Improvement on firewall batch scripts #1030
Conversation
|
For you, my king- |
ImUrX
added
Area: Continuous Integration
|
Just did a quick test and indeed seems to fix the issue. Although the %CD% value does have to be correct (Right click as admin will run it from System32 and thus not specify the correct java binary). But this would have to be setup correctly in the installer I'd assume. |
Sadly just a skill issue on Window's part. |
|
@electromuis Try again! I think I fixed the issue with right clicking and using Run As Administrator... Also first, use uninstall_firewall a few times as I also added duplicate detection to the install script... So you might currently have duplicate rules. |
|
Just short, I think you need to allow javaw.exe and not java.exe do you have a way to confirm? |
...Look above, @electromuis had his issue fixed with java.exe being allowed (also some internet searches agree with this) |
You could do both, I believe we're only using java.exe though |
|
do we need to have the UAC prompt script? |
As discussed on the top post, firewall modification fails without admin perms. And besides, if the script is already given admin, the prompt is skipped |
iirc it's the best way to do it, batch scripts stink. I have worries about it having different behaviour in different versions of Windows but it's probably alright? |
|
It's been basically a tried and true method for most versions of windows... Atleast any that support UAC :P |
Well if it works then sweet at least Windows can do something good lmao, we already had a blunder with the installer crashing because we had the audacity to format JSON on Windows 7. This PR looks good to be, but not reviewing because I can't really thoroughly check it rn. May do so later. |
There was a problem hiding this comment.
Well i tested some Stuff on Windows 11 Version 22631.3593
I did not test the script itself. To this date.
For me Windows 11 only adds rules on Incomming to the firewall when i deny or allow the Program via popup. So not sure if this is different in the Version @electromuis uses.
| call :AddRule "SlimeVR TCP 21110 incoming" "dir=in action=allow protocol=TCP localport=21110 enable=yes" | ||
| call :AddRule "SlimeVR TCP 21110 outgoing" "dir=out action=allow protocol=TCP localport=21110 enable=yes" | ||
| rem OpenJDK Platform Binary access | ||
| call :AddRule "SlimeVR OpenJDK Platform incoming" "dir=in action=allow program=%~dp0jre\bin\java.exe enable=yes" |
There was a problem hiding this comment.
| call :AddRule "SlimeVR OpenJDK Platform incoming" "dir=in action=allow program=%~dp0jre\bin\java.exe enable=yes" |
My test on Windows 11 shows that trackers able to connect as long Outgoing is allowed.
It should be tested with other systems too
There was a problem hiding this comment.
Stated in other message, I just kept all the rules in the old script
| call :AddRule "SlimeVR UDP 35903 incoming" "dir=in action=allow protocol=UDP localport=35903 enable=yes" | ||
| call :AddRule "SlimeVR UDP 35903 outgoing" "dir=out action=allow protocol=UDP localport=35903 enable=yes" |
There was a problem hiding this comment.
| call :AddRule "SlimeVR UDP 35903 incoming" "dir=in action=allow protocol=UDP localport=35903 enable=yes" | |
| call :AddRule "SlimeVR UDP 35903 outgoing" "dir=out action=allow protocol=UDP localport=35903 enable=yes" |
I only see this port number used here in the code:
In a close statement, so don't think it is used anywhere
There was a problem hiding this comment.
To be fair, I kept all the rules already existing in the old script.
Let's go in a list here...
enable=yesDiscovery defauly porttoDiscovery default portBefore:
After:
(UAC prompt quickly appears. It's so fast I had to use
timeout 5to have a delay so I could screenshot)(User presses No, the script closes.)
(User presses Yes, script continues as below)