Make DHCP server rule more explicit

3 files changed, 24 insertions, 3 deletions

diff --git a/windows/winfw/src/winfw/fwcontext.cpp b/windows/winfw/src/winfw/fwcontext.cpp
index 4cff5d7166..e5325f0b9c 100644
--- a/windows/winfw/src/winfw/fwcontext.cpp
+++ b/windows/winfw/src/winfw/fwcontext.cpp
@@ -49,7 +49,7 @@ void AppendSettingsRules(FwContext::Ruleset &ruleset, const WinFwSettings &setti
 	{
 		ruleset.emplace_back(std::make_unique<rules::PermitLan>());
 		ruleset.emplace_back(std::make_unique<rules::PermitLanService>());
-		ruleset.emplace_back(std::make_unique<rules::PermitDhcpServer>());
+		ruleset.emplace_back(rules::PermitDhcpServer::WithExtent(rules::PermitDhcpServer::Extent::IPv4Only));
 	}
 }
 
diff --git a/windows/winfw/src/winfw/rules/permitdhcpserver.cpp b/windows/winfw/src/winfw/rules/permitdhcpserver.cpp
index ffc786c616..6e22b146fa 100644
--- a/windows/winfw/src/winfw/rules/permitdhcpserver.cpp
+++ b/windows/winfw/src/winfw/rules/permitdhcpserver.cpp
@@ -7,6 +7,7 @@
 #include "libwfp/conditions/conditionprotocol.h"
 #include "libwfp/conditions/conditionport.h"
 #include "libwfp/conditions/conditionip.h"
+#include <stdexcept>
 
 using namespace wfp::conditions;
 
@@ -21,6 +22,17 @@ static const uint32_t DHCPV4_SERVER_PORT = 67;
 
 } // anonymous namespace
 
+//static
+std::unique_ptr<PermitDhcpServer> PermitDhcpServer::WithExtent(Extent extent)
+{
+	if (extent != Extent::IPv4Only)
+	{
+		throw std::runtime_error("The only supported mode is IPv4Only");
+	}
+
+	return std::unique_ptr<PermitDhcpServer>(new PermitDhcpServer);
+}
+
 bool PermitDhcpServer::apply(IObjectInstaller &objectInstaller)
 {
 	return applyIpv4(objectInstaller);
diff --git a/windows/winfw/src/winfw/rules/permitdhcpserver.h b/windows/winfw/src/winfw/rules/permitdhcpserver.h
index 49e06bfb53..93879b21a7 100644
--- a/windows/winfw/src/winfw/rules/permitdhcpserver.h
+++ b/windows/winfw/src/winfw/rules/permitdhcpserver.h
@@ -1,6 +1,7 @@
 #pragma once
 
 #include "ifirewallrule.h"
+#include <memory>
 
 namespace rules
 {
@@ -9,13 +10,21 @@ class PermitDhcpServer : public IFirewallRule
 {
 public:
 
-	PermitDhcpServer() = default;
-	~PermitDhcpServer() = default;
+	enum class Extent
+	{
+		All,
+		IPv4Only,
+		IPv6Only
+	};
+
+	static std::unique_ptr<PermitDhcpServer> WithExtent(Extent extent);
 
 	bool apply(IObjectInstaller &objectInstaller) override;
 
 private:
 
+	PermitDhcpServer() = default;
+
 	bool applyIpv4(IObjectInstaller &objectInstaller) const;
 };