1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

fix: Add 'enable:' flag for enabling existing rules which are disabled by default.

This is a very much needed flag. To turn on/off existing firewall rules. And like the recent fix of the 'Profile' key, the netsh cmd prints 'Enabled' in the textual output. (at least on win10 it does). So again a similar small code added for the necessary exception handling when the difference check happens.

Please merge / push upstream like the other fixes. Many thanks. This is the last fix I have put together for this patch set. So I will raise my PR now.

But if you want to fix more bugs, it seems there may be others. In terms of the control code. Sometimes it will delete a rule under 'force' condition (when found difference) - but instead it is supposed to just modify the existing rule. Some weird behaviour regarding that. The other problem is that ansible does not return the error text printed by 'netsh' cmd verbatim... but it should as that makes debugging these errors a *lot* easier.
This commit is contained in:
Dreamcat4 2015-10-06 14:03:27 +01:00 committed by Matt Clay
parent e0da4a3362
commit 40a1bd1962
2 changed files with 24 additions and 3 deletions

View file

@ -22,7 +22,7 @@
function getFirewallRule ($fwsettings) { function getFirewallRule ($fwsettings) {
try { try {
#$output = Get-NetFirewallRule -name $($fwsettings.name); #$output = Get-NetFirewallRule -name $($fwsettings.name);
$rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)") $rawoutput=@(netsh advfirewall firewall show rule name="$($fwsettings.Name)")
if (!($rawoutput -eq 'No rules match the specified criteria.')){ if (!($rawoutput -eq 'No rules match the specified criteria.')){
@ -77,6 +77,8 @@ function getFirewallRule ($fwsettings) {
$donothing=$false $donothing=$false
} elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) { } elseif (($fwsetting.Key -eq 'Profile') -and ($output."Profiles" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false $donothing=$false
} elseif (($fwsetting.Key -eq 'Enable') -and ($output."Enabled" -eq $fwsettings.$($fwsetting.Key))) {
$donothing=$false
} else { } else {
$diff=$true; $diff=$true;
$difference+=@($fwsettings.$($fwsetting.Key)); $difference+=@($fwsettings.$($fwsetting.Key));
@ -196,6 +198,7 @@ $fwsettings=@{}
# Variabelise the arguments # Variabelise the arguments
$params=Parse-Args $args; $params=Parse-Args $args;
$enable=Get-Attr $params "enable" $null;
$state=Get-Attr $params "state" "present"; $state=Get-Attr $params "state" "present";
$name=Get-Attr $params "name" ""; $name=Get-Attr $params "name" "";
$direction=Get-Attr $params "direction" ""; $direction=Get-Attr $params "direction" "";
@ -203,6 +206,17 @@ $force=Get-Attr $params "force" $false;
$action=Get-Attr $params "action" ""; $action=Get-Attr $params "action" "";
# Check the arguments # Check the arguments
if ($enable -ne $null) {
if ($enable -eq $true) {
$fwsettings.Add("Enable", "yes");
} elseif ($enable -eq $false) {
$fwsettings.Add("Enable", "no");
} else {
$misArg+="enable";
$msg+=@("for the enable parameter only yes and no is allowed");
};
};
if (($state -ne "present") -And ($state -ne "absent")){ if (($state -ne "present") -And ($state -ne "absent")){
$misArg+="state"; $misArg+="state";
$msg+=@("for the state parameter only present and absent is allowed"); $msg+=@("for the state parameter only present and absent is allowed");
@ -294,7 +308,7 @@ switch ($state.ToLower()){
}; };
Exit-Json $result; Exit-Json $result;
} }
} elseif ($capture.identical -eq $false) { } elseif ($capture.identical -eq $false) {
if ($force -eq $true) { if ($force -eq $true) {
$capture=removeFirewallRule($fwsettings); $capture=removeFirewallRule($fwsettings);
$msg+=$capture.msg; $msg+=$capture.msg;

View file

@ -25,7 +25,13 @@ author: Timothy Vandenbrande
short_description: Windows firewall automation short_description: Windows firewall automation
description: description:
- allows you to create/remove/update firewall rules - allows you to create/remove/update firewall rules
options: options:
enable:
description:
- is this firewall rule enabled or disabled
default: null
required: false
choices: ['yes', 'no']
state: state:
description: description:
- create/remove/update or powermanage your VM - create/remove/update or powermanage your VM
@ -108,6 +114,7 @@ EXAMPLES = '''
action: win_firewall_rule action: win_firewall_rule
args: args:
name: smtp name: smtp
enabled: yes
state: present state: present
localport: 25 localport: 25
action: allow action: allow