Fix issue #1406 about win_firewall_rule

I changed the logic here to always use 'netsh ... show rule' keywords as keys for $fwsettings map. While the translation (e.g. Enabled -> enable) is performed when invoking 'netsh ... add rule' command.

I tested rule creation and rule creation when the rule was already existing on Windows Server 2012.
This commit is contained in:
Andrea Scarpino 2016-02-18 17:59:23 +01:00
parent cfe64f3905
commit a1f53f3a43

View file

@ -23,8 +23,8 @@
function getFirewallRule ($fwsettings) { function getFirewallRule ($fwsettings) {
try { try {
#$output = Get-NetFirewallRule -name $($fwsettings.name); #$output = Get-NetFirewallRule -name $($fwsettings.'Rule Name');
$rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)") $rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.'Rule Name')")
if (!($rawoutput -eq 'No rules match the specified criteria.')){ if (!($rawoutput -eq 'No rules match the specified criteria.')){
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin { $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
$FirstRun = $true; $FirstRun = $true;
@ -51,10 +51,10 @@ function getFirewallRule ($fwsettings) {
$msg=@(); $msg=@();
if ($($output|measure).count -gt 0) { if ($($output|measure).count -gt 0) {
$exists=$true; $exists=$true;
$msg += @("The rule '" + $fwsettings.name + "' exists."); $msg += @("The rule '" + $fwsettings.'Rule Name' + "' exists.");
if ($($output|measure).count -gt 1) { if ($($output|measure).count -gt 1) {
$multi=$true $multi=$true
$msg += @("The rule '" + $fwsettings.name + "' has multiple entries."); $msg += @("The rule '" + $fwsettings.'Rule Name' + "' has multiple entries.");
ForEach($rule in $output.GetEnumerator()) { ForEach($rule in $output.GetEnumerator()) {
ForEach($fwsetting in $fwsettings.GetEnumerator()) { ForEach($fwsetting in $fwsettings.GetEnumerator()) {
if ( $rule.$fwsetting -ne $fwsettings.$fwsetting) { if ( $rule.$fwsetting -ne $fwsettings.$fwsetting) {
@ -73,11 +73,7 @@ function getFirewallRule ($fwsettings) {
if (($fwsetting.Key -eq 'RemoteIP') -and ($output.$($fwsetting.Key) -eq ($fwsettings.$($fwsetting.Key)+'-'+$fwsettings.$($fwsetting.Key)))) { if (($fwsetting.Key -eq 'RemoteIP') -and ($output.$($fwsetting.Key) -eq ($fwsettings.$($fwsetting.Key)+'-'+$fwsettings.$($fwsetting.Key)))) {
$donothing=$false $donothing=$false
} elseif ((($fwsetting.Key -eq 'Name') -or ($fwsetting.Key -eq 'DisplayName')) -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) { } elseif (($fwsetting.Key -eq 'DisplayName') -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false
} elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false
} elseif (($fwsetting.Key -eq 'Enable') -and ($output."Enabled" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false $donothing=$false
} else { } else {
$diff=$true; $diff=$true;
@ -117,11 +113,17 @@ function getFirewallRule ($fwsettings) {
function createFireWallRule ($fwsettings) { function createFireWallRule ($fwsettings) {
$msg=@() $msg=@()
$execString="netsh advfirewall firewall add rule " $execString="netsh advfirewall firewall add rule"
ForEach ($fwsetting in $fwsettings.GetEnumerator()) { ForEach ($fwsetting in $fwsettings.GetEnumerator()) {
if ($fwsetting.key -eq 'Direction') { if ($fwsetting.key -eq 'Direction') {
$key='dir' $key='dir'
} elseif ($fwsetting.key -eq 'Rule Name') {
$key='name'
} elseif ($fwsetting.key -eq 'Enabled') {
$key='enable'
} elseif ($fwsetting.key -eq 'Profiles') {
$key='profile'
} else { } else {
$key=$($fwsetting.key).ToLower() $key=$($fwsetting.key).ToLower()
}; };
@ -159,7 +161,7 @@ function createFireWallRule ($fwsettings) {
function removeFireWallRule ($fwsettings) { function removeFireWallRule ($fwsettings) {
$msg=@() $msg=@()
try { try {
$rawoutput=@(netsh advfirewall firewall delete rule name="$($fwsettings.name)") $rawoutput=@(netsh advfirewall firewall delete rule name="$($fwsettings.'Rule Name')")
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin { $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
$FirstRun = $true; $FirstRun = $true;
$HashProps = @{}; $HashProps = @{};
@ -211,9 +213,9 @@ $misArg = ''
# Check the arguments # Check the arguments
if ($enable -ne $null) { if ($enable -ne $null) {
if ($enable -eq $true) { if ($enable -eq $true) {
$fwsettings.Add("Enable", "yes"); $fwsettings.Add("Enabled", "yes");
} elseif ($enable -eq $false) { } elseif ($enable -eq $false) {
$fwsettings.Add("Enable", "no"); $fwsettings.Add("Enabled", "no");
} else { } else {
$misArg+="enable"; $misArg+="enable";
$msg+=@("for the enable parameter only yes and no is allowed"); $msg+=@("for the enable parameter only yes and no is allowed");
@ -229,7 +231,7 @@ if ($name -eq ""){
$misArg+="Name"; $misArg+="Name";
$msg+=@("name is a required argument"); $msg+=@("name is a required argument");
} else { } else {
$fwsettings.Add("Name", $name) $fwsettings.Add("Rule Name", $name)
#$fwsettings.Add("displayname", $name) #$fwsettings.Add("displayname", $name)
}; };
if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){ if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){
@ -263,7 +265,7 @@ foreach ($arg in $args){
}; };
$winprofile=Get-Attr $params "profile" "current"; $winprofile=Get-Attr $params "profile" "current";
$fwsettings.Add("profile", $winprofile) $fwsettings.Add("Profiles", $winprofile)
if ($misArg){ if ($misArg){
$result=New-Object psobject @{ $result=New-Object psobject @{