From 11a64ecc14a9e47e5272f4fc7e8a9023fd8c32f5 Mon Sep 17 00:00:00 2001 From: Shreyas Zare Date: Sat, 6 Nov 2021 13:27:44 +0530 Subject: [PATCH] WindowsService: moved firewall entry code from Program to DnsServiceWorker. Adding an extra default firewall rule for web console. --- DnsServerWindowsService/DnsServiceWorker.cs | 70 ++++++++++++ DnsServerWindowsService/Program.cs | 111 -------------------- 2 files changed, 70 insertions(+), 111 deletions(-) diff --git a/DnsServerWindowsService/DnsServiceWorker.cs b/DnsServerWindowsService/DnsServiceWorker.cs index 937573f1..a0a4c767 100644 --- a/DnsServerWindowsService/DnsServiceWorker.cs +++ b/DnsServerWindowsService/DnsServiceWorker.cs @@ -20,8 +20,10 @@ along with this program. If not, see . using DnsServerCore; using Microsoft.Extensions.Hosting; using System; +using System.Reflection; using System.Threading; using System.Threading.Tasks; +using TechnitiumLibrary.Net.Firewall; namespace DnsServerWindowsService { @@ -36,7 +38,10 @@ namespace DnsServerWindowsService public override Task StartAsync(CancellationToken cancellationToken) { + CheckFirewallEntries(); + _service.Start(); + return Task.CompletedTask; } @@ -56,5 +61,70 @@ namespace DnsServerWindowsService { return Task.CompletedTask; } + + private void CheckFirewallEntries() + { + string appPath = Assembly.GetEntryAssembly().Location; + + if (appPath.EndsWith(".dll", StringComparison.OrdinalIgnoreCase)) + appPath = appPath.Substring(0, appPath.Length - 4) + ".exe"; + + if (!WindowsFirewallEntryExists(appPath)) + AddWindowsFirewallEntry(appPath); + } + + private bool WindowsFirewallEntryExists(string appPath) + { + try + { + return WindowsFirewall.RuleExistsVista("", appPath) == RuleStatus.Allowed; + } + catch + { + return false; + } + } + + private bool AddWindowsFirewallEntry(string appPath) + { + try + { + RuleStatus status = WindowsFirewall.RuleExistsVista("", appPath); + + switch (status) + { + case RuleStatus.Blocked: + case RuleStatus.Disabled: + WindowsFirewall.RemoveRuleVista("", appPath); + break; + + case RuleStatus.Allowed: + return true; + } + + WindowsFirewall.AddRuleVista("Technitium DNS Server", "Allows incoming connection request to the DNS server.", FirewallAction.Allow, appPath, Protocol.ANY, null, null, null, null, InterfaceTypeFlags.All, true, Direction.Inbound, true); + + //add web console rule + try + { + WindowsFirewall.RemoveRuleVista("Technitium DNS Server Web Console", ""); + } + catch + { } + + try + { + WindowsFirewall.AddRuleVista("Technitium DNS Server Web Console", "Allows access to the DNS server web console.", FirewallAction.Allow, null, Protocol.TCP, _service.WebServiceHttpPort + ", " + _service.WebServiceTlsPort, null, null, null, InterfaceTypeFlags.All, true, Direction.Inbound, true); + } + catch + { } + + return true; + } + catch + { + return false; + } + } } } diff --git a/DnsServerWindowsService/Program.cs b/DnsServerWindowsService/Program.cs index 0398d680..dbf68f1a 100644 --- a/DnsServerWindowsService/Program.cs +++ b/DnsServerWindowsService/Program.cs @@ -19,9 +19,6 @@ along with this program. If not, see . using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Hosting; -using System; -using System.Reflection; -using TechnitiumLibrary.Net.Firewall; namespace DnsServerWindowsService { @@ -29,18 +26,6 @@ namespace DnsServerWindowsService { public static void Main(string[] args) { - #region check windows firewall entry - - string appPath = Assembly.GetEntryAssembly().Location; - - if (appPath.EndsWith(".dll", StringComparison.OrdinalIgnoreCase)) - appPath = appPath.Substring(0, appPath.Length - 4) + ".exe"; - - if (!WindowsFirewallEntryExists(appPath)) - AddWindowsFirewallEntry(appPath); - - #endregion - CreateHostBuilder(args).Build().Run(); } @@ -53,101 +38,5 @@ namespace DnsServerWindowsService }) .UseWindowsService(); } - - #region private - - private static bool WindowsFirewallEntryExists(string appPath) - { - switch (Environment.OSVersion.Platform) - { - case PlatformID.Win32NT: - if (Environment.OSVersion.Version.Major > 5) - { - //vista and above - try - { - return WindowsFirewall.RuleExistsVista("", appPath) == RuleStatus.Allowed; - } - catch - { - return false; - } - } - else - { - try - { - return WindowsFirewall.ApplicationExists(appPath) == RuleStatus.Allowed; - } - catch - { - return false; - } - } - - default: - return false; - } - } - - private static bool AddWindowsFirewallEntry(string appPath) - { - switch (Environment.OSVersion.Platform) - { - case PlatformID.Win32NT: - if (Environment.OSVersion.Version.Major > 5) - { - //vista and above - try - { - RuleStatus status = WindowsFirewall.RuleExistsVista("", appPath); - - switch (status) - { - case RuleStatus.Blocked: - case RuleStatus.Disabled: - WindowsFirewall.RemoveRuleVista("", appPath); - break; - - case RuleStatus.Allowed: - return true; - } - - WindowsFirewall.AddRuleVista("Technitium DNS Server", "Allow incoming connection request to the DNS server.", FirewallAction.Allow, appPath, Protocol.ANY, null, null, null, null, InterfaceTypeFlags.All, true, Direction.Inbound, true); - return true; - } - catch - { } - } - else - { - try - { - RuleStatus status = WindowsFirewall.ApplicationExists(appPath); - - switch (status) - { - case RuleStatus.Disabled: - WindowsFirewall.RemoveApplication(appPath); - break; - - case RuleStatus.Allowed: - return true; - } - - WindowsFirewall.AddApplication("Technitium DNS Server", appPath); - return true; - } - catch - { } - } - - break; - } - - return false; - } - - #endregion } }