cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #1064 from dreamcat4/feature/win_fw-hotfixes

Browse source 
hotfixes: module windows/win_firewall_rules
This commit is contained in:
Brian Coca 2015-10-12 09:27:18 -04:00
commit cc69ac1513
2 changed files with 38 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
windows/win_firewall_rule.ps1
View file

@ -22,9 +22,9 @@
function getFirewallRule ($fwsettings) { function getFirewallRule ($fwsettings) {
try { try {
#$output = Get-NetFirewallRule -name $($fwsettings.name); #$output = Get-NetFirewallRule -name $($fwsettings.name);
$rawoutput=@(netsh advfirewall firewall show rule name=$($fwsettings.Name)) $rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)")
if (!($rawoutput -eq 'No rules match the specified criteria.')){ if (!($rawoutput -eq 'No rules match the specified criteria.')){
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin { $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
$FirstRun = $true; $FirstRun = $true;
@ -75,6 +75,10 @@ function getFirewallRule ($fwsettings) {
$donothing=$false $donothing=$false
} elseif ((($fwsetting.Key -eq 'Name') -or ($fwsetting.Key -eq 'DisplayName')) -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) { } elseif ((($fwsetting.Key -eq 'Name') -or ($fwsetting.Key -eq 'DisplayName')) -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false $donothing=$false
} elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false
} elseif (($fwsetting.Key -eq 'Enable') -and ($output."Enabled" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false
} else { } else {
$diff=$true; $diff=$true;
$difference+=@($fwsettings.$($fwsetting.Key)); $difference+=@($fwsettings.$($fwsetting.Key));
@ -123,8 +127,9 @@ function createFireWallRule ($fwsettings) {
$execString+=" "; $execString+=" ";
$execString+=$key; $execString+=$key;
$execString+="="; $execString+="=";
$execString+='"';
$execString+=$fwsetting.value; $execString+=$fwsetting.value;
#$execString+="'"; $execString+='"';
}; };
try { try {
#$msg+=@($execString); #$msg+=@($execString);
@ -152,7 +157,7 @@ function createFireWallRule ($fwsettings) {
function removeFireWallRule ($fwsettings) { function removeFireWallRule ($fwsettings) {
$msg=@() $msg=@()
try { try {
$rawoutput=@(netsh advfirewall firewall delete rule name=$($fwsettings.name)) $rawoutput=@(netsh advfirewall firewall delete rule name="$($fwsettings.name)")
$rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin { $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
$FirstRun = $true; $FirstRun = $true;
$HashProps = @{}; $HashProps = @{};
@ -193,6 +198,7 @@ $fwsettings=@{}
# Variabelise the arguments # Variabelise the arguments
$params=Parse-Args $args; $params=Parse-Args $args;
$enable=Get-Attr $params "enable" $null;
$state=Get-Attr $params "state" "present"; $state=Get-Attr $params "state" "present";
$name=Get-Attr $params "name" ""; $name=Get-Attr $params "name" "";
$direction=Get-Attr $params "direction" ""; $direction=Get-Attr $params "direction" "";
@ -200,6 +206,17 @@ $force=Get-Attr $params "force" $false;
$action=Get-Attr $params "action" ""; $action=Get-Attr $params "action" "";
# Check the arguments # Check the arguments
if ($enable -ne $null) {
if ($enable -eq $true) {
$fwsettings.Add("Enable", "yes");
} elseif ($enable -eq $false) {
$fwsettings.Add("Enable", "no");
} else {
$misArg+="enable";
$msg+=@("for the enable parameter only yes and no is allowed");
};
};
if (($state -ne "present") -And ($state -ne "absent")){ if (($state -ne "present") -And ($state -ne "absent")){
$misArg+="state"; $misArg+="state";
$msg+=@("for the state parameter only present and absent is allowed"); $msg+=@("for the state parameter only present and absent is allowed");
@ -243,13 +260,7 @@ foreach ($arg in $args){
}; };
$winprofile=Get-Attr $params "profile" "current"; $winprofile=Get-Attr $params "profile" "current";
if (($winprofile -ne 'current') -or ($winprofile -ne 'domain') -or ($winprofile -ne 'standard') -or ($winprofile -ne 'all') ) { $fwsettings.Add("profile", $winprofile)
$misArg+="Profile";
$msg+=@("for the Profile parameter only the values 'current', 'domain', 'standard' or 'all' are allowed");
} else {
$fwsettings.Add("profile", $winprofile)
}
if ($($($misArg|measure).count) -gt 0){ if ($($($misArg|measure).count) -gt 0){
$result=New-Object psobject @{ $result=New-Object psobject @{
@ -297,7 +308,7 @@ switch ($state.ToLower()){
}; };
Exit-Json $result; Exit-Json $result;
} }
} elseif ($capture.identical -eq $false) { } elseif ($capture.identical -eq $false) {
if ($force -eq $true) { if ($force -eq $true) {
$capture=removeFirewallRule($fwsettings); $capture=removeFirewallRule($fwsettings);
$msg+=$capture.msg; $msg+=$capture.msg;

23
windows/win_firewall_rule.py
View file

@ -19,13 +19,19 @@
DOCUMENTATION = ''' DOCUMENTATION = '''
--- ---
module: win_fw module: win_firewall_rule
version_added: "2.0" version_added: "2.0"
author: Timothy Vandenbrande author: Timothy Vandenbrande
short_description: Windows firewall automation short_description: Windows firewall automation
description: description:
- allows you to create/remove/update firewall rules - allows you to create/remove/update firewall rules
options: options:
enable:
description:
- is this firewall rule enabled or disabled
default: null
required: false
choices: ['yes', 'no']
state: state:
description: description:
- create/remove/update or powermanage your VM - create/remove/update or powermanage your VM
@ -90,24 +96,25 @@ options:
default: null default: null
required: false required: false
profile: profile:
describtion: description:
- the profile this rule applies to - the profile this rule applies to
default: current default: null
choices: ['current', 'domain', 'standard', 'all'] required: false
force: force:
description: description:
- Enforces the change if a rule with different values exists - Enforces the change if a rule with different values exists
default: false default: false
required: false required: false
''' '''
EXAMPLES = ''' EXAMPLES = '''
# create smtp firewall rule - name: Firewall rule to allow smtp on TCP port 25
action: win_fw action: win_firewall_rule
args: args:
name: smtp name: smtp
enabled: yes
state: present state: present
localport: 25 localport: 25
action: allow action: allow