ENHANCEMENTS:

karel26 · karel26 · commit 767de12e93c0 · 2025-11-04T21:54:18.000+01:00
- /doc can generate firewall rules now
diff --git a/core/data/const.py b/core/data/const.py
@@ -56,9 +56,10 @@ class PortType(Enum):
 
 class Port:
 
-    def __init__(self, port: int, typ: PortType):
+    def __init__(self, port: int, typ: PortType, *, public: bool = False):
         self.port = port
         self.typ = typ
+        self.public = public
 
     def __repr__(self):
         return f'{self.port}/{self.typ.value}'
diff --git a/core/data/impl/nodeimpl.py b/core/data/impl/nodeimpl.py
@@ -1692,7 +1692,7 @@ async def info(self) -> dict:
 
         node_dict = {
             "Node": self.node.name,
-            "Listen Port": repr(self.node.listen_port),
+            "Listen Port": self.node.listen_port,
             "Public IP": self.node.public_ip,
             "Bot Version": f"{self.node.bot_version}.{self.node.sub_version}",
             "DCS Branch": self.dcs_branch,
@@ -1711,6 +1711,6 @@ async def info(self) -> dict:
             if not service:
                 continue
             for key, value in service.get_ports().items():
-                node_dict[key] = repr(value)
+                node_dict[key] = value
 
         return node_dict
diff --git a/core/data/instance.py b/core/data/instance.py
@@ -49,7 +49,7 @@ def dcs_port(self) -> Port:
                              f"You need to run this server as Administrator!")
         elif port > 65535:
             raise FatalException(f"The DCS port of instance {self.name} is > 65535!")
-        return Port(port, PortType.BOTH)
+        return Port(port, PortType.BOTH, public=True)
 
     @property
     def webgui_port(self) -> Port:
@@ -59,7 +59,7 @@ def webgui_port(self) -> Port:
                              f"You need to run this server as Administrator!")
         elif webgui_port > 65535:
             raise FatalException(f"The WebGUI-port of instance {self.name} is > 65535!")
-        return Port(webgui_port, PortType.TCP)
+        return Port(webgui_port, PortType.TCP, public=True)
 
     @property
     def bot_port(self) -> Port:
diff --git a/core/utils/__init__.py b/core/utils/__init__.py
@@ -8,6 +8,7 @@
 from core.utils.discord import *
 from core.utils.helper import *
 from core.utils.mizedit import *
+from core.utils.network import *
 from core.utils.os import *
 from core.utils.performance import *
 from core.utils.squadrons import *
diff --git a/core/utils/network.py b/core/utils/network.py
@@ -0,0 +1,51 @@
+from core import Port, PortType
+from typing import Iterable
+
+__all__ = ["generate_firewall_rules"]
+
+
+def fw_rule(port: int, protocol: str, name: str, description: str) -> str:
+    """
+    Returns a single New-NetFirewallRule command string.
+    """
+    cmd = (
+        f'New-NetFirewallRule '
+        f'-DisplayName "{name}" '
+        f'-Direction Inbound '
+        f'-Action Allow '
+        f'-Protocol {protocol} '
+        f'-LocalPort {port} '
+        f'-Profile Any '
+        f'-Description "{description}"'
+    )
+    return cmd
+
+def generate_firewall_rules(ports: Iterable[Port]) -> str:
+    """
+    Write a PowerShell script that adds inbound rules for the given ports.
+    """
+    lines = [
+        "# ------------------------------------------------------------",
+        "# Auto‑generated PowerShell script to add inbound firewall rules",
+        "# Run this script **as Administrator** in PowerShell.",
+        "# ------------------------------------------------------------",
+        "",
+        "Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope Process -Force",
+        ""
+    ]
+
+    for p in ports:
+        if p.typ is PortType.BOTH:
+            # Create two separate rules
+            for proto in (PortType.TCP, PortType.UDP):
+                name = f"Allow {p.port}/{proto.value.lower()}"
+                desc = f"Auto‑generated rule for inbound {p.port}/{proto.value.lower()}"
+                lines.append(fw_rule(p.port, proto.value, name, desc))
+                lines.append("")  # blank line for readability
+        else:
+            name = f"Allow {p.port}/{p.typ.value.lower()}"
+            desc = f"Auto‑generated rule for inbound {p.port}/{p.typ.value.lower()}"
+            lines.append(fw_rule(p.port, p.typ.value, name, desc))
+            lines.append("")
+
+    return "\n".join(lines)
diff --git a/extensions/lardoon/extension.py b/extensions/lardoon/extension.py
@@ -226,5 +226,5 @@ async def schedule(self):
     @override
     def get_ports(self) -> dict[str, Port]:
         return {
-            "Lardoon": Port(self.config['bind'].split(':')[1], PortType.TCP)
+            "Lardoon": Port(self.config['bind'].split(':')[1], PortType.TCP, public=True)
         } if self.enabled else {}
diff --git a/extensions/lotatc/extension.py b/extensions/lotatc/extension.py
@@ -375,6 +375,6 @@ async def schedule(self):
     @override
     def get_ports(self) -> dict[str, Port]:
         return {
-            "LotAtc": Port(self.locals.get('port', 10310), PortType.TCP),
+            "LotAtc": Port(self.locals.get('port', 10310), PortType.TCP, public=True),
             "LotAtc JSON Server Port": Port(self.locals.get('lotatc_inst.options', {}).get('jsonserver_port', 8081), PortType.TCP)
         } if self.enabled else {}
diff --git a/extensions/olympus/extension.py b/extensions/olympus/extension.py
@@ -340,6 +340,6 @@ def shutdown(self, *, quiet: bool = False) -> bool:
     def get_ports(self) -> dict[str, Port]:
         return {
             "Olympus " + self.backend_tag.capitalize(): Port(self.config.get(self.backend_tag, {}).get('port', 4512), PortType.TCP),
-            "Olympus " + self.frontend_tag.capitalize(): Port(self.config.get(self.frontend_tag, {}).get('port', 3000), PortType.TCP),
+            "Olympus " + self.frontend_tag.capitalize(): Port(self.config.get(self.frontend_tag, {}).get('port', 3000), PortType.TCP, public=True),
             "Olympus WSPort": Port(self.config.get('audio', {}).get('WSPort', 4000), PortType.TCP)
         } if self.enabled else {}
diff --git a/extensions/sneaker/extension.py b/extensions/sneaker/extension.py
@@ -186,5 +186,5 @@ async def render(self, param: dict | None = None) -> dict:
     @override
     def get_ports(self) -> dict[str, Port]:
         return {
-            "Sneaker": Port(self.config['bind'].split(':')[1], PortType.TCP)
+            "Sneaker": Port(self.config['bind'].split(':')[1], PortType.TCP, public=True)
         } if self.enabled else {}
diff --git a/extensions/srs/extension.py b/extensions/srs/extension.py
@@ -624,7 +624,7 @@ async def schedule(self):
     def get_ports(self) -> dict[str, Port]:
         if self.enabled:
             rc: dict[str, Port] = {
-                "SRS Port": Port(self.locals['Server Settings']['SERVER_PORT'], PortType.BOTH)
+                "SRS Port": Port(self.locals['Server Settings']['SERVER_PORT'], PortType.BOTH, public=True)
             }
             if self.locals['General Settings'].get('LOTATC_EXPORT_ENABLED', False):
                 rc["LotAtc Export Port"] = Port(self.locals['General Settings'].get('LOTATC_EXPORT_PORT', 10712), PortType.UDP)
diff --git a/extensions/tacview/extension.py b/extensions/tacview/extension.py
@@ -486,8 +486,8 @@ async def handle_update(self):
     @override
     def get_ports(self) -> dict[str, Port]:
         return {
-            "tacviewRealTimeTelemetryPort": Port(self.locals.get('tacviewRealTimeTelemetryPort', 42674), PortType.TCP),
-            "tacviewRemoteControlPort": Port(self.locals.get('tacviewRemoteControlPort', 42675), PortType.TCP)
+            "tacviewRealTimeTelemetryPort": Port(self.locals.get('tacviewRealTimeTelemetryPort', 42674), PortType.TCP, public=True),
+            "tacviewRemoteControlPort": Port(self.locals.get('tacviewRemoteControlPort', 42675), PortType.TCP, public=True)
         } if self.enabled else {}
 
     @override
diff --git a/plugins/help/commands.py b/plugins/help/commands.py
@@ -2,8 +2,8 @@
 import os
 import pandas as pd
 
-from core import Plugin, Report, ReportEnv, command, utils, get_translation, Status, async_cache, Command
-from discord import app_commands, Interaction, ButtonStyle, TextStyle
+from core import Plugin, Report, ReportEnv, command, utils, get_translation, Status, async_cache, Command, Port, Node
+from discord import app_commands, Interaction, ButtonStyle, TextStyle, SelectOption
 from discord.ui import View, Select, Button, Modal, TextInput, Item
 from io import BytesIO
 from services.bot import DCSServerBot
@@ -418,6 +418,9 @@ async def nodes_info_to_df(self) -> pd.DataFrame:
             if not node:
                 continue
             node_dict = await node.info()
+            for k, v in node_dict.copy().items():
+                if isinstance(v, Port):
+                    node_dict[k] = repr(v)
             data_df = pd.DataFrame([node_dict])
             df = pd.concat([df, data_df], ignore_index=True)
 
@@ -455,11 +458,34 @@ def adjust_columns(worksheet):
         await interaction.followup.send(file=discord.File(fp=output, filename='ServerInfo.xlsx'), ephemeral=True)
         output.close()
 
+    async def generate_firewall_rules(self, interaction: discord.Interaction, node: Node) -> str:
+        ports: list[Port] = []
+        for server in self.bot.servers.values():
+            ports.append(server.instance.dcs_port)
+            ports.append(server.instance.webgui_port)
+
+            for ext in server.instance.locals.get('extensions', {}).keys():
+                try:
+                    rc = await server.run_on_extension(ext, 'get_ports')
+                    for key, value in rc.items():
+                        if value.public:
+                            ports.append(value)
+                except ValueError:
+                    pass
+        info = await node.info()
+        for k, v in info.items():
+            if isinstance(v, Port):
+                if v.public:
+                    ports.append(v)
+
+        return utils.generate_firewall_rules(ports)
+
     @command(description=_('Generate Documentation'))
     @app_commands.guild_only()
     @app_commands.rename(fmt='format')
     @utils.app_has_role('Admin')
-    async def doc(self, interaction: discord.Interaction, what: Literal['Command Overview', 'Server Config Sheet'],
+    async def doc(self, interaction: discord.Interaction,
+                  what: Literal['Command Overview', 'Server Config Sheet', 'Firewall Config'],
                   fmt: Literal['channel', 'xls'] | None = None,
                   role: Literal['Admin', 'DCS Admin', 'DCS'] | None = None,
                   channel: discord.TextChannel | None = None):
@@ -477,6 +503,25 @@ async def doc(self, interaction: discord.Interaction, what: Literal['Command Ove
                 await interaction.response.send_message(_("Aborted."), ephemeral=True)
                 return
             await self.generate_server_docs(interaction)
+        elif what == 'Firewall Config':
+            all_nodes = list(self.node.all_nodes.values())
+            idx = await utils.selection(interaction,
+                                   title="Select a node",
+                                   options=[
+                                       SelectOption(label=x.name, value=str(idx))
+                                       for idx, x in enumerate(all_nodes)
+                                       if x is not None
+                                   ])
+            if idx:
+                rules = await self.generate_firewall_rules(interaction, all_nodes[int(idx)])
+                file = discord.File(fp=BytesIO(rules.encode('utf-8')), filename='firewall_rules.ps1')
+                # noinspection PyUnresolvedReferences
+                if not interaction.response.is_done():
+                    # noinspection PyUnresolvedReferences
+                    await interaction.response.defer(ephemeral=True)
+                await interaction.followup.send(content=_("Your firewall ruleset:"), file=file, ephemeral=True)
+            else:
+                await interaction.followup.send(_("Aborted."), ephemeral=True)
         else:
             # noinspection PyUnresolvedReferences
             await interaction.response.send_message(_("Unknown option {}!").format(what), ephemeral=True)
diff --git a/plugins/slotblocking/README.md b/plugins/slotblocking/README.md
@@ -1,8 +1,10 @@
 # Plugin "SlotBlocking"
-This is a slot blocking plugin that can be used in several ways (more to come).
-Slots can be either blocked by Discord roles (specific planes blocked for Discord Members, other ones blocked for 
-Donators for instance), by credit points (see [CreditSystem](../creditsystem/README.md)) that people earn by kills or a specific VIP role
-assigned in this plugin's configuration.
+This plugin is designed for slot blocking and offers multiple usage options. 
+Slots can be restricted based on Discord roles (for instance, restricting certain planes for regular Discord members 
+while blocking others for donators), credit points (as detailed in the [CreditSystem](../creditsystem/README.md) document), or a specific 
+VIP role set within this plugin's configuration.
+It also includes a balance system for both teams (red and blue), ensuring fair gameplay by maintaining an equal 
+distribution of players on each side.
 
 ## Configuration
 As SlotBlocking is an optional plugin, you need to activate it in main.yaml first like so:
@@ -63,10 +65,11 @@ DCS.dcs_serverrelease:
     costs: 30
   payback: true         # payback the plane costs on proper landings, otherwise charge by usage
 ```
-Each unit can be either defined by its "group_name" or "unit_name", which are substrings/[pattern](https://riptutorial.com/lua/example/20315/lua-pattern-matching) of the names 
-used in your mission or by its "unit_type". The restriction can either be credit "points" that you gain by kills or 
-"discord", which is then a specific Discord role (in the example "Donators"). "costs" are the points you lose when you 
-get killed in this specific aircraft and if provided.
+Each unit can be identified using either its "group_name" or "unit_name", which are substrings or [patterns](https://riptutorial.com/lua/example/20315/lua-pattern-matching) of the 
+names used in your mission, or by its "unit_type". 
+Restrictions can be enforced through credit "points" earned from kills or "discord" (specific Discord roles, 
+such as "Donators" in the example provided). 
+The "costs" refer to the points you lose when you are killed while flying this specific aircraft, if applicable.
 
 ## Sample Use Case
 Here are some sample use cases that show how the plugin can be used.
@@ -134,7 +137,7 @@ DEFAULT:
   balancing:                  # Optional: Allows balancing for your server (blue vs red)
     blue_vs_red: 0.5          # 50% balance blue vs red
     threshold: 0.1            # 10% threshold until slots are blocked
-    activation_threshold: 10  # do not balance, if the number of players is below this threshold
+    activation_threshold: 10  # do not balance if the number of players is below this threshold
     message: You need to take a slot of the opposite coalition to keep the balance!
 ``` 
 > [!NOTE]
diff --git a/services/webservice/service.py b/services/webservice/service.py
@@ -144,4 +144,4 @@ async def stop(self):
 
     @override
     def get_ports(self) -> dict[str, Port]:
-        return {"WebService": Port(self.get_config().get('port', 9876), PortType.TCP)}
+        return {"WebService": Port(self.get_config().get('port', 9876), PortType.TCP, public=True)}

Original file line number	Diff line number	Diff line change
`@@ -624,7 +624,7 @@ async def schedule(self):`
`624`	`624`	`def get_ports(self) -> dict[str, Port]:`
`625`	`625`	`if self.enabled:`
`626`	`626`	`rc: dict[str, Port] = {`
`627`		`- "SRS Port": Port(self.locals['Server Settings']['SERVER_PORT'], PortType.BOTH)`
	`627`	`+ "SRS Port": Port(self.locals['Server Settings']['SERVER_PORT'], PortType.BOTH, public=True)`
`628`	`628`	`}`
`629`	`629`	`if self.locals['General Settings'].get('LOTATC_EXPORT_ENABLED', False):`
`630`	`630`	`rc["LotAtc Export Port"] = Port(self.locals['General Settings'].get('LOTATC_EXPORT_PORT', 10712), PortType.UDP)`