469d22df97
Hi again. This commit removes a small portion of your script's own internal error checking. In specific: for the value of the profile: key. This is essential to avoid errors on other verisons of the windows operating system which are not win2008r2 (your version). For example: on win10 (and most likely win8x too), the names of the profiles don't include the values 'current' and 'all'. But instead the values are 'Public' 'Private' 'Domain' and 'Any. But in addition, there are also certain combinatorial values, such as profile=Public,Private etc. Which is too many to error check yourself. Yet removing the error checking here should not cause any ill effects however: since the netsh advfirewall ... cmds themselves to add / remove / modify actually to their own error checking of the profile=value. So when the cmd is run, it will error out itself with an appropriate / informative error msg. No harm done. Therefore please remove the highlighed portions from your own script. It is essential for interoperability with win10 and win8x. Many thanks.
116 lines
3 KiB
Python
116 lines
3 KiB
Python
#!/usr/bin/env python
|
|
|
|
# (c) 2014, Timothy Vandenbrande <timothy.vandenbrande@gmail.com>
|
|
#
|
|
# This file is part of Ansible
|
|
#
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
DOCUMENTATION = '''
|
|
---
|
|
module: win_fw
|
|
version_added: "2.0"
|
|
author: Timothy Vandenbrande
|
|
short_description: Windows firewall automation
|
|
description:
|
|
- allows you to create/remove/update firewall rules
|
|
options:
|
|
state:
|
|
description:
|
|
- create/remove/update or powermanage your VM
|
|
default: "present"
|
|
required: true
|
|
choices: ['present', 'absent']
|
|
name:
|
|
description:
|
|
- the rules name
|
|
default: null
|
|
required: true
|
|
direction:
|
|
description:
|
|
- is this rule for inbound or outbound trafic
|
|
default: null
|
|
required: true
|
|
choices: [ 'In', 'Out' ]
|
|
action:
|
|
description:
|
|
- what to do with the items this rule is for
|
|
default: null
|
|
required: true
|
|
choices: [ 'allow', 'block' ]
|
|
description:
|
|
description:
|
|
- description for the firewall rule
|
|
default: null
|
|
required: false
|
|
localip:
|
|
description:
|
|
- the local ip address this rule applies to
|
|
default: null
|
|
required: false
|
|
remoteip:
|
|
description:
|
|
- the remote ip address/range this rule applies to
|
|
default: null
|
|
required: false
|
|
localport:
|
|
description:
|
|
- the local port this rule applies to
|
|
default: null
|
|
required: false
|
|
remoteport:
|
|
description:
|
|
- the remote port this rule applies to
|
|
default: null
|
|
required: false
|
|
program:
|
|
description:
|
|
- the program this rule applies to
|
|
default: null
|
|
required: false
|
|
service:
|
|
description:
|
|
- the service this rule applies to
|
|
default: null
|
|
required: false
|
|
protocol:
|
|
description:
|
|
- the protocol this rule applies to
|
|
default: null
|
|
required: false
|
|
profile:
|
|
description:
|
|
- the profile this rule applies to
|
|
default: null
|
|
required: false
|
|
force:
|
|
description:
|
|
- Enforces the change if a rule with different values exists
|
|
default: false
|
|
required: false
|
|
|
|
|
|
'''
|
|
|
|
EXAMPLES = '''
|
|
# create smtp firewall rule
|
|
action: win_fw
|
|
args:
|
|
name: smtp
|
|
state: present
|
|
localport: 25
|
|
action: allow
|
|
protocol: TCP
|
|
|
|
'''
|