#
# $Id: //websites/unixwiz/unixwiz.net/webroot/evo/evo-setup-firewall.ps1#4 $
#
# written by : Stephen J. Friedl
#              Software Consultant
#              Southern California USA
#              steve@unixwiz.net
#
#	This program creates the Server 2008 R2 "Advanced Firewall" rules required
#	to support Evolution; this essentially whitelists all these .EXEs to allow for
#	inbound firewall access, and we delete all rules before adding (so we can
#	*update* a rule without adding it twice).
#
#	The only tunables are the two home directories, $CLIENT and $EVOHOME.
#	The rules do not require that the App be installed in order to have the
#	rules.
#
# 1.0.5 2013/11/06; fixed 64-bit check
# 1.0.4 2013/11/04; now check for 32/64 direcories
# 1.0.3 2013/10/28; added Evo MRC rule
# 1.0.2 2013/10/16; added Allow Ping rule


$CLIENT  = "C:\iSystems\Evolution\Client"

# Look for 32-bit -vs- 64-bit directory differences

$PROGRAMFILES = ""

foreach ($suffix in @( " (x86)", "" ) )
{
	$dir = "C:\Program Files" + $suffix

	if ( Test-Path $dir )
	{
		$PROGRAMFILES = $dir
		break
	}
}

if ( "$PROGRAMFILES" -eq "" )
{
	write-output "Cannot find location of Program Files"
	exit 1
}
write-output "Found $PROGRAMFILES"


$EVOHOME = "$PROGRAMFILES\Evolution"
$ISHOME  = "C:\Program Files\iSystems"

$EVOAPP = "$EVOHOME\DeploymentManager\Applications\Evolution"


$rules = @(

    # Correct for Orange, Peru and Plymouth

    @{ Name="Evo Management Console";	App= "$EVOHOME\ManagementConsole\EvMgmtCon.exe"		}
    @{ Name="Evo Deployment Manager";	App= "$EVOHOME\DeploymentManager\EvDeployMgr.exe"	}
    @{ Name="Evo ADR Client";		App= "$EVOAPP\EvADRClient.exe"				}
    @{ Name="Evo ADR Server";		App= "$EVOAPP\EvADRServer.exe"				}
    @{ Name="Evo Remote Relay";		App= "$EVOAPP\EvRemoteRelay.exe"			}
    @{ Name="Evo Request Processor";	App= "$EVOAPP\EvRequestProc.exe"			}
    @{ Name="Evo Request Broker";	App= "$EVOAPP\EvRequestBroker.exe"			}
    @{ Name="Evo API Adapter";		App= "$EVOAPP\EvAPIAdapter.exe"				} 
    @{ Name="Evo RW Engine (Server)";	App= "$EVOAPP\isRWEngine.exe"				} 
    @{ Name="Evo RW Preview (Server)";	App= "$EVOAPP\isRWPreview.exe"				} 

    @{ Name="Evo Client";		App= "$CLIENT\Evolution.exe"				} 
    @{ Name="Evo RW Engine (Client)";	App= "$CLIENT\isRWEngine.exe"				} 
    @{ Name="Evo RW Preview (Client)";	App= "$CLIENT\isRWPreview.exe"				} 

    @{ Name="RFC 868 Time Service";	App= "C:\bin\rfc868time-1.5.exe"			}

    # 2013/10/28
    @{ Name="Evo MRC Service";		App= "$ISHOME\EvoMRC\EvoMRCService.exe"			}
)


$rules | foreach-object {
	$name = $_.Name
	$app  = $_.App

	write-output "Adding rule for $name"

	# disregard errors during rule removal; the rule might not exist,
	# but even if it does, we don't care about the "Ok"
	#
	netsh advfirewall firewall delete rule $name | Out-Null

	# TODO: check for error status?
	netsh advfirewall firewall add rule `
		name=$name `
		dir=in `
		action=allow `
		profile=any `
		protocol=any `
		program="$app" `
		enable=yes
}

write-output "Allowing ping"
netsh advfirewall firewall add rule name="Allow Ping" protocol=icmpv4 dir=in action=allow