Better Firewall Support

[CloudCUBE]

Hi all,

 

I thought i'd share this with anyone interested.

TCAdmin has built in Windows Firewall support but it was very vague so i wrote a script to make it a little more precise.

 

Source Game Firewall Creation

Event: Before Create and After move

netsh advfirewall firewall add rule name="ID:%ThisService_ServiceId% USER:%ThisUser_UserName% GAME:%ThisService_GameShortName% IP/PORT:%ThisService_ConnectionInfo% UDP" dir=in action=allow program="%ThisService_Executable%" localport="%ThisService_GamePort%,%ThisService_QueryPort%" protocol=UDP

netsh advfirewall firewall add rule name="ID:%ThisService_ServiceId% USER:%ThisUser_UserName% GAME:%ThisService_GameShortName% IP/PORT:%ThisService_ConnectionInfo% TCP" dir=in action=allow program="%ThisService_Executable%" localport="%ThisService_RConPort%" protocol=TCP

 

This opens up the UDP Game and Query Port and the RCON TCP Port for the gameserver executable (srcds.exe)

 

Event: After Delete and Before Move

netsh advfirewall firewall delete rule name="ID:%ThisService_ServiceId% USER:%ThisUser_UserName% GAME:%ThisService_GameShortName% IP/PORT:%ThisService_ConnectionInfo% UDP%"

netsh advfirewall firewall delete rule name="ID:%ThisService_ServiceId% USER:%ThisUser_UserName% GAME:%ThisService_GameShortName% IP/PORT:%ThisService_ConnectionInfo% TCP%"

 

Just removes the rule when the server is moved to different hardware within TCAdmin or the server is deleted in general.

 

Here's a simple minecraft one.

Event: Before Create and After Move

netsh advfirewall firewall add rule name="ID:%ThisService_ServiceId% USER:%ThisUser_UserName% GAME:%ThisService_GameShortName% IP/PORT:%ThisService_ConnectionInfo% TCP" dir=in action=allow program="%ThisService_Executable%" localport="%ThisService_GamePort%,%ThisService_RConPort%,%ThisService_CustomPort1%,%ThisService_CustomPort2%,%ThisService_CustomPort3%,%ThisService_CustomPort4%,%ThisService_CustomPort5%" protocol=TCP

 

Pretty much the same as the srcds one but allows more ports for things such as dynmap.

 

Hopefully someone finds this useful.

 

Tested and works for Windows Server 2008 R2 and Windows Server 2012.

[gijs007]

Thanks, this is great.

 

I just have one question, how can we trigger these rules when we do a fresh install of a box?

We can reinstall TCadmin and copy all the gameserver files back, but their servers won't work because the firewall rules wouldn't be there.

 

Which means we'd manually have to add them or reinstall the services. Which is not convenient at all.

 

Update: NVM, just export the firewall rules in the Windows Firewall and import them again.

Edited October 4, 2017 by gijs007