Fix issue #1406 about win_firewall_rule
I changed the logic here to always use 'netsh ... show rule' keywords as keys for $fwsettings map. While the translation (e.g. Enabled -> enable) is performed when invoking 'netsh ... add rule' command. I tested rule creation and rule creation when the rule was already existing on Windows Server 2012.
This commit is contained in:
parent
cfe64f3905
commit
a1f53f3a43
1 changed files with 17 additions and 15 deletions
|
@ -23,8 +23,8 @@
|
||||||
function getFirewallRule ($fwsettings) {
|
function getFirewallRule ($fwsettings) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
#$output = Get-NetFirewallRule -name $($fwsettings.name);
|
#$output = Get-NetFirewallRule -name $($fwsettings.'Rule Name');
|
||||||
$rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)")
|
$rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.'Rule Name')")
|
||||||
if (!($rawoutput -eq 'No rules match the specified criteria.')){
|
if (!($rawoutput -eq 'No rules match the specified criteria.')){
|
||||||
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
|
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
|
||||||
$FirstRun = $true;
|
$FirstRun = $true;
|
||||||
|
@ -51,10 +51,10 @@ function getFirewallRule ($fwsettings) {
|
||||||
$msg=@();
|
$msg=@();
|
||||||
if ($($output|measure).count -gt 0) {
|
if ($($output|measure).count -gt 0) {
|
||||||
$exists=$true;
|
$exists=$true;
|
||||||
$msg += @("The rule '" + $fwsettings.name + "' exists.");
|
$msg += @("The rule '" + $fwsettings.'Rule Name' + "' exists.");
|
||||||
if ($($output|measure).count -gt 1) {
|
if ($($output|measure).count -gt 1) {
|
||||||
$multi=$true
|
$multi=$true
|
||||||
$msg += @("The rule '" + $fwsettings.name + "' has multiple entries.");
|
$msg += @("The rule '" + $fwsettings.'Rule Name' + "' has multiple entries.");
|
||||||
ForEach($rule in $output.GetEnumerator()) {
|
ForEach($rule in $output.GetEnumerator()) {
|
||||||
ForEach($fwsetting in $fwsettings.GetEnumerator()) {
|
ForEach($fwsetting in $fwsettings.GetEnumerator()) {
|
||||||
if ( $rule.$fwsetting -ne $fwsettings.$fwsetting) {
|
if ( $rule.$fwsetting -ne $fwsettings.$fwsetting) {
|
||||||
|
@ -73,11 +73,7 @@ function getFirewallRule ($fwsettings) {
|
||||||
|
|
||||||
if (($fwsetting.Key -eq 'RemoteIP') -and ($output.$($fwsetting.Key) -eq ($fwsettings.$($fwsetting.Key)+'-'+$fwsettings.$($fwsetting.Key)))) {
|
if (($fwsetting.Key -eq 'RemoteIP') -and ($output.$($fwsetting.Key) -eq ($fwsettings.$($fwsetting.Key)+'-'+$fwsettings.$($fwsetting.Key)))) {
|
||||||
$donothing=$false
|
$donothing=$false
|
||||||
} elseif ((($fwsetting.Key -eq 'Name') -or ($fwsetting.Key -eq 'DisplayName')) -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) {
|
} elseif (($fwsetting.Key -eq 'DisplayName') -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) {
|
||||||
$donothing=$false
|
|
||||||
} elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) {
|
|
||||||
$donothing=$false
|
|
||||||
} elseif (($fwsetting.Key -eq 'Enable') -and ($output."Enabled" -eq $fwsettings.$($fwsetting.Key))) {
|
|
||||||
$donothing=$false
|
$donothing=$false
|
||||||
} else {
|
} else {
|
||||||
$diff=$true;
|
$diff=$true;
|
||||||
|
@ -117,11 +113,17 @@ function getFirewallRule ($fwsettings) {
|
||||||
|
|
||||||
function createFireWallRule ($fwsettings) {
|
function createFireWallRule ($fwsettings) {
|
||||||
$msg=@()
|
$msg=@()
|
||||||
$execString="netsh advfirewall firewall add rule "
|
$execString="netsh advfirewall firewall add rule"
|
||||||
|
|
||||||
ForEach ($fwsetting in $fwsettings.GetEnumerator()) {
|
ForEach ($fwsetting in $fwsettings.GetEnumerator()) {
|
||||||
if ($fwsetting.key -eq 'Direction') {
|
if ($fwsetting.key -eq 'Direction') {
|
||||||
$key='dir'
|
$key='dir'
|
||||||
|
} elseif ($fwsetting.key -eq 'Rule Name') {
|
||||||
|
$key='name'
|
||||||
|
} elseif ($fwsetting.key -eq 'Enabled') {
|
||||||
|
$key='enable'
|
||||||
|
} elseif ($fwsetting.key -eq 'Profiles') {
|
||||||
|
$key='profile'
|
||||||
} else {
|
} else {
|
||||||
$key=$($fwsetting.key).ToLower()
|
$key=$($fwsetting.key).ToLower()
|
||||||
};
|
};
|
||||||
|
@ -159,7 +161,7 @@ function createFireWallRule ($fwsettings) {
|
||||||
function removeFireWallRule ($fwsettings) {
|
function removeFireWallRule ($fwsettings) {
|
||||||
$msg=@()
|
$msg=@()
|
||||||
try {
|
try {
|
||||||
$rawoutput=@(netsh advfirewall firewall delete rule name="$($fwsettings.name)")
|
$rawoutput=@(netsh advfirewall firewall delete rule name="$($fwsettings.'Rule Name')")
|
||||||
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
|
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
|
||||||
$FirstRun = $true;
|
$FirstRun = $true;
|
||||||
$HashProps = @{};
|
$HashProps = @{};
|
||||||
|
@ -211,9 +213,9 @@ $misArg = ''
|
||||||
# Check the arguments
|
# Check the arguments
|
||||||
if ($enable -ne $null) {
|
if ($enable -ne $null) {
|
||||||
if ($enable -eq $true) {
|
if ($enable -eq $true) {
|
||||||
$fwsettings.Add("Enable", "yes");
|
$fwsettings.Add("Enabled", "yes");
|
||||||
} elseif ($enable -eq $false) {
|
} elseif ($enable -eq $false) {
|
||||||
$fwsettings.Add("Enable", "no");
|
$fwsettings.Add("Enabled", "no");
|
||||||
} else {
|
} else {
|
||||||
$misArg+="enable";
|
$misArg+="enable";
|
||||||
$msg+=@("for the enable parameter only yes and no is allowed");
|
$msg+=@("for the enable parameter only yes and no is allowed");
|
||||||
|
@ -229,7 +231,7 @@ if ($name -eq ""){
|
||||||
$misArg+="Name";
|
$misArg+="Name";
|
||||||
$msg+=@("name is a required argument");
|
$msg+=@("name is a required argument");
|
||||||
} else {
|
} else {
|
||||||
$fwsettings.Add("Name", $name)
|
$fwsettings.Add("Rule Name", $name)
|
||||||
#$fwsettings.Add("displayname", $name)
|
#$fwsettings.Add("displayname", $name)
|
||||||
};
|
};
|
||||||
if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){
|
if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){
|
||||||
|
@ -263,7 +265,7 @@ foreach ($arg in $args){
|
||||||
};
|
};
|
||||||
|
|
||||||
$winprofile=Get-Attr $params "profile" "current";
|
$winprofile=Get-Attr $params "profile" "current";
|
||||||
$fwsettings.Add("profile", $winprofile)
|
$fwsettings.Add("Profiles", $winprofile)
|
||||||
|
|
||||||
if ($misArg){
|
if ($misArg){
|
||||||
$result=New-Object psobject @{
|
$result=New-Object psobject @{
|
||||||
|
|
Loading…
Reference in a new issue