/// <summary>
/// This function enables the firewall exceptions for all the nodes provied. The exceptions are for lease driver port, application ports and fabric process.
/// </summary>
/// <param name="nodes">The list of nodes for which exceptions need to be provided.</param>
/// <param name="isScaleMin">Whether te deployment is scale min or not.</param>
/// <param name="securitySection"> The security section which specifies what type of firewall profiles to set.</param>
/// <param name="removeRulesIfNotRequired">Should we delete the existing rules that are not required.</param>
/// <returns>true if exceptions are all enabled, false otherwise.</returns>
public static bool EnableFirewallSettings(List <NodeSettings> nodes, bool isScaleMin, SettingsOverridesTypeSection securitySection, bool removeRulesIfNotrequired)
{
Firewall fw = new Firewall();
if (!fw.IsEnabled())
{
return(true);
}
if (isScaleMin && NetworkApiHelper.IsAddressLoopback(nodes[0].IPAddressOrFQDN))
{
return(true);
}
List <FirewallRule> newRules = GetRulesForNodes(nodes, securitySection);
fw.UpdateRules(newRules, removeRulesIfNotrequired);
return(true);
}
internal static void CreateFirewallRule()
{
DeployerTrace.WriteInfo("Creating firewall rule {0} if required...", FirewallRuleName);
#if !DotNetCoreClrLinux
INetFwPolicy2 fwPolicy2 = GetFirewallPolicy();
if (fwPolicy2 == null)
{
string message = StringResources.Warning_FabricDeployer_DockerDnsSetup_ErrorGettingFirewallPolicy1;
DeployerTrace.WriteWarning(message);
throw new InvalidOperationException(message);
}
bool exists = DoesFirewallRuleExist(fwPolicy2);
if (exists)
{
DeployerTrace.WriteInfo("Firewall rule {0} already exists", FirewallRuleName);
return;
}
DeployerTrace.WriteInfo("Firewall rule {0} doesn't exist. Creating it...", FirewallRuleName);
NetFwRule rule = new NetFwRuleClass
{
Name = FirewallRuleName,
Grouping = FirewallGroupName,
Protocol = (int)NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
LocalPorts = PortNumber.ToString(),
Profiles = (int)NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL,
Description = FirewallRuleDescription,
LocalAddresses = "*",
RemoteAddresses = "*",
Action = NET_FW_ACTION_.NET_FW_ACTION_ALLOW,
Enabled = true,
};
fwPolicy2.Rules.Add(rule);
string details = "Name: {0}, Grouping: {1}, Protocol: {2}, Direction: {3}, LocalPorts: {4}, Profiles: {5}, LocalAddresses: {6}, RemoteAddresses: {7}, Action: {8}, Enabled: {9}"
.ToFormat(rule.Name, rule.Grouping, rule.Protocol, rule.Direction, rule.LocalPorts, rule.Profiles,
rule.LocalAddresses, rule.RemoteAddresses, rule.Action, rule.Enabled);
#else
Firewall fw = new Firewall();
FirewallRule rule = new FirewallRule()
{
Name = FirewallRuleName,
Ports = PortNumber.ToString(),
Protocol = NET_FW_IP_PROTOCOL_.NET_FW_IP_PROTOCOL_UDP,
Direction = NET_FW_RULE_DIRECTION_.NET_FW_RULE_DIR_IN,
Grouping = FirewallGroupName,
Profile = NET_FW_PROFILE_TYPE2_.NET_FW_PROFILE2_ALL
};
List <FirewallRule> newRules = new List <FirewallRule>()
{
rule
};
fw.UpdateRules(newRules, false);
string details = "Name: {0}, Grouping: {1}, Protocol: {2}, Direction: {3}, Ports: {4}, Profile: {5}"
.ToFormat(rule.Name, rule.Grouping, rule.Protocol, rule.Direction, rule.Ports, rule.Profile);
#endif
DeployerTrace.WriteInfo("Firewall rule {0} created.{1}Rule details: {2}", FirewallRuleName, Environment.NewLine, details);
}
