I have a WCF Windows Service using a basicHttpBinding endpoint, listening on TCP/12345. I have added a udpDiscoveryEndpoint, and can discover the service locally no problems.
<services>
<service name="BigBadCompany.Delivery.DeliveryService" behaviorConfiguration="DeliveryServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://*:12345/Delivery/service"/>
</baseAddresses>
</host>
<endpoint address="" binding="basicHttpBinding" contract="BigBadCompany.Delivery.IDelivery" bindingConfiguration="DeliveryServiceBinding"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<endpoint kind="udpDiscoveryEndpoint" />
</service>
</services>
To get it to discover across the network on the local subnet, I need to add a firewall rule to permit the traffic. I can only get this working if I permit ALL UDP traffic. If I restrict the rule to only my service, discovery breaks. I also tried restricting it to one port (which for no good reason I guessed might be the same as the TCP port, I can't find any info on what port the UDP broadcasts use) it also stops.
What would be an appropriate firewall rule to permit just the udpDiscoveryEndpoint traffic without opening all UDP ports inbound?
You should just add exception for port 3702. See more here:
https://msdn.microsoft.com/en-us/library/dd352335.aspx
--EDIT--
The URL has expired; here's a backup:
https://web.archive.org/web/20161111140652/https://msdn.microsoft.com/en-us/library/dd352335.aspx