodeFirewallRules.inDirection, fwProfile)); } }
private static void AddLeaseDriverExceptionProfileRule(List <FirewallRule> rules, FabricNodeFirewallRules nodeRules, string direction) { foreach (NET_FW_PROFILE_TYPE2_ fwProfile in fwProfileSet) { rules.Add(nodeRules.GetLeaseDriverExceptionRule(direction, fwProfile)); } }
private static void AddApplicationPathExceptionProfileRules(List <FirewallRule> rules, FabricNodeFirewallRules nodeRules, string template, string path, string direction) { foreach (NET_FW_PROFILE_TYPE2_ fwProfile in fwProfileSet) { rules.Add(nodeRules.GetApplicationPathException(template, path, direction, fwProfile)); } }
public static List <FirewallRule> GetRulesForNode2(string nodeName, string clientConnectionPort, string serviceConnectionPort, string clusterConnectionPort, string clusterManagerReplicatorPort, string repairManagerReplicatorPort, string namingReplicatorPort, string failoverManagerReplicatorPort, string imageStoreServiceReplicatorPort, string upgradeServiceReplicatorPort) { List <FirewallRule> rules = new List <FirewallRule>(); FabricNodeFirewallRules nodeRules = new FabricNodeFirewallRules() { NodeName = nodeName, }; rules.Add(nodeRules.GetCustomTcpPortException(FabricNodeFirewallRules.ClientConnectionExceptionTemplate, clientConnectionPort, FabricNodeFirewallRules.inDirection)); rules.Add(nodeRules.GetCustomTcpPortException(FabricNodeFirewallRules.ClientConnectionExceptionTemplate, clientConnectionPort, FabricNodeFirewallRules.outDirection)); rules.Add(nodeRules.GetCustomTcpPortException(FabricNodeFirewallRules.ServiceConnectionExceptionTemplate, serviceConnectionPort, FabricNodeFirewallRules.inDirection)); rules.Add(nodeRules.GetCustomTcpPortException(FabricNodeFirewallRules.ServiceConnectionExceptionTemplate, serviceConnectionPort, FabricNodeFirewallRules.outDirection)); rules.Add(nodeRules.GetCustomTcpPortException(FabricNodeFirewallRules.ClusterConnectionExceptionTemplate, clusterConnectionPort, FabricNodeFirewallRules.inDirection)); rules.Add(nodeRules.GetCustomTcpPortException(FabricNodeFirewallRules.ClusterConnectionExceptionTemplate, clusterConnectionPort, FabricNodeFirewallRules.outDirection)); if (!string.IsNullOrEmpty(clusterManagerReplicatorPort)) { rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.ClusterManagerReplicatorEndpointExceptionTemplate, clusterManagerReplicatorPort, FabricNodeFirewallRules.inDirection)); rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.ClusterManagerReplicatorEndpointExceptionTemplate, clusterManagerReplicatorPort, FabricNodeFirewallRules.outDirection)); } if (!string.IsNullOrEmpty(repairManagerReplicatorPort)) { rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.RepairManagerReplicatorEndpointExceptionTemplate, repairManagerReplicatorPort, FabricNodeFirewallRules.inDirection)); rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.RepairManagerReplicatorEndpointExceptionTemplate, repairManagerReplicatorPort, FabricNodeFirewallRules.outDirection)); } if (!string.IsNullOrEmpty(namingReplicatorPort)) { rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.NamingReplicatorEndpointExceptionTemplate, namingReplicatorPort, FabricNodeFirewallRules.inDirection)); rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.NamingReplicatorEndpointExceptionTemplate, namingReplicatorPort, FabricNodeFirewallRules.outDirection)); } if (!string.IsNullOrEmpty(failoverManagerReplicatorPort)) { rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.FailoverManagerReplicatorEndpointExceptionTemplate, failoverManagerReplicatorPort, FabricNodeFirewallRules.inDirection)); rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.FailoverManagerReplicatorEndpointExceptionTemplate, failoverManagerReplicatorPort, FabricNodeFirewallRules.outDirection)); } if (!string.IsNullOrEmpty(imageStoreServiceReplicatorPort)) { rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.ImageStoreServiceReplicatorEndpointExceptionTemplate, imageStoreServiceReplicatorPort, FabricNodeFirewallRules.inDirection)); rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.ImageStoreServiceReplicatorEndpointExceptionTemplate, imageStoreServiceReplicatorPort, FabricNodeFirewallRules.outDirection)); } if (!string.IsNullOrEmpty(upgradeServiceReplicatorPort)) { rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.UpgradeServiceReplicatorEndpointExceptionTemplate, upgradeServiceReplicatorPort, FabricNodeFirewallRules.inDirection)); rules.Add( nodeRules.GetCustomTcpPortException( FabricNodeFirewallRules.UpgradeServiceReplicatorEndpointExceptionTemplate, upgradeServiceReplicatorPort, FabricNodeFirewallRules.outDirection)); } return(rules); }
private static List <FirewallRule> GetRulesForNodes(List <NodeSettings> nodes, SettingsOverridesTypeSection securitySection) { List <FirewallRule> newRules = new List <FirewallRule>(); foreach (NodeSettings setting in nodes) { string fabricPath = Path.Combine( setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.FabricService), Constants.ServiceExes[Constants.FabricService]); string dcaPath = Path.Combine( setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.DCAService), Constants.ServiceExes[Constants.DCAService]); string fileStoreServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FileStoreService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.FileStoreService]); string fabricGatewayPath = Path.Combine( setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.FabricService), Constants.ServiceExes[Constants.FabricGatewayService]); string fabricAppGatewayPath = Path.Combine( setting.DeploymentFoldersInfo.GetCodeDeploymentDirectory(Constants.FabricService), Constants.ServiceExes[Constants.FabricApplicationGatewayService]); string faultAnalysisServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FaultAnalysisService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.FaultAnalysisService]); #if !DotNetCoreClrLinux string backupRestoreServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.BackupRestoreService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.BackupRestoreService]); #else string backupRestoreServicePath = null; #endif string fabricUpgradeServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FabricUpgradeService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.FabricUpgradeService]); string fabricRepairServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FabricRepairManagerService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.FabricRepairManagerService]); string fabricInfrastructureServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.FabricInfrastructureService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.FabricInfrastructureService]); #if !DotNetCoreClrLinux && !DotNetCoreClrIOT string centralsecretServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.CentralSecretService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.CentralSecretService]); #else string centralsecretServicePath = null; #endif #if !DotNetCoreClrLinux string upgradeOrchestrationServicePath = Path.Combine( GetFabricSystemApplicationCodeFolder(setting.DeploymentFoldersInfo, Constants.UpgradeOrchestrationService, Constants.SystemServiceCodePackageName, Constants.SystemServiceCodePackageVersion), Constants.ServiceExes[Constants.UpgradeOrchestrationService]); #else string upgradeOrchestrationServicePath = null; #endif string leaseDriverPort = null; string applicationPortRange = null; string dynamicPortRange = null; string httpGatewayPort = null; string httpAppGatewayPort = null; GetPorts( setting, out leaseDriverPort, out applicationPortRange, out httpGatewayPort, out httpAppGatewayPort, out dynamicPortRange); var rulesForNode = FabricNodeFirewallRules.GetRulesForNode( setting.NodeName, leaseDriverPort, applicationPortRange, httpGatewayPort, httpAppGatewayPort, fabricPath, dcaPath, fileStoreServicePath, fabricGatewayPath, fabricAppGatewayPath, faultAnalysisServicePath, backupRestoreServicePath, fabricUpgradeServicePath, fabricRepairServicePath, fabricInfrastructureServicePath, upgradeOrchestrationServicePath, centralsecretServicePath, dynamicPortRange, securitySection); newRules.AddRange(rulesForNode); #if DotNetCoreClrLinux string clientConnectionPort = null; string clusterConnectionPort = null; string serviceConnectionPort = null; string clusterManagerReplicatorPort = null; string repairManagerReplicatorPort = null; string namingReplicatorPort = null; string failoverManagerReplicatorPort = null; string imageStoreServiceReplicatorPort = null; string upgradeServiceReplicatorPort = null; GetPorts2( setting, out clientConnectionPort, out serviceConnectionPort, out clusterConnectionPort, out clusterManagerReplicatorPort, out repairManagerReplicatorPort, out namingReplicatorPort, out failoverManagerReplicatorPort, out imageStoreServiceReplicatorPort, out upgradeServiceReplicatorPort); var rulesForNode2 = FabricNodeFirewallRules.GetRulesForNode2( setting.NodeName, clientConnectionPort, serviceConnectionPort, clusterConnectionPort, clusterManagerReplicatorPort, repairManagerReplicatorPort, namingReplicatorPort, failoverManagerReplicatorPort, imageStoreServiceReplicatorPort, upgradeServiceReplicatorPort); newRules.AddRange(rulesForNode2); #endif } return(newRules); }