diff options
author | Timothy Vandenbrande <timothy.vandenbrande@ypto.be> | 2015-06-30 08:42:42 +0200 |
---|---|---|
committer | Timothy Vandenbrande <timothy.vandenbrande@ypto.be> | 2015-06-30 08:42:42 +0200 |
commit | 2a0df8ec04622de7e1f3d2e062cd95194540b42d (patch) | |
tree | 97bb1bd06af898ab7ea18b360ea4fbf53342c46f /windows/win_firewall_rule.ps1 | |
parent | ada6d0a18c5fff6cf454c41810c5e4b2e96f6231 (diff) | |
download | ansible-modules-extras-2a0df8ec04622de7e1f3d2e062cd95194540b42d.tar.gz |
renamed the module
Diffstat (limited to 'windows/win_firewall_rule.ps1')
-rw-r--r-- | windows/win_firewall_rule.ps1 | 354 |
1 files changed, 354 insertions, 0 deletions
diff --git a/windows/win_firewall_rule.ps1 b/windows/win_firewall_rule.ps1 new file mode 100644 index 00000000..fcdf3479 --- /dev/null +++ b/windows/win_firewall_rule.ps1 @@ -0,0 +1,354 @@ +#!powershell +# +# WANT_JSON +# POWERSHELL_COMMON + +function getFirewallRule ($fwsettings) { + try { + + #$output = Get-NetFirewallRule -name $($fwsettings.name); + $rawoutput=@(netsh advfirewall firewall show rule name=$($fwsettings.Name)) + if (!($rawoutput -eq 'No rules match the specified criteria.')){ + $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin { + $FirstRun = $true; + $HashProps = @{}; + } -Process { + if (($Matches[1] -eq 'Rule Name') -and (!($FirstRun))) { + #$output=New-Object -TypeName PSCustomObject -Property $HashProps; + $output=$HashProps; + $HashProps = @{}; + }; + $HashProps.$($Matches[1]) = $Matches[2]; + $FirstRun = $false; + } -End { + #$output=New-Object -TypeName PSCustomObject -Property $HashProps; + $output=$HashProps; + } + } + $exists=$false; + $correct=$true; + $diff=$false; + $multi=$false; + $correct=$false; + $difference=@(); + $msg=@(); + if ($($output|measure).count -gt 0) { + $exists=$true; + $msg += @("The rule '" + $fwsettings.name + "' exists."); + if ($($output|measure).count -gt 1) { + $multi=$true + $msg += @("The rule '" + $fwsettings.name + "' has multiple entries."); + ForEach($rule in $output.GetEnumerator()) { + ForEach($fwsetting in $fwsettings.GetEnumerator()) { + if ( $rule.$fwsetting -ne $fwsettings.$fwsetting) { + $diff=$true; + #$difference+=@($fwsettings.$($fwsetting.Key)); + $difference+=@("output:$rule.$fwsetting,fwsetting:$fwsettings.$fwsetting"); + }; + }; + if ($diff -eq $false) { + $correct=$true + }; + }; + } else { + ForEach($fwsetting in $fwsettings.GetEnumerator()) { + if ( $output.$($fwsetting.Key) -ne $fwsettings.$($fwsetting.Key)) { + + if (($fwsetting.Key -eq 'RemoteIP') -and ($output.$($fwsetting.Key) -eq ($fwsettings.$($fwsetting.Key)+'-'+$fwsettings.$($fwsetting.Key)))) { + $donothing=$false + } elseif ((($fwsetting.Key -eq 'Name') -or ($fwsetting.Key -eq 'DisplayName')) -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) { + $donothing=$false + } else { + $diff=$true; + $difference+=@($fwsettings.$($fwsetting.Key)); + }; + }; + }; + if ($diff -eq $false) { + $correct=$true + }; + }; + if ($correct) { + $msg += @("An identical rule exists"); + } else { + $msg += @("The rule exists but has different values"); + } + } else { + $msg += @("No rule could be found"); + }; + $result = @{ + exists = $exists + identical = $correct + multiple = $multi + difference = $difference + msg = $msg + } + } catch [Exception]{ + $result = @{ + failed = $true + error = $_.Exception.Message + msg = $msg + } + }; + return $result +}; + +function createFireWallRule ($fwsettings) { + $msg=@() + $execString="netsh advfirewall firewall add rule " + + ForEach ($fwsetting in $fwsettings.GetEnumerator()) { + if ($fwsetting.key -eq 'Direction') { + $key='dir' + } else { + $key=$($fwsetting.key).ToLower() + }; + $execString+=" "; + $execString+=$key; + $execString+="="; + $execString+=$fwsetting.value; + #$execString+="'"; + }; + try { + #$msg+=@($execString); + $output=$(Invoke-Expression $execString| ? {$_}); + $msg+=@("Created firewall rule $name"); + + $result=@{ + output=$output + changed=$true + msg=$msg + }; + + } catch [Exception]{ + $msg=@("Failed to create the rule") + $result=@{ + output=$output + failed=$true + error=$_.Exception.Message + msg=$msg + }; + }; + return $result +}; + +function removeFireWallRule ($fwsettings) { + $msg=@() + try { + $rawoutput=@(netsh advfirewall firewall delete rule name=$($fwsettings.name)) + $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin { + $FirstRun = $true; + $HashProps = @{}; + } -Process { + if (($Matches[1] -eq 'Rule Name') -and (!($FirstRun))) { + $output=$HashProps; + $HashProps = @{}; + }; + $HashProps.$($Matches[1]) = $Matches[2]; + $FirstRun = $false; + } -End { + $output=$HashProps; + }; + $msg+=@("Removed the rule") + $result=@{ + failed=$false + changed=$true + msg=$msg + output=$output + }; + } catch [Exception]{ + $msg+=@("Failed to remove the rule") + $result=@{ + failed=$true + error=$_.Exception.Message + msg=$msg + } + }; + return $result +} + +# Mount Drives +$change=$false; +$fail=$false; +$msg=@(); +$fwsettings=@{} + +# Variabelise the arguments +$params=Parse-Args $args; + +$state=Get-Attr $params "state" "present"; +$name=Get-Attr $params "name" ""; +$direction=Get-Attr $params "direction" ""; +$force=Get-Attr $params "force" $false; +$action=Get-Attr $params "action" ""; + +# Check the arguments +if (($state -ne "present") -And ($state -ne "absent")){ + $misArg+="state"; + $msg+=@("for the state parameter only present and absent is allowed"); +}; + +if ($name -eq ""){ + $misArg+="Name"; + $msg+=@("name is a required argument"); +} else { + $fwsettings.Add("Name", $name) + #$fwsettings.Add("displayname", $name) +}; +if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){ + $misArg+="Direction"; + $msg+=@("for the Direction parameter only the values 'In' and 'Out' are allowed"); +} else { + $fwsettings.Add("Direction", $direction) +}; +if ((($action.ToLower() -ne "allow") -And ($action.ToLower() -ne "block")) -And ($state -eq "present")){ + $misArg+="Action"; + $msg+=@("for the Action parameter only the values 'allow' and 'block' are allowed"); +} else { + $fwsettings.Add("Action", $action) +}; +$args=@( + "Description", + "LocalIP", + "RemoteIP", + "LocalPort", + "RemotePort", + "Program", + "Service", + "Protocol" +) + +foreach ($arg in $args){ + New-Variable -Name $arg -Value $(Get-Attr $params $arg ""); + if ((Get-Variable -Name $arg -ValueOnly) -ne ""){ + $fwsettings.Add($arg, $(Get-Variable -Name $arg -ValueOnly)); + }; +}; + +$profile=Get-Attr $params "profile" "all"; +if (($profile -ne 'current') -or ($profile -ne 'domain') -or ($profile -ne 'standard') -or ($profile -ne 'all') ) { + $misArg+="Profile"; + $msg+=@("for the Profile parameter only the values 'current', 'domain', 'standard' or 'all' are allowed"); +} else { + + $fwsettings.Add("profile", $profile) +} + +if ($($($misArg|measure).count) -gt 0){ + $result=New-Object psobject @{ + changed=$false + failed=$true + msg=$msg + }; + Exit-Json($result); +}; + +$output=@() +$capture=getFirewallRule ($fwsettings); +if ($capture.failed -eq $true) { + $msg+=$capture.msg; + $result=New-Object psobject @{ + changed=$false + failed=$true + error=$capture.error + msg=$msg + }; + Exit-Json $result; +} else { + $diff=$capture.difference + $msg+=$capture.msg; + $identical=$capture.identical; + $multiple=$capture.multiple; +} + + +switch ($state.ToLower()){ + "present" { + if ($capture.exists -eq $false) { + $capture=createFireWallRule($fwsettings); + $msg+=$capture.msg; + $change=$true; + if ($capture.failed -eq $true){ + $result=New-Object psobject @{ + failed=$capture.failed + error=$capture.error + output=$capture.output + changed=$change + msg=$msg + difference=$diff + fwsettings=$fwsettings + }; + Exit-Json $result; + } + } elseif ($capture.identical -eq $false) { + if ($force -eq $true) { + $capture=removeFirewallRule($fwsettings); + $msg+=$capture.msg; + $change=$true; + if ($capture.failed -eq $true){ + $result=New-Object psobject @{ + failed=$capture.failed + error=$capture.error + changed=$change + msg=$msg + output=$capture.output + fwsettings=$fwsettings + }; + Exit-Json $result; + } + $capture=createFireWallRule($fwsettings); + $msg+=$capture.msg; + $change=$true; + if ($capture.failed -eq $true){ + $result=New-Object psobject @{ + failed=$capture.failed + error=$capture.error + changed=$change + msg=$msg + difference=$diff + fwsettings=$fwsettings + }; + Exit-Json $result; + } + + } else { + $fail=$true + $msg+=@("There was already a rule $name with different values, use force=True to overwrite it"); + } + } elseif ($capture.identical -eq $true) { + $msg+=@("Firewall rule $name was already created"); + }; + } + "absent" { + if ($capture.exists -eq $true) { + $capture=removeFirewallRule($fwsettings); + $msg+=$capture.msg; + $change=$true; + if ($capture.failed -eq $true){ + $result=New-Object psobject @{ + failed=$capture.failed + error=$capture.error + changed=$change + msg=$msg + output=$capture.output + fwsettings=$fwsettings + }; + Exit-Json $result; + } + } else { + $msg+=@("Firewall rule $name did not exist"); + }; + } +}; + + +$result=New-Object psobject @{ + failed=$fail + changed=$change + msg=$msg + difference=$diff + fwsettings=$fwsettings +}; + + +Exit-Json $result; |