Skip to content

Commit

Permalink
Reinstate step to whitelist iotedged.exe in firewall when using Linux…
Browse files Browse the repository at this point in the history
… containers (#708)

For Linux containers iotedged.exe still listens on HTTP instead of UDS, so
the firewall exceptions are still needed.
  • Loading branch information
arsing authored Jan 10, 2019
1 parent 38ad63d commit 2f27ff6
Showing 1 changed file with 15 additions and 0 deletions.
15 changes: 15 additions & 0 deletions scripts/windows/setup/IotEdgeSecurityDaemon.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -265,6 +265,9 @@ function Install-SecurityDaemon {
Set-SystemPath
Add-IotEdgeRegistryKey
Install-Services
if ($ContainerOs -eq 'Linux') {
Add-FirewallExceptions
}

Write-HostGreen
Write-HostGreen 'This device is now provisioned with the IoT Edge runtime.'
Expand Down Expand Up @@ -883,6 +886,18 @@ function Uninstall-Services {
}
}

function Add-FirewallExceptions {
New-NetFirewallRule `
-DisplayName 'iotedged allow inbound 15580,15581' `
-Direction 'Inbound' `
-Action 'Allow' `
-Protocol 'TCP' `
-LocalPort '15580-15581' `
-Program "$EdgeInstallDirectory\iotedged.exe" `
-InterfaceType 'Any' | Out-Null
Write-HostGreen 'Added firewall exceptions for ports used by the IoT Edge service.'
}

function Remove-FirewallExceptions {
Remove-NetFirewallRule -DisplayName 'iotedged allow inbound 15580,15581' -ErrorAction SilentlyContinue -ErrorVariable cmdErr
Write-Verbose "$(if ($?) { 'Removed firewall exceptions' } else { $cmdErr })"
Expand Down

0 comments on commit 2f27ff6

Please sign in to comment.