2015-03-16 10:34:07 +00:00
|
|
|
#!powershell
|
|
|
|
|
#
|
2015-09-23 07:35:17 +00:00
|
|
|
# (c) 2014, Timothy Vandenbrande <timothy.vandenbrande@gmail.com>
|
|
|
|
|
#
|
|
|
|
|
# This file is part of Ansible
|
|
|
|
|
#
|
|
|
|
|
# Ansible is free software: you can redistribute it and/or modify
|
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
|
# (at your option) any later version.
|
|
|
|
|
#
|
|
|
|
|
# Ansible is distributed in the hope that it will be useful,
|
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
|
#
|
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
|
# along with Ansible. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
#
|
2015-03-16 10:34:07 +00:00
|
|
|
# WANT_JSON
|
|
|
|
|
# POWERSHELL_COMMON
|
|
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
# TODO: Reimplement this using Powershell cmdlets
|
|
|
|
|
|
|
|
|
|
$ErrorActionPreference = "Stop"
|
|
|
|
|
|
2017-03-24 03:01:26 +00:00
|
|
|
function convertToNetmask($maskLength) {
|
2017-05-30 23:10:34 +00:00
|
|
|
[IPAddress] $ip = 0
|
2017-03-24 03:01:26 +00:00
|
|
|
$ip.Address = ([UInt32]::MaxValue) -shl (32 - $maskLength) -shr (32 - $maskLength)
|
|
|
|
|
return $ip.IPAddressToString
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
function ConvertTo-TitleCase($string) {
|
|
|
|
|
return (Get-Culture).TextInfo.ToTitleCase($string.ToLower())
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function ConvertTo-SortedKV($object, $unsupported = @()) {
|
|
|
|
|
$output = ""
|
|
|
|
|
foreach($item in $object.GetEnumerator() | Sort -Property Name) {
|
|
|
|
|
if (($item.Name -notin $unsupported) -and ($item.Value -ne $null)) {
|
|
|
|
|
$output += "$($item.Name): $($item.Value)`n"
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $output
|
|
|
|
|
}
|
|
|
|
|
|
2017-03-24 03:01:26 +00:00
|
|
|
function preprocessAndCompare($key, $outputValue, $fwsettingValue) {
|
|
|
|
|
if ($key -eq 'RemoteIP') {
|
|
|
|
|
if ($outputValue -eq $fwsettingValue) {
|
|
|
|
|
return $true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($outputValue -eq $fwsettingValue+'-'+$fwsettingValue) {
|
|
|
|
|
return $true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (($outputValue -eq $fwsettingValue+'/32') -or ($outputValue -eq $fwsettingValue+'/255.255.255.255')) {
|
|
|
|
|
return $true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($outputValue -match '^([\d\.]+)\/(\d+)$') {
|
|
|
|
|
$netmask = convertToNetmask($Matches[2])
|
|
|
|
|
if ($fwsettingValue -eq $Matches[1]+"/"+$netmask) {
|
|
|
|
|
return $true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($fwsettingValue -match '^([\d\.]+)\/(\d+)$') {
|
|
|
|
|
$netmask = convertToNetmask($Matches[2])
|
|
|
|
|
if ($outputValue -eq $Matches[1]+"/"+$netmask) {
|
|
|
|
|
return $true
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return $false
|
|
|
|
|
}
|
|
|
|
|
|
2015-03-16 10:34:07 +00:00
|
|
|
function getFirewallRule ($fwsettings) {
|
2017-05-30 23:10:34 +00:00
|
|
|
$diff = $false
|
|
|
|
|
$result = @{
|
|
|
|
|
changed = $false
|
|
|
|
|
identical = $false
|
|
|
|
|
exists = $false
|
|
|
|
|
failed = $false
|
|
|
|
|
msg = @()
|
|
|
|
|
multiple = $false
|
|
|
|
|
}
|
2015-10-06 13:03:27 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
try {
|
|
|
|
|
$command = "netsh advfirewall firewall show rule name=`"$($fwsettings.'Rule Name')`" verbose"
|
|
|
|
|
#$output = Get-NetFirewallRule -name $($fwsettings.'Rule Name')
|
|
|
|
|
$result.output = Invoke-Expression $command | Where { $_ }
|
|
|
|
|
$rc = $LASTEXITCODE
|
|
|
|
|
if ($rc -eq 1) {
|
|
|
|
|
$result.msg += @("No rule '$name' could be found")
|
|
|
|
|
} elseif ($rc -eq 0) {
|
|
|
|
|
# Process command output
|
|
|
|
|
$result.output | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | ForEach -Begin {
|
|
|
|
|
$FirstRun = $true
|
|
|
|
|
$HashProps = @{}
|
2015-03-16 10:34:07 +00:00
|
|
|
} -Process {
|
2017-05-30 23:10:34 +00:00
|
|
|
if (($Matches[1] -eq 'Rule Name') -and (-not $FirstRun)) {
|
|
|
|
|
$output = $HashProps
|
|
|
|
|
$HashProps = @{}
|
|
|
|
|
}
|
|
|
|
|
$HashProps.$($Matches[1]) = $Matches[2]
|
|
|
|
|
$FirstRun = $false
|
2015-03-16 10:34:07 +00:00
|
|
|
} -End {
|
2017-05-30 23:10:34 +00:00
|
|
|
$output = $HashProps
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($($output|measure).count -gt 0) {
|
|
|
|
|
$diff = $false
|
|
|
|
|
$result.exists = $true
|
|
|
|
|
#$result.msg += @("The rule '$($fwsettings.'Rule Name')' exists.")
|
|
|
|
|
if ($($output|measure).count -gt 1) {
|
|
|
|
|
$result.multiple = $true
|
|
|
|
|
$result.msg += @("The rule '$($fwsettings.'Rule Name')' has multiple entries.")
|
|
|
|
|
$result.diff = @{}
|
|
|
|
|
$result.diff.after = ConvertTo-SortedKV $fwsettings
|
|
|
|
|
$result.diff.before = ConvertTo-SortedKV $rule $unsupported
|
|
|
|
|
if ($result.diff.after -ne $result.diff.before ) {
|
|
|
|
|
$diff = $true
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
if ($diff_support) {
|
|
|
|
|
$result.diff = @{}
|
|
|
|
|
$result.diff.after = ConvertTo-SortedKV $fwsettings
|
|
|
|
|
$result.diff.before = ConvertTo-SortedKV $output $unsupported
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
ForEach($fwsetting in $fwsettings.GetEnumerator()) {
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($output.$($fwsetting.Key) -ne $fwsettings.$($fwsetting.Key)) {
|
|
|
|
|
if ((preprocessAndCompare -key $fwsetting.Key -outputValue $output.$($fwsetting.Key) -fwsettingValue $fwsettings.$($fwsetting.Key))) {
|
|
|
|
|
Continue
|
|
|
|
|
} elseif (($fwsetting.Key -eq 'DisplayName') -and ($output."Rule Name" -eq $fwsettings.$($fwsetting.Key))) {
|
|
|
|
|
Continue
|
|
|
|
|
} elseif (($fwsetting.Key -eq 'Program') -and ($output.$($fwsetting.Key) -eq (Expand-Environment($fwsettings.$($fwsetting.Key))))) {
|
|
|
|
|
# Ignore difference caused by expanded environment variables
|
|
|
|
|
Continue
|
|
|
|
|
} else {
|
|
|
|
|
$diff = $true
|
|
|
|
|
Break
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (-not $diff) {
|
|
|
|
|
$result.identical = $true
|
|
|
|
|
}
|
|
|
|
|
if ($result.identical) {
|
|
|
|
|
$result.msg += @("The rule '$name' exists and is identical")
|
|
|
|
|
} else {
|
|
|
|
|
$result.msg += @("The rule '$name' exists but has different values")
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
2017-05-30 23:10:34 +00:00
|
|
|
$result.failed = $true
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
2017-05-30 23:10:34 +00:00
|
|
|
} catch [Exception] {
|
|
|
|
|
$result.failed = $true
|
|
|
|
|
$result.error = $_.Exception.Message
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
return $result
|
2017-05-30 23:10:34 +00:00
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
|
|
|
|
function createFireWallRule ($fwsettings) {
|
2017-05-30 23:10:34 +00:00
|
|
|
$result = @{
|
|
|
|
|
changed = $false
|
|
|
|
|
failed = $false
|
|
|
|
|
msg = @()
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
$command = "netsh advfirewall firewall add rule"
|
2015-03-16 10:34:07 +00:00
|
|
|
ForEach ($fwsetting in $fwsettings.GetEnumerator()) {
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($fwsetting.value -ne $null) {
|
|
|
|
|
switch($fwsetting.key) {
|
|
|
|
|
"Direction" { $option = "dir" }
|
|
|
|
|
"Rule Name" { $option = "name" }
|
|
|
|
|
"Enabled" { $option = "enable" }
|
|
|
|
|
"Profiles" { $option = "profile" }
|
|
|
|
|
"InterfaceTypes" { $option = "interfacetype" }
|
|
|
|
|
"Security" { $option = "security" }
|
|
|
|
|
"Edge traversal" { $option = "edge" }
|
|
|
|
|
default { $option = $($fwsetting.key).ToLower() }
|
|
|
|
|
}
|
|
|
|
|
$command += " $option='$($fwsetting.value)'"
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
try {
|
|
|
|
|
$rc = 0
|
|
|
|
|
if (-not $check_mode) {
|
|
|
|
|
$result.output = Invoke-Expression $command | Where { $_ }
|
|
|
|
|
$rc = $LASTEXITCODE
|
|
|
|
|
}
|
|
|
|
|
if ($rc -eq 0) {
|
|
|
|
|
if ($diff_support) {
|
|
|
|
|
$result.diff = @{}
|
|
|
|
|
$result.diff.after = ConvertTo-SortedKV $fwsettings
|
|
|
|
|
$result.diff.before= ""
|
|
|
|
|
}
|
|
|
|
|
$result.changed = $true
|
|
|
|
|
$result.msg += @("Created firewall rule '$name'")
|
|
|
|
|
} else {
|
|
|
|
|
$result.failed = $true
|
|
|
|
|
$result.msg += @("Create command '$command' failed with rc=$rc")
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
} catch [Exception]{
|
2017-05-30 23:10:34 +00:00
|
|
|
$result.error = $_.Exception.Message
|
|
|
|
|
$result.failed = $true
|
|
|
|
|
$result.msg = @("Failed to create the rule '$name'")
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
return $result
|
2017-05-30 23:10:34 +00:00
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
|
|
|
|
function removeFireWallRule ($fwsettings) {
|
2017-05-30 23:10:34 +00:00
|
|
|
$result = @{
|
|
|
|
|
changed = $false
|
|
|
|
|
failed = $false
|
|
|
|
|
msg = @()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$command = "netsh advfirewall firewall delete rule name='$($fwsettings.'Rule Name')'"
|
2015-03-16 10:34:07 +00:00
|
|
|
try {
|
2017-05-30 23:10:34 +00:00
|
|
|
$rc = 0
|
|
|
|
|
if (-not $check_mode) {
|
|
|
|
|
$result.output = Invoke-Expression $command | Where { $_ }
|
|
|
|
|
$rc = $LASTEXITCODE
|
|
|
|
|
$result.output | Where {$_ -match '^([^:]+):\s*(\S.*)$'} | Foreach -Begin {
|
|
|
|
|
$FirstRun = $true
|
|
|
|
|
$HashProps = @{}
|
|
|
|
|
} -Process {
|
|
|
|
|
if (($Matches[1] -eq 'Rule Name') -and (-not $FirstRun)) {
|
|
|
|
|
$result.output = $HashProps
|
|
|
|
|
$HashProps = @{}
|
|
|
|
|
}
|
|
|
|
|
$HashProps.$($Matches[1]) = $Matches[2]
|
|
|
|
|
$FirstRun = $false
|
|
|
|
|
} -End {
|
|
|
|
|
$result.output = $HashProps
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if ($rc -eq 0 -or $rc -eq 1) {
|
|
|
|
|
if ($diff_support) {
|
|
|
|
|
$result.diff = @{}
|
|
|
|
|
$result.diff.after = ""
|
|
|
|
|
$result.diff.before = ConvertTo-SortedKV $fwsettings
|
|
|
|
|
}
|
|
|
|
|
$result.changed = $true
|
|
|
|
|
$result.msg += @("Removed the rule '$name'")
|
|
|
|
|
} else {
|
|
|
|
|
$result.failed = $true
|
|
|
|
|
$result.msg += @("Remove command '$command' failed with rc=$rc")
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
2017-05-30 23:10:34 +00:00
|
|
|
} catch [Exception]{
|
|
|
|
|
$result.error = $_.Exception.Message
|
|
|
|
|
$result.failed = $true
|
|
|
|
|
$result.msg += @("Failed to remove the rule '$name'")
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
return $result
|
|
|
|
|
}
|
|
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
# FIXME: Unsupported keys
|
|
|
|
|
#$unsupported = @("Grouping", "Rule source")
|
|
|
|
|
$unsupported = @("Rule source")
|
|
|
|
|
|
|
|
|
|
$result = @{
|
|
|
|
|
changed = $false
|
|
|
|
|
fwsettings = @{}
|
|
|
|
|
msg = @()
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
$params = Parse-Args $args -supports_check_mode $true
|
|
|
|
|
$check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false
|
|
|
|
|
$diff_support = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2016-06-20 21:35:27 +00:00
|
|
|
$name = Get-AnsibleParam -obj $params -name "name" -failifempty $true
|
2017-05-30 23:10:34 +00:00
|
|
|
$description = Get-AnsibleParam -obj $params -name "description" -type "str"
|
|
|
|
|
$direction = Get-AnsibleParam -obj $params -name "direction" -type "str" -failifempty $true -validateset "in","out"
|
|
|
|
|
$action = Get-AnsibleParam -obj $params -name "action" -type "str" -failifempty $true -validateset "allow","block","bypass"
|
|
|
|
|
$program = Get-AnsibleParam -obj $params -name "program" -type "str"
|
|
|
|
|
$service = Get-AnsibleParam -obj $params -name "service" -type "str"
|
|
|
|
|
$enabled = Get-AnsibleParam -obj $params -name "enabled" -type "bool" -default $true -aliases "enable"
|
|
|
|
|
$profiles = Get-AnsibleParam -obj $params -name "profiles" -type "str" -default "domain,private,public" -aliases "profile"
|
|
|
|
|
$localip = Get-AnsibleParam -obj $params -name "localip" -type "str" -default "any"
|
|
|
|
|
$remoteip = Get-AnsibleParam -obj $params -name "remoteip" -type "str" -default "any"
|
|
|
|
|
$localport = Get-AnsibleParam -obj $params -name "localport" -type "str"
|
|
|
|
|
$remoteport = Get-AnsibleParam -obj $params -name "remoteport" -type "str"
|
|
|
|
|
$protocol = Get-AnsibleParam -obj $params -name "protocol" -type "str" -default "any"
|
|
|
|
|
$edge = Get-AnsibleParam -obj $params -name "edge" -type "str" -default "no" -validateset "no","yes","deferapp","deferuser"
|
|
|
|
|
$interfacetypes = Get-AnsibleParam -obj $params -name "interfacetypes" -type "str" -default "any"
|
|
|
|
|
$security = Get-AnsibleParam -obj $params -name "security" -type "str" -default "notrequired"
|
|
|
|
|
|
|
|
|
|
$state = Get-AnsibleParam -obj $params -name "state" -type "str" -default "present" -validateset "present","absent"
|
|
|
|
|
$force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $false
|
2015-03-16 10:34:07 +00:00
|
|
|
|
|
|
|
|
# Check the arguments
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($enabled) {
|
|
|
|
|
$result.fwsettings.Add("Enabled", "Yes")
|
|
|
|
|
} else {
|
|
|
|
|
$result.fwsettings.Add("Enabled", "No")
|
2016-06-20 21:35:27 +00:00
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
$result.fwsettings.Add("Rule Name", $name)
|
|
|
|
|
#$result.fwsettings.Add("displayname", $name)
|
|
|
|
|
|
|
|
|
|
if ($state -eq "present") {
|
|
|
|
|
$result.fwsettings.Add("Direction", $(ConvertTo-TitleCase($direction)))
|
|
|
|
|
$result.fwsettings.Add("Action", $(ConvertTo-TitleCase $action))
|
2016-06-20 21:35:27 +00:00
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($description -ne $null) {
|
|
|
|
|
$result.fwsettings.Add("Description", $description)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($program -ne $null) {
|
|
|
|
|
$result.fwsettings.Add("Program", $program)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$result.fwsettings.Add("LocalIP", $localip)
|
|
|
|
|
$result.fwsettings.Add("RemoteIP", $remoteip)
|
|
|
|
|
|
|
|
|
|
if ($localport -ne $null) {
|
|
|
|
|
$result.fwsettings.Add("LocalPort", $localport)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($remoteport -ne $null) {
|
|
|
|
|
$result.fwsettings.Add("RemotePort", $remoteport)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($service -ne $null) {
|
|
|
|
|
$result.fwsettings.Add("Service", $(ConvertTo-TitleCase($service)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($protocol -eq "Any") {
|
|
|
|
|
$result.fwsettings.Add("Protocol", $protocol)
|
2015-03-16 10:34:07 +00:00
|
|
|
} else {
|
2017-05-30 23:10:34 +00:00
|
|
|
$result.fwsettings.Add("Protocol", $protocol.toupper())
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
|
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($profiles -eq "Any") {
|
|
|
|
|
$result.fwsettings.Add("Profiles", "Domain,Private,Public")
|
|
|
|
|
} else {
|
|
|
|
|
$result.fwsettings.Add("Profiles", $(ConvertTo-TitleCase($profiles)))
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
$result.fwsettings.Add("Edge traversal", $(ConvertTo-TitleCase($edge)))
|
|
|
|
|
|
|
|
|
|
if ($interfacetypes -ne $null) {
|
|
|
|
|
$result.fwsettings.Add("InterfaceTypes", $(ConvertTo-TitleCase($interfacetypes)))
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
switch($security) {
|
|
|
|
|
"Authenticate" { $security = "Authenticate" }
|
|
|
|
|
"AuthDynEnc" { $security = "AuthDynEnc" }
|
|
|
|
|
"AuthEnc" { $security = "AuthEnc" }
|
|
|
|
|
"AuthNoEncap" { $security = "AuthNoEncap" }
|
|
|
|
|
"NotRequired" { $security = "NotRequired" }
|
|
|
|
|
}
|
|
|
|
|
$result.fwsettings.Add("Security", $security)
|
|
|
|
|
|
|
|
|
|
# FIXME: Define unsupported options
|
|
|
|
|
#$result.fwsettings.Add("Grouping", "")
|
|
|
|
|
#$result.fwsettings.Add("Rule source", "Local Setting")
|
|
|
|
|
|
|
|
|
|
$get = getFirewallRule($result.fwsettings)
|
|
|
|
|
$result.msg += $get.msg
|
|
|
|
|
|
|
|
|
|
if ($get.failed) {
|
|
|
|
|
$result.error = $get.error
|
|
|
|
|
$result.output = $get.output
|
|
|
|
|
Fail-Json $result $result.msg
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$result.diff = $get.diff
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($state -eq "present") {
|
|
|
|
|
if (-not $get.exists) {
|
|
|
|
|
|
|
|
|
|
$create = createFireWallRule($result.fwsettings)
|
|
|
|
|
$result.msg += $create.msg
|
|
|
|
|
$result.diff = $create.diff
|
|
|
|
|
|
|
|
|
|
if ($create.failed) {
|
|
|
|
|
$result.error = $create.error
|
|
|
|
|
$result.output = $create.output
|
|
|
|
|
Fail-Json $result $result.msg
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$result.changed = $true
|
|
|
|
|
|
|
|
|
|
} elseif (-not $get.identical) {
|
|
|
|
|
# FIXME: This ought to use netsh advfirewall firewall set instead !
|
|
|
|
|
if ($force) {
|
|
|
|
|
|
|
|
|
|
$remove = removeFirewallRule($result.fwsettings)
|
|
|
|
|
# NOTE: We retain the diff output from $get.diff here
|
|
|
|
|
$result.msg += $remove.msg
|
|
|
|
|
|
|
|
|
|
if ($remove.failed) {
|
|
|
|
|
$result.error = $remove.error
|
|
|
|
|
$result.output = $remove.output
|
|
|
|
|
Fail-Json $result $result.msg
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
2017-05-30 23:10:34 +00:00
|
|
|
|
|
|
|
|
$create = createFireWallRule($result.fwsettings)
|
|
|
|
|
# NOTE: We retain the diff output from $get.diff here
|
|
|
|
|
$result.msg += $create.msg
|
|
|
|
|
|
|
|
|
|
if ($create.failed) {
|
|
|
|
|
$result.error = $create.error
|
|
|
|
|
$result.output = $create.output
|
|
|
|
|
Fail-Json $result $result.msg
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
2017-05-30 23:10:34 +00:00
|
|
|
|
|
|
|
|
$result.changed = $true
|
|
|
|
|
|
2015-03-16 10:34:07 +00:00
|
|
|
} else {
|
2017-05-30 23:10:34 +00:00
|
|
|
|
|
|
|
|
$result.msg += @("There was already a rule '$name' with different values, use the 'force' parameter to overwrite it")
|
|
|
|
|
Fail-Json $result $result.msg
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
|
|
$result.msg += @("Firewall rule '$name' was already created")
|
|
|
|
|
|
2015-03-16 10:34:07 +00:00
|
|
|
}
|
|
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
} elseif ($state -eq "absent") {
|
|
|
|
|
|
|
|
|
|
if ($get.exists) {
|
|
|
|
|
|
|
|
|
|
$remove = removeFirewallRule($result.fwsettings)
|
|
|
|
|
$result.diff = $remove.diff
|
|
|
|
|
$result.msg += $remove.msg
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
if ($remove.failed) {
|
|
|
|
|
$result.error = $remove.error
|
|
|
|
|
$result.output = $remove.output
|
|
|
|
|
Fail-Json $result $result.msg
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$result.changed = $true
|
|
|
|
|
|
|
|
|
|
} else {
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
$result.msg += @("Firewall rule '$name' did not exist")
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-03-16 10:34:07 +00:00
|
|
|
|
2017-05-30 23:10:34 +00:00
|
|
|
Exit-Json $result
|
