fix: Add 'enable:' flag for enabling existing rules which are disabled by default.
This is a very much needed flag. To turn on/off existing firewall rules. And like the recent fix of the 'Profile' key, the netsh cmd prints 'Enabled' in the textual output. (at least on win10 it does). So again a similar small code added for the necessary exception handling when the difference check happens. Please merge / push upstream like the other fixes. Many thanks. This is the last fix I have put together for this patch set. So I will raise my PR now. But if you want to fix more bugs, it seems there may be others. In terms of the control code. Sometimes it will delete a rule under 'force' condition (when found difference) - but instead it is supposed to just modify the existing rule. Some weird behaviour regarding that. The other problem is that ansible does not return the error text printed by 'netsh' cmd verbatim... but it should as that makes debugging these errors a *lot* easier.
This commit is contained in:
parent
e0da4a3362
commit
40a1bd1962
2 changed files with 24 additions and 3 deletions
|
@ -22,7 +22,7 @@
|
||||||
|
|
||||||
function getFirewallRule ($fwsettings) {
|
function getFirewallRule ($fwsettings) {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
#$output = Get-NetFirewallRule -name $($fwsettings.name);
|
#$output = Get-NetFirewallRule -name $($fwsettings.name);
|
||||||
$rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)")
|
$rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)")
|
||||||
if (!($rawoutput -eq 'No rules match the specified criteria.')){
|
if (!($rawoutput -eq 'No rules match the specified criteria.')){
|
||||||
|
@ -77,6 +77,8 @@ function getFirewallRule ($fwsettings) {
|
||||||
$donothing=$false
|
$donothing=$false
|
||||||
} elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) {
|
} elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) {
|
||||||
$donothing=$false
|
$donothing=$false
|
||||||
|
} elseif (($fwsetting.Key -eq 'Enable') -and ($output."Enabled" -eq $fwsettings.$($fwsetting.Key))) {
|
||||||
|
$donothing=$false
|
||||||
} else {
|
} else {
|
||||||
$diff=$true;
|
$diff=$true;
|
||||||
$difference+=@($fwsettings.$($fwsetting.Key));
|
$difference+=@($fwsettings.$($fwsetting.Key));
|
||||||
|
@ -196,6 +198,7 @@ $fwsettings=@{}
|
||||||
# Variabelise the arguments
|
# Variabelise the arguments
|
||||||
$params=Parse-Args $args;
|
$params=Parse-Args $args;
|
||||||
|
|
||||||
|
$enable=Get-Attr $params "enable" $null;
|
||||||
$state=Get-Attr $params "state" "present";
|
$state=Get-Attr $params "state" "present";
|
||||||
$name=Get-Attr $params "name" "";
|
$name=Get-Attr $params "name" "";
|
||||||
$direction=Get-Attr $params "direction" "";
|
$direction=Get-Attr $params "direction" "";
|
||||||
|
@ -203,6 +206,17 @@ $force=Get-Attr $params "force" $false;
|
||||||
$action=Get-Attr $params "action" "";
|
$action=Get-Attr $params "action" "";
|
||||||
|
|
||||||
# Check the arguments
|
# Check the arguments
|
||||||
|
if ($enable -ne $null) {
|
||||||
|
if ($enable -eq $true) {
|
||||||
|
$fwsettings.Add("Enable", "yes");
|
||||||
|
} elseif ($enable -eq $false) {
|
||||||
|
$fwsettings.Add("Enable", "no");
|
||||||
|
} else {
|
||||||
|
$misArg+="enable";
|
||||||
|
$msg+=@("for the enable parameter only yes and no is allowed");
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
if (($state -ne "present") -And ($state -ne "absent")){
|
if (($state -ne "present") -And ($state -ne "absent")){
|
||||||
$misArg+="state";
|
$misArg+="state";
|
||||||
$msg+=@("for the state parameter only present and absent is allowed");
|
$msg+=@("for the state parameter only present and absent is allowed");
|
||||||
|
@ -294,7 +308,7 @@ switch ($state.ToLower()){
|
||||||
};
|
};
|
||||||
Exit-Json $result;
|
Exit-Json $result;
|
||||||
}
|
}
|
||||||
} elseif ($capture.identical -eq $false) {
|
} elseif ($capture.identical -eq $false) {
|
||||||
if ($force -eq $true) {
|
if ($force -eq $true) {
|
||||||
$capture=removeFirewallRule($fwsettings);
|
$capture=removeFirewallRule($fwsettings);
|
||||||
$msg+=$capture.msg;
|
$msg+=$capture.msg;
|
||||||
|
|
|
@ -25,7 +25,13 @@ author: Timothy Vandenbrande
|
||||||
short_description: Windows firewall automation
|
short_description: Windows firewall automation
|
||||||
description:
|
description:
|
||||||
- allows you to create/remove/update firewall rules
|
- allows you to create/remove/update firewall rules
|
||||||
options:
|
options:
|
||||||
|
enable:
|
||||||
|
description:
|
||||||
|
- is this firewall rule enabled or disabled
|
||||||
|
default: null
|
||||||
|
required: false
|
||||||
|
choices: ['yes', 'no']
|
||||||
state:
|
state:
|
||||||
description:
|
description:
|
||||||
- create/remove/update or powermanage your VM
|
- create/remove/update or powermanage your VM
|
||||||
|
@ -108,6 +114,7 @@ EXAMPLES = '''
|
||||||
action: win_firewall_rule
|
action: win_firewall_rule
|
||||||
args:
|
args:
|
||||||
name: smtp
|
name: smtp
|
||||||
|
enabled: yes
|
||||||
state: present
|
state: present
|
||||||
localport: 25
|
localport: 25
|
||||||
action: allow
|
action: allow
|
||||||
|
|
Loading…
Reference in a new issue