I have a flutter windows HttpServer like this
HttpServer server = await HttpServer.bind(InternetAddress.anyIPv4, 2345);
print('Listening on ${server.port}');
server.listen((req) {
req.response
..write('request received successfully')
..close();
});
when trying to run it on a windows flutter app it only works for local connections from the windows machine itself.
But when trying to access it from an android device for example from the same local network it doesn't work.
I did some search and found out that I must add a firewall inbound rule for my app to be able to listen for outside connections
I did it manually from the Windows Defender Firewall and it worked.
I need to make it programmatically from my flutter code.
then tried this code
final processResult = Process.runSync(
'netsh',
[
'advfirewall',
'firewall',
'add',
'rule',
'name="My App Rule Name"',
'action=allow',
'program="${Platform.resolvedExecutable}"',
'dir=in',
'protocol=tcp',
],
);
but I am getting this result
A specified value is not valid.
Usage: add rule name=<string>
dir=in|out
action=allow|block|bypass
[program=<program path>]
[service=<service short name>|any]
[description=<string>]
[enable=yes|no (default=yes)]
[profile=public|private|domain|any[,...]]
[localip=any|<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway|
<IPv4 address>|<IPv6 address>|<subnet>|<range>|<list>]
[localport=0-65535|<port range>[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)]
[remoteport=0-65535|<port range>[,...]|any (default=any)]
[protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code|
tcp|udp|any (default=any)]
[interfacetype=wireless|lan|ras|any]
[rmtcomputergrp=<SDDL string>]
[rmtusrgrp=<SDDL string>]
[edge=yes|deferapp|deferuser|no (default=no)]
[security=authenticate|authenc|authdynenc|authnoencap|notrequired
(default=notrequired)]
Remarks:
- Add a new inbound or outbound rule to the firewall policy.
- Rule name should be unique and cannot be "all".
- If a remote computer or user group is specified, security must be
authenticate, authenc, authdynenc, or authnoencap.
- Setting security to authdynenc allows systems to dynamically
negotiate the use of encryption for traffic that matches
a given Windows Defender Firewall rule. Encryption is negotiated based on
existing connection security rule properties. This option
enables the ability of a machine to accept the first TCP
or UDP packet of an inbound IPsec connection as long as
it is secured, but not encrypted, using IPsec.
Once the first packet is processed, the server will
re-negotiate the connection and upgrade it so that
all subsequent communications are fully encrypted.
- If action=bypass, the remote computer group must be specified when dir=in.
- If service=any, the rule applies only to services.
- ICMP type or code can be "any".
- Edge can only be specified for inbound rules.
- AuthEnc and authnoencap cannot be used together.
- Authdynenc is valid only when dir=in.
- When authnoencap is set, the security=authenticate option becomes an
optional parameter.
Examples:
Add an inbound rule with no encapsulation security for browser.exe:
netsh advfirewall firewall add rule name="allow browser"
dir=in program="c:\programfiles\browser\browser.exe"
security=authnoencap action=allow
Add an outbound rule for port 80:
netsh advfirewall firewall add rule name="allow80"
protocol=TCP dir=out localport=80 action=block
Add an inbound rule requiring security and encryption
for TCP port 80 traffic:
netsh advfirewall firewall add rule
name="Require Encryption for Inbound TCP/80"
protocol=TCP dir=in localport=80 security=authdynenc
action=allow
Add an inbound rule for browser.exe and require security
netsh advfirewall firewall add rule name="allow browser"
dir=in program="c:\program files\browser\browser.exe"
security=authenticate action=allow
Add an authenticated firewall bypass rule for group
acmedomain\scanners identified by a SDDL string:
netsh advfirewall firewall add rule name="allow scanners"
dir=in rmtcomputergrp=<SDDL string> action=bypass
security=authenticate
Add an outbound allow rule for local ports 5000-5010 for udp-
Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010 action=allow
And the problem not solved!
maybe I need to ask for a firewall permission to open a port but I don't know how
I added a .bat script with the following
@echo off
set programPath=%1
set ruleName="Put Your Rule Name Here"
echo %date% %time%: Starting script with arguments %* >>C:\log.log
netsh advfirewall firewall show rule name=%ruleName% >nul
if %errorlevel%==0 (
echo Rule "%ruleName%" already exists. Exiting...
echo %date% %time%: Rule "%ruleName%" already exists. Exiting... >>C:\log.log
exit /b
)
echo Rule "%ruleName%" not found. Adding...
echo %date% %time%: Rule "%ruleName%" not found. Adding... >>C:\log.log
netsh advfirewall firewall add rule name=%ruleName% action=allow enable=yes dir=in profile=domain,private,public localip=any remoteip=any protocol=any program=%programPath%
netsh advfirewall firewall add rule name=%ruleName% action=allow enable=yes dir=out profile=domain,private,public localip=any remoteip=any protocol=any program=%programPath%
echo Rule "%ruleName%" added successfully.
echo %date% %time%: Rule "%ruleName%" added successfully. >>C:\log.log
exit /b
i saved the firewall_rule.bat and packaged it with my package using advanced installer for windows
then made the script to run with the app installation to activate the rule with admin permission while the app installation.