summaryrefslogtreecommitdiff
path: root/windows/win_firewall_rule.ps1
diff options
context:
space:
mode:
authorTimothy Vandenbrande <timothy.vandenbrande@ypto.be>2015-06-30 08:42:42 +0200
committerTimothy Vandenbrande <timothy.vandenbrande@ypto.be>2015-06-30 08:42:42 +0200
commit2a0df8ec04622de7e1f3d2e062cd95194540b42d (patch)
tree97bb1bd06af898ab7ea18b360ea4fbf53342c46f /windows/win_firewall_rule.ps1
parentada6d0a18c5fff6cf454c41810c5e4b2e96f6231 (diff)
downloadansible-modules-extras-2a0df8ec04622de7e1f3d2e062cd95194540b42d.tar.gz
renamed the module
Diffstat (limited to 'windows/win_firewall_rule.ps1')
-rw-r--r--windows/win_firewall_rule.ps1354
1 files changed, 354 insertions, 0 deletions
diff --git a/windows/win_firewall_rule.ps1 b/windows/win_firewall_rule.ps1
new file mode 100644
index 00000000..fcdf3479
--- /dev/null
+++ b/windows/win_firewall_rule.ps1
@@ -0,0 +1,354 @@
+#!powershell
+#
+# WANT_JSON
+# POWERSHELL_COMMON
+
+function getFirewallRule ($fwsettings) {
+ try {
+
+ #$output = Get-NetFirewallRule -name $($fwsettings.name);
+ $rawoutput=@(netsh advfirewall firewall show rule name=$($fwsettings.Name))
+ if (!($rawoutput -eq 'No rules match the specified criteria.')){
+ $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
+ $FirstRun = $true;
+ $HashProps = @{};
+ } -Process {
+ if (($Matches[1] -eq 'Rule Name') -and (!($FirstRun))) {
+ #$output=New-Object -TypeName PSCustomObject -Property $HashProps;
+ $output=$HashProps;
+ $HashProps = @{};
+ };
+ $HashProps.$($Matches[1]) = $Matches[2];
+ $FirstRun = $false;
+ } -End {
+ #$output=New-Object -TypeName PSCustomObject -Property $HashProps;
+ $output=$HashProps;
+ }
+ }
+ $exists=$false;
+ $correct=$true;
+ $diff=$false;
+ $multi=$false;
+ $correct=$false;
+ $difference=@();
+ $msg=@();
+ if ($($output|measure).count -gt 0) {
+ $exists=$true;
+ $msg += @("The rule '" + $fwsettings.name + "' exists.");
+ if ($($output|measure).count -gt 1) {
+ $multi=$true
+ $msg += @("The rule '" + $fwsettings.name + "' has multiple entries.");
+ ForEach($rule in $output.GetEnumerator()) {
+ ForEach($fwsetting in $fwsettings.GetEnumerator()) {
+ if ( $rule.$fwsetting -ne $fwsettings.$fwsetting) {
+ $diff=$true;
+ #$difference+=@($fwsettings.$($fwsetting.Key));
+ $difference+=@("output:$rule.$fwsetting,fwsetting:$fwsettings.$fwsetting");
+ };
+ };
+ if ($diff -eq $false) {
+ $correct=$true
+ };
+ };
+ } else {
+ ForEach($fwsetting in $fwsettings.GetEnumerator()) {
+ if ( $output.$($fwsetting.Key) -ne $fwsettings.$($fwsetting.Key)) {
+
+ if (($fwsetting.Key -eq 'RemoteIP') -and ($output.$($fwsetting.Key) -eq ($fwsettings.$($fwsetting.Key)+'-'+$fwsettings.$($fwsetting.Key)))) {
+ $donothing=$false
+ } elseif ((($fwsetting.Key -eq 'Name') -or ($fwsetting.Key -eq 'DisplayName')) -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) {
+ $donothing=$false
+ } else {
+ $diff=$true;
+ $difference+=@($fwsettings.$($fwsetting.Key));
+ };
+ };
+ };
+ if ($diff -eq $false) {
+ $correct=$true
+ };
+ };
+ if ($correct) {
+ $msg += @("An identical rule exists");
+ } else {
+ $msg += @("The rule exists but has different values");
+ }
+ } else {
+ $msg += @("No rule could be found");
+ };
+ $result = @{
+ exists = $exists
+ identical = $correct
+ multiple = $multi
+ difference = $difference
+ msg = $msg
+ }
+ } catch [Exception]{
+ $result = @{
+ failed = $true
+ error = $_.Exception.Message
+ msg = $msg
+ }
+ };
+ return $result
+};
+
+function createFireWallRule ($fwsettings) {
+ $msg=@()
+ $execString="netsh advfirewall firewall add rule "
+
+ ForEach ($fwsetting in $fwsettings.GetEnumerator()) {
+ if ($fwsetting.key -eq 'Direction') {
+ $key='dir'
+ } else {
+ $key=$($fwsetting.key).ToLower()
+ };
+ $execString+=" ";
+ $execString+=$key;
+ $execString+="=";
+ $execString+=$fwsetting.value;
+ #$execString+="'";
+ };
+ try {
+ #$msg+=@($execString);
+ $output=$(Invoke-Expression $execString| ? {$_});
+ $msg+=@("Created firewall rule $name");
+
+ $result=@{
+ output=$output
+ changed=$true
+ msg=$msg
+ };
+
+ } catch [Exception]{
+ $msg=@("Failed to create the rule")
+ $result=@{
+ output=$output
+ failed=$true
+ error=$_.Exception.Message
+ msg=$msg
+ };
+ };
+ return $result
+};
+
+function removeFireWallRule ($fwsettings) {
+ $msg=@()
+ try {
+ $rawoutput=@(netsh advfirewall firewall delete rule name=$($fwsettings.name))
+ $rawoutput | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
+ $FirstRun = $true;
+ $HashProps = @{};
+ } -Process {
+ if (($Matches[1] -eq 'Rule Name') -and (!($FirstRun))) {
+ $output=$HashProps;
+ $HashProps = @{};
+ };
+ $HashProps.$($Matches[1]) = $Matches[2];
+ $FirstRun = $false;
+ } -End {
+ $output=$HashProps;
+ };
+ $msg+=@("Removed the rule")
+ $result=@{
+ failed=$false
+ changed=$true
+ msg=$msg
+ output=$output
+ };
+ } catch [Exception]{
+ $msg+=@("Failed to remove the rule")
+ $result=@{
+ failed=$true
+ error=$_.Exception.Message
+ msg=$msg
+ }
+ };
+ return $result
+}
+
+# Mount Drives
+$change=$false;
+$fail=$false;
+$msg=@();
+$fwsettings=@{}
+
+# Variabelise the arguments
+$params=Parse-Args $args;
+
+$state=Get-Attr $params "state" "present";
+$name=Get-Attr $params "name" "";
+$direction=Get-Attr $params "direction" "";
+$force=Get-Attr $params "force" $false;
+$action=Get-Attr $params "action" "";
+
+# Check the arguments
+if (($state -ne "present") -And ($state -ne "absent")){
+ $misArg+="state";
+ $msg+=@("for the state parameter only present and absent is allowed");
+};
+
+if ($name -eq ""){
+ $misArg+="Name";
+ $msg+=@("name is a required argument");
+} else {
+ $fwsettings.Add("Name", $name)
+ #$fwsettings.Add("displayname", $name)
+};
+if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){
+ $misArg+="Direction";
+ $msg+=@("for the Direction parameter only the values 'In' and 'Out' are allowed");
+} else {
+ $fwsettings.Add("Direction", $direction)
+};
+if ((($action.ToLower() -ne "allow") -And ($action.ToLower() -ne "block")) -And ($state -eq "present")){
+ $misArg+="Action";
+ $msg+=@("for the Action parameter only the values 'allow' and 'block' are allowed");
+} else {
+ $fwsettings.Add("Action", $action)
+};
+$args=@(
+ "Description",
+ "LocalIP",
+ "RemoteIP",
+ "LocalPort",
+ "RemotePort",
+ "Program",
+ "Service",
+ "Protocol"
+)
+
+foreach ($arg in $args){
+ New-Variable -Name $arg -Value $(Get-Attr $params $arg "");
+ if ((Get-Variable -Name $arg -ValueOnly) -ne ""){
+ $fwsettings.Add($arg, $(Get-Variable -Name $arg -ValueOnly));
+ };
+};
+
+$profile=Get-Attr $params "profile" "all";
+if (($profile -ne 'current') -or ($profile -ne 'domain') -or ($profile -ne 'standard') -or ($profile -ne 'all') ) {
+ $misArg+="Profile";
+ $msg+=@("for the Profile parameter only the values 'current', 'domain', 'standard' or 'all' are allowed");
+} else {
+
+ $fwsettings.Add("profile", $profile)
+}
+
+if ($($($misArg|measure).count) -gt 0){
+ $result=New-Object psobject @{
+ changed=$false
+ failed=$true
+ msg=$msg
+ };
+ Exit-Json($result);
+};
+
+$output=@()
+$capture=getFirewallRule ($fwsettings);
+if ($capture.failed -eq $true) {
+ $msg+=$capture.msg;
+ $result=New-Object psobject @{
+ changed=$false
+ failed=$true
+ error=$capture.error
+ msg=$msg
+ };
+ Exit-Json $result;
+} else {
+ $diff=$capture.difference
+ $msg+=$capture.msg;
+ $identical=$capture.identical;
+ $multiple=$capture.multiple;
+}
+
+
+switch ($state.ToLower()){
+ "present" {
+ if ($capture.exists -eq $false) {
+ $capture=createFireWallRule($fwsettings);
+ $msg+=$capture.msg;
+ $change=$true;
+ if ($capture.failed -eq $true){
+ $result=New-Object psobject @{
+ failed=$capture.failed
+ error=$capture.error
+ output=$capture.output
+ changed=$change
+ msg=$msg
+ difference=$diff
+ fwsettings=$fwsettings
+ };
+ Exit-Json $result;
+ }
+ } elseif ($capture.identical -eq $false) {
+ if ($force -eq $true) {
+ $capture=removeFirewallRule($fwsettings);
+ $msg+=$capture.msg;
+ $change=$true;
+ if ($capture.failed -eq $true){
+ $result=New-Object psobject @{
+ failed=$capture.failed
+ error=$capture.error
+ changed=$change
+ msg=$msg
+ output=$capture.output
+ fwsettings=$fwsettings
+ };
+ Exit-Json $result;
+ }
+ $capture=createFireWallRule($fwsettings);
+ $msg+=$capture.msg;
+ $change=$true;
+ if ($capture.failed -eq $true){
+ $result=New-Object psobject @{
+ failed=$capture.failed
+ error=$capture.error
+ changed=$change
+ msg=$msg
+ difference=$diff
+ fwsettings=$fwsettings
+ };
+ Exit-Json $result;
+ }
+
+ } else {
+ $fail=$true
+ $msg+=@("There was already a rule $name with different values, use force=True to overwrite it");
+ }
+ } elseif ($capture.identical -eq $true) {
+ $msg+=@("Firewall rule $name was already created");
+ };
+ }
+ "absent" {
+ if ($capture.exists -eq $true) {
+ $capture=removeFirewallRule($fwsettings);
+ $msg+=$capture.msg;
+ $change=$true;
+ if ($capture.failed -eq $true){
+ $result=New-Object psobject @{
+ failed=$capture.failed
+ error=$capture.error
+ changed=$change
+ msg=$msg
+ output=$capture.output
+ fwsettings=$fwsettings
+ };
+ Exit-Json $result;
+ }
+ } else {
+ $msg+=@("Firewall rule $name did not exist");
+ };
+ }
+};
+
+
+$result=New-Object psobject @{
+ failed=$fail
+ changed=$change
+ msg=$msg
+ difference=$diff
+ fwsettings=$fwsettings
+};
+
+
+Exit-Json $result;
View Lorry Controller Status