fix: Add 'enable:' flag for enabling existing rules which are disabled by default.

This is a very much needed flag. To turn on/off existing firewall rules. And like the recent fix of the 'Profile' key, the netsh cmd prints 'Enabled' in the textual output. (at least on win10 it does). So again a similar small code added for the necessary exception handling when the difference check happens. Please merge / push upstream like the other fixes. Many thanks. This is the last fix I have put together for this patch set. So I will raise my PR now. But if you want to fix more bugs, it seems there may be others. In terms of the control code. Sometimes it will delete a rule under 'force' condition (when found difference) - but instead it is supposed to just modify the existing rule. Some weird behaviour regarding that. The other problem is that ansible does not return the error text printed by 'netsh' cmd verbatim... but it should as that makes debugging these errors a *lot* easier.
2015-10-06 14:03:27 +01:00 · 2015-10-06 14:03:27 +01:00 · ece9c2b43a
commit ece9c2b43a
parent dcaa794949
2 changed files with 24 additions and 3 deletions
--- a/windows/win_firewall_rule.ps1
+++ b/windows/win_firewall_rule.ps1
@ -22,7 +22,7 @@

 function getFirewallRule ($fwsettings) {
    try {
-            
+
        #$output = Get-NetFirewallRule -name $($fwsettings.name);
        $rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)")
        if (!($rawoutput -eq 'No rules match the specified criteria.')){
@ -77,6 +77,8 @@ function getFirewallRule ($fwsettings) {
                            $donothing=$false
                        } elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) {
                            $donothing=$false
+                        } elseif (($fwsetting.Key -eq 'Enable') -and ($output."Enabled" -eq $fwsettings.$($fwsetting.Key))) {
+                            $donothing=$false
                        } else {
                            $diff=$true;
                            $difference+=@($fwsettings.$($fwsetting.Key));
@ -196,6 +198,7 @@ $fwsettings=@{}
 # Variabelise the arguments
 $params=Parse-Args $args;

+$enable=Get-Attr $params "enable" $null;
 $state=Get-Attr $params "state" "present";
 $name=Get-Attr $params "name" "";
 $direction=Get-Attr $params "direction" "";
@ -203,6 +206,17 @@ $force=Get-Attr $params "force" $false;
 $action=Get-Attr $params "action" "";

 # Check the arguments
+if ($enable -ne $null) {
+    if ($enable -eq $true) {
+        $fwsettings.Add("Enable", "yes");
+    } elseif ($enable -eq $false) {
+        $fwsettings.Add("Enable", "no");
+    } else {
+        $misArg+="enable";
+        $msg+=@("for the enable parameter only yes and no is allowed");
+    };
+};
+
 if (($state -ne "present") -And ($state -ne "absent")){
    $misArg+="state";
    $msg+=@("for the state parameter only present and absent is allowed");
@ -294,7 +308,7 @@ switch ($state.ToLower()){
                };
                Exit-Json $result;
            }
-        } elseif ($capture.identical -eq $false) { 
+        } elseif ($capture.identical -eq $false) {
            if ($force -eq $true) {
                $capture=removeFirewallRule($fwsettings);
                $msg+=$capture.msg;
--- a/windows/win_firewall_rule.py
+++ b/windows/win_firewall_rule.py
@ -25,7 +25,13 @@ author: Timothy Vandenbrande
 short_description: Windows firewall automation
 description:
    - allows you to create/remove/update firewall rules
-options: 
+options:
+    enable:
+        description:
+            - is this firewall rule enabled or disabled
+        default: null
+        required: false
+        choices: ['yes', 'no']
    state:
        description:
            - create/remove/update or powermanage your VM
@ -108,6 +114,7 @@ EXAMPLES = '''
  action: win_firewall_rule
  args:
      name: smtp
+      enabled: yes
      state: present
      localport: 25
      action: allow