From ece9c2b43aba70228efdcf4efe36eb578b81abd3 Mon Sep 17 00:00:00 2001 From: Dreamcat4 Date: Tue, 6 Oct 2015 14:03:27 +0100 Subject: [PATCH] fix: Add 'enable:' flag for enabling existing rules which are disabled by default. This is a very much needed flag. To turn on/off existing firewall rules. And like the recent fix of the 'Profile' key, the netsh cmd prints 'Enabled' in the textual output. (at least on win10 it does). So again a similar small code added for the necessary exception handling when the difference check happens. Please merge / push upstream like the other fixes. Many thanks. This is the last fix I have put together for this patch set. So I will raise my PR now. But if you want to fix more bugs, it seems there may be others. In terms of the control code. Sometimes it will delete a rule under 'force' condition (when found difference) - but instead it is supposed to just modify the existing rule. Some weird behaviour regarding that. The other problem is that ansible does not return the error text printed by 'netsh' cmd verbatim... but it should as that makes debugging these errors a *lot* easier. --- windows/win_firewall_rule.ps1 | 18 ++++++++++++++++-- windows/win_firewall_rule.py | 9 ++++++++- 2 files changed, 24 insertions(+), 3 deletions(-) diff --git a/windows/win_firewall_rule.ps1 b/windows/win_firewall_rule.ps1 index 8ef2d83aff6..63ada997456 100644 --- a/windows/win_firewall_rule.ps1 +++ b/windows/win_firewall_rule.ps1 @@ -22,7 +22,7 @@ function getFirewallRule ($fwsettings) { try { - + #$output = Get-NetFirewallRule -name $($fwsettings.name); $rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)") if (!($rawoutput -eq 'No rules match the specified criteria.')){ @@ -77,6 +77,8 @@ function getFirewallRule ($fwsettings) { $donothing=$false } elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) { $donothing=$false + } elseif (($fwsetting.Key -eq 'Enable') -and ($output."Enabled" -eq $fwsettings.$($fwsetting.Key))) { + $donothing=$false } else { $diff=$true; $difference+=@($fwsettings.$($fwsetting.Key)); @@ -196,6 +198,7 @@ $fwsettings=@{} # Variabelise the arguments $params=Parse-Args $args; +$enable=Get-Attr $params "enable" $null; $state=Get-Attr $params "state" "present"; $name=Get-Attr $params "name" ""; $direction=Get-Attr $params "direction" ""; @@ -203,6 +206,17 @@ $force=Get-Attr $params "force" $false; $action=Get-Attr $params "action" ""; # Check the arguments +if ($enable -ne $null) { + if ($enable -eq $true) { + $fwsettings.Add("Enable", "yes"); + } elseif ($enable -eq $false) { + $fwsettings.Add("Enable", "no"); + } else { + $misArg+="enable"; + $msg+=@("for the enable parameter only yes and no is allowed"); + }; +}; + if (($state -ne "present") -And ($state -ne "absent")){ $misArg+="state"; $msg+=@("for the state parameter only present and absent is allowed"); @@ -294,7 +308,7 @@ switch ($state.ToLower()){ }; Exit-Json $result; } - } elseif ($capture.identical -eq $false) { + } elseif ($capture.identical -eq $false) { if ($force -eq $true) { $capture=removeFirewallRule($fwsettings); $msg+=$capture.msg; diff --git a/windows/win_firewall_rule.py b/windows/win_firewall_rule.py index 1463719356d..64ec3050474 100644 --- a/windows/win_firewall_rule.py +++ b/windows/win_firewall_rule.py @@ -25,7 +25,13 @@ author: Timothy Vandenbrande short_description: Windows firewall automation description: - allows you to create/remove/update firewall rules -options: +options: + enable: + description: + - is this firewall rule enabled or disabled + default: null + required: false + choices: ['yes', 'no'] state: description: - create/remove/update or powermanage your VM @@ -108,6 +114,7 @@ EXAMPLES = ''' action: win_firewall_rule args: name: smtp + enabled: yes state: present localport: 25 action: allow