Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable the use of remote ip addresses in Windows Firewall exception #608

Merged
merged 1 commit into from
Oct 10, 2020
Merged

Enable the use of remote ip addresses in Windows Firewall exception #608

merged 1 commit into from
Oct 10, 2020

Conversation

siku4
Copy link

@siku4 siku4 commented Sep 28, 2020

I was looking for a way to limit the Windows Firewall exception (added by the installer) to the remote IP address of our prometheus server to prevent uninvolved systems from accessing the metrics endpoint. This could also be of interest to other users who want to roll out windows_exporter on a large number of machines (e.g. SCCM).

I've never used WiX before but found the <fw:RemoteAddress> tag and added a CLI property. I have successfully tested the following cases:

  • msiexec /i <path-to-msi-file> REMOTE_ADDR=<ip-address-1>: Adds one IP address to Remote IP address in FW rule
  • msiexec /i <path-to-msi-file> REMOTE_ADDR=<ip-address-1>,<ip-address-2>: Adds two IP addresses to Remote IP address in FW rule
  • msiexec /i <path-to-msi-file>: Leaves the option Any IP address activated

@carlpett
Copy link
Collaborator

carlpett commented Oct 1, 2020

Nice work @siku4!
I'll give this a test run as well as soon as I can, but to make this mergeable, could you sign the DCO? Thanks!

@siku4 siku4 force-pushed the add-firewall-remoteaddress-option-to-installer branch from e414577 to 2ebea42 Compare October 5, 2020 09:47
carlpett
carlpett approved these changes Oct 10, 2020
View reviewed changes
Copy link
Collaborator

@carlpett carlpett left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Finally had some time to test this out, and it looks great - thanks @siku4!

@carlpett carlpett merged commit 332a903 into prometheus-community:master Oct 10, 2020
anubhavg-icpl pushed a commit to anubhavg-icpl/windows_exporter that referenced this pull request Sep 22, 2024
@carlpett
Merge pull request prometheus-community#608 from siku4/add-firewall-r…
126f322 
…emoteaddress-option-to-installer

Enable the use of remote ip addresses in Windows Firewall exception
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@carlpett carlpett carlpett approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@siku4 @carlpett