Firewall Management GUI¶
Overview¶
The TurnFix application now includes a graphical user interface for managing Windows Firewall rules, allowing network access to be enabled/disabled for each service independently.
Features¶
1. Administrator Rights Detection¶
- Automatic detection - Checks on page load if application has admin privileges
- Visual indicators - Green checkmark (has rights) or amber warning (needs rights)
- Smart UI - Buttons automatically enabled/disabled based on privileges
- Clear messaging - Explains what's needed and why
2. Service Management¶
Three services can be controlled independently: - Backend Server (Port 3001) - API endpoints - Frontend Client (Port 5173) - Main application UI - Jury Portal (Port 5174) - Separate jury interface
3. Visual Status Indicators¶
- β Green checkmark - Service is accessible from network
- β Gray X - Service is blocked by firewall
- π Spinning icon - Status being checked
4. One-Click Enable/Disable¶
- Each service has its own enable/disable button
- Changes take effect immediately
- Success/error messages provide feedback
5. Network Information Display¶
- Shows all local IP addresses
- Provides access URLs for each service on each network interface
- Copy-to-clipboard functionality for easy sharing
6. Security Features¶
- Requires administrator privileges to modify firewall rules
- Clear warning when admin rights are needed
- Automatic detection of admin status on page load
- Security reminder about network exposure
UI Preview¶
With Administrator Rights¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π‘οΈ Firewall & Network β
β Manage Windows Firewall rules for network access β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β βΉοΈ Windows-specific Feature: This feature uses Windows β
β Firewall (netsh & PowerShell) and works on Windows only. β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β Administrator mode active [π] β
β You can manage firewall rules because the application β
β is running with administrator privileges. β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Backend β β Frontend β β Jury Portal β β
β β Port 3001 β β Port 5173 β β Port 5174 β β
β β β β β β β β
β β β
Enabled β β β Disabled β β β Disabled β β
β β [Disable] β β [Enable] β β [Enable] β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β βΉοΈ Platform: This uses Windows Firewall (netsh/PowerShell) β
β β οΈ Security: Only enable rules on trusted networks β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Without Administrator Rights¶
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β π‘οΈ Firewall & Network β
β Manage Windows Firewall rules for network access β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β βΉοΈ Windows-specific Feature: This feature uses Windows β
β Firewall (netsh & PowerShell) and works on Windows only. β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β β οΈ Administrator privileges required [π] β
β This feature requires administrator privileges. Run the β
β application as administrator to manage firewall rules. β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
β β Backend β β Frontend β β Jury Portal β β
β β Port 3001 β β Port 5173 β β Port 5174 β β
β β β β β β β β
β β β Disabled β β β Disabled β β β Disabled β β
β β [Disabled] β β [Disabled] β β [Disabled] β β
β ββββββββββββββββ ββββββββββββββββ ββββββββββββββββ β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ€
β βΉοΈ Platform: This uses Windows Firewall (netsh/PowerShell) β
β β οΈ Security: Only enable rules on trusted networks β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
Usage¶
Accessing the Firewall Manager¶
- Open TurnFix application
- Navigate to Configuration (Einstellungen)
- Click on Network & Firewall section in the left sidebar
Enabling Network Access¶
- Click the Enable button on the desired service card
- Grant administrator privileges if prompted
- Wait for confirmation message
- Share the provided access URL with network users
Disabling Network Access¶
- Click the Disable button on the desired service card
- Grant administrator privileges if prompted
- Wait for confirmation message
Finding Access URLs¶
- Look at the "Network Information" section (blue box)
- Your local IP addresses are shown (e.g., 192.168.1.100)
- Access URLs are provided for each service
- Click the clipboard icon to copy a URL
Technical Details¶
Backend API Endpoints¶
GET /api/firewall/status- Check which services are accessiblePOST /api/firewall/enable/:service- Enable network accessPOST /api/firewall/disable/:service- Disable network accessGET /api/firewall/network-info- Get IP addresses and URLs
Firewall Rules Created¶
Windows Firewall rules are created with the following names: - "TurnFix Backend Server" (Port 3001, TCP) - "TurnFix Frontend Client" (Port 5173, TCP) - "TurnFix Jury Portal" (Port 5174, TCP)
Command Used (Windows)¶
# Enable
netsh advfirewall firewall add rule name="TurnFix Backend Server" dir=in action=allow protocol=TCP localport=3001
# Disable
netsh advfirewall firewall delete rule name="TurnFix Backend Server"
# Check status
netsh advfirewall firewall show rule name="TurnFix Backend Server"
Administrator Privileges¶
Why Administrator Access is Required¶
Modifying Windows Firewall rules requires elevated privileges for security reasons.
How to Grant Access¶
Option 1: Run VS Code as Administrator 1. Right-click on VS Code icon 2. Select "Run as administrator" 3. Open the TurnFix project 4. Changes will work without prompts
Option 2: Grant Permission When Prompted 1. Click enable/disable in the UI 2. Accept the User Account Control (UAC) prompt 3. Changes will be applied immediately
What Happens Without Admin Rights¶
- A yellow warning banner appears
- Enable/disable buttons are disabled
- An error message explains the issue
- Status checking still works (read-only)
Security Considerations¶
Network Exposure¶
- Enabling firewall rules allows ANY device on your network to access the service
- Only enable access when needed for multi-device scenarios
- Disable access when not required (e.g., single-user testing)
Recommended Practices¶
- Enable only required services
- Backend only: For API testing from other devices
- Frontend + Backend: For full application access
-
Jury Portal: Only when jury members need separate interface
-
Use trusted networks
- Home networks: Generally safe
- Office networks: Check with IT department
-
Public WiFi: Avoid enabling access
-
Disable when done
- Close firewall access after competitions
- Disable during development if not needed
- Regular security review
Firewall Rule Scope¶
- Rules apply to ALL networks (private, public, domain)
- Rules persist until manually disabled
- Application restart does not affect rules
Troubleshooting¶
"Permission Denied" Error¶
Symptom: Yellow warning, buttons disabled Solution: Run application as administrator (see above)
"Cannot Find Rule" Error¶
Symptom: Status shows disabled but cannot enable Solution: 1. Click "Refresh" button to reload status 2. Try disabling and re-enabling 3. Check Windows Firewall manually
Network URLs Not Working¶
Symptom: URL shown but cannot connect from other device Solution: 1. Check firewall status shows "Enabled" (green) 2. Verify device is on same network 3. Test with IP address instead of hostname 4. Check if Windows Firewall is running 5. Ensure application server is running
IP Address Not Shown¶
Symptom: Network information section empty Solution: 1. Check network adapter is connected 2. Verify IP address assigned (check Windows network settings) 3. Try disabling/re-enabling network adapter
Multiple IP Addresses Shown¶
Symptom: Several IP addresses listed Explanation: Normal if computer has multiple network interfaces: - WiFi and Ethernet adapters - VPN connections - Virtual machine adapters Action: Use the IP that matches your target network
Alternative: Manual Configuration¶
If the GUI doesn't work, you can still use the PowerShell script:
Or configure manually (requires admin PowerShell):
# Enable all services
netsh advfirewall firewall add rule name="TurnFix Backend Server" dir=in action=allow protocol=TCP localport=3001
netsh advfirewall firewall add rule name="TurnFix Frontend Client" dir=in action=allow protocol=TCP localport=5173
netsh advfirewall firewall add rule name="TurnFix Jury Portal" dir=in action=allow protocol=TCP localport=5174
# Disable all services
netsh advfirewall firewall delete rule name="TurnFix Backend Server"
netsh advfirewall firewall delete rule name="TurnFix Frontend Client"
netsh advfirewall firewall delete rule name="TurnFix Jury Portal"
Localization¶
The firewall management UI is fully localized: - German (Deutsch): Default language - English: Available
Translation keys are in:
- client/src/locales/de.json (German)
- client/src/locales/en.json (English)
Section: configuration.firewall.*
Files Involved¶
Backend¶
server/src/routes/firewall.ts- API endpointsserver/src/index.ts- Route registration
Frontend¶
client/src/components/FirewallManagement.tsx- Main UI componentclient/src/pages/Configuration.tsx- Integration into settings
Translations¶
client/src/locales/de.json- German translationsclient/src/locales/en.json- English translations
Documentation¶
FIREWALL_SETUP.md- Manual setup instructionsFIREWALL_GUI.md- This fileNETWORK_SETUP.md- Network configuration guide
Future Enhancements¶
Possible improvements for future versions: - [ ] Test connectivity from UI (ping service from frontend) - [ ] Show connected clients/devices - [ ] Temporary access (auto-disable after time period) - [ ] Network scope selection (only allow specific IP ranges) - [ ] QR code generation for easy mobile access - [ ] Service health monitoring when network-enabled