Dışarıya aktar (0) Yazdır
Tümünü Genişlet
Bu içerik dilinizde bulunmamaktadır ancak İngilizce sürümüne buradan bakabilirsiniz.

Add Firewall Rules By Using a Startup Task

Updated: November 13, 2013

Custom firewall settings can be configured by using a startup task.

In Windows Azure, there are effectively two firewalls. The first firewall controls connections between the virtual machine and the outside world. This is controlled by the Endpoints element in the ServiceDefinition.csdef file. For more information on Endpoints in the ServiceDefinition.csdef file, see Define Input Endpoints for a Role and Define Internal Endpoints for a Role.

The second firewall controls connections between the virtual machine and the processes within that virtual machine. This is controlled by the netsh advfirewall firewall command line tool, and is the focus of this article.

Windows Azure creates firewall rules for the processes started within your roles. For example, when you start a service or program, Windows Azure automatically creates the necessary firewall rules to allow that service to communicate with the Internet. However, if you create a service that is started by a process outside your role (for example, a COM+ service, or a program that starts by using the Windows Scheduler), you will need to manually create a firewall rule to allow access to that service. These firewall rules can be created by using a startup task.

A startup task that creates a firewall rule must have an executionContext of elevated.


<Task commandLine="AddFirewallRules.cmd" executionContext="elevated" taskType="simple" />

To add the firewall rule, you must use the appropriate netsh advfirewall firewall commands in your startup batch file. In this example, the startup task requires security and encryption for TCP port 80.


REM   Add a firewall rule in a startup task.

REM   Add an inbound rule requiring security and encryption for TCP port 80 traffic.
netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow >> "%TEMP%\StartupLog.txt" 2>&1

REM   If an error occurred, return the errorlevel.
EXIT /B %errorlevel%

See Also

© 2014 Microsoft