我如何使用Windows防火墙配置python / flask进行公共访问

Question

We have developed an app in python and are using flask to expose its api via http requests.

• all this on WINDOWS -

Everything works ok and we have tested in-house with no problems and we are now trying to use the app in the real world - we have gotten our IT dept to give us a public facing ip/port address (forwarded through a firewall ??) and now we can't access the server/app at all.

After a bit of digging, we've found the problem has something to do with the Windows Firewall configuration, when its on it won't work, when its off everything is fine.

the flask app code is run like so: app.run(debug=False, host='0.0.0.0', port=8080) the port 8080 is setup in the Firewall Exceptions as is python.exe in the Program Exceptions

netstat -a shows the app is sitting there awaiting connection.

If I try to access the site though chrome I get the error: ERR_CONNECTION_TIMED_OUT.

With the firewall on i'm never seeing any "hits" come through to the app at all.

Is there some other configuration I'm missing?

Many thanks.

Answer 1

When running Flask from a windows machine with a firewall I open a port with the following commands:

netsh firewall add portopening TCP 8080 "MyAppName"
netsh advfirewall firewall add rule name="MyAppName TCP Port 8080" dir=in action=allow protocol=TCP localport=8080
netsh advfirewall firewall add rule name="MyAppName TCP Port 8080" dir=out action=allow protocol=TCP localport=8080

It work for me. Is it too much? I don't know as I am not a Firewall guru :(

Answer 2

When running as a service the program running the service is not python.exe but rather pythonservice.exe . You will have to add that to the allowed programs in the Windows Firewall Setup. In my case it is located under C:\\Python33\\Lib\\site-packages\\win32\\pythonservice.exe .