From 939294391562585218e07fc7ae0eb9f1efe588ff Mon Sep 17 00:00:00 2001 From: Andrea Scarpino Date: Mon, 20 Jun 2016 23:35:27 +0200 Subject: [PATCH] win_firewall_rule: strictmode fixes (#2432) I set the default values to `netsh advfirewall firewall add rule` defaults. --- windows/win_firewall_rule.ps1 | 105 ++++++++++++---------------------- windows/win_firewall_rule.py | 21 ++++--- 2 files changed, 48 insertions(+), 78 deletions(-) diff --git a/windows/win_firewall_rule.ps1 b/windows/win_firewall_rule.ps1 index 92d75921547..ae60bcc4aa3 100644 --- a/windows/win_firewall_rule.ps1 +++ b/windows/win_firewall_rule.ps1 @@ -20,9 +20,6 @@ # WANT_JSON # POWERSHELL_COMMON -# temporarily disable strictmode, for this module only -Set-StrictMode -Off - function getFirewallRule ($fwsettings) { try { @@ -205,80 +202,54 @@ $fwsettings=@{} # Variabelise the arguments $params=Parse-Args $args; -$enable=Get-Attr $params "enable" $null; -$state=Get-Attr $params "state" "present"; -$name=Get-Attr $params "name" ""; -$direction=Get-Attr $params "direction" ""; -$force=Get-Attr $params "force" $false; -$action=Get-Attr $params "action" ""; +$name = Get-AnsibleParam -obj $params -name "name" -failifempty $true +$direction = Get-AnsibleParam -obj $params -name "direction" -failifempty $true -validateSet "in","out" +$action = Get-AnsibleParam -obj $params -name "action" -failifempty $true -validateSet "allow","block","bypass" +$program = Get-AnsibleParam -obj $params -name "program" +$service = Get-AnsibleParam -obj $params -name "service" -default "any" +$description = Get-AnsibleParam -obj $params -name "description" +$enable = ConvertTo-Bool (Get-AnsibleParam -obj $params -name "enable" -default "true") +$winprofile = Get-AnsibleParam -obj $params -name "profile" -default "any" +$localip = Get-AnsibleParam -obj $params -name "localip" -default "any" +$remoteip = Get-AnsibleParam -obj $params -name "remoteip" -default "any" +$localport = Get-AnsibleParam -obj $params -name "localport" -default "any" +$remoteport = Get-AnsibleParam -obj $params -name "remoteport" -default "any" +$protocol = Get-AnsibleParam -obj $params -name "protocol" -default "any" + +$state = Get-AnsibleParam -obj $params -name "state" -failifempty $true -validateSet "present","absent" +$force = ConvertTo-Bool (Get-AnsibleParam -obj $params -name "force" -default "false") -$misArg = '' # Check the arguments -if ($enable -ne $null) { - $enable=ConvertTo-Bool $enable; - if ($enable -eq $true) { - $fwsettings.Add("Enabled", "yes"); - } elseif ($enable -eq $false) { - $fwsettings.Add("Enabled", "no"); - } else { - $misArg+="enable"; - $msg+=@("for the enable parameter only yes and no is allowed"); - }; +If ($enable -eq $true) { + $fwsettings.Add("Enabled", "yes"); +} Else { + $fwsettings.Add("Enabled", "no"); }; -if (($state -ne "present") -And ($state -ne "absent")){ - $misArg+="state"; - $msg+=@("for the state parameter only present and absent is allowed"); -}; +$fwsettings.Add("Rule Name", $name) +#$fwsettings.Add("displayname", $name) -if ($name -eq ""){ - $misArg+="Name"; - $msg+=@("name is a required argument"); -} else { - $fwsettings.Add("Rule Name", $name) - #$fwsettings.Add("displayname", $name) -}; -if ((($direction.ToLower() -ne "In") -And ($direction.ToLower() -ne "Out")) -And ($state -eq "present")){ - $misArg+="Direction"; - $msg+=@("for the Direction parameter only the values 'In' and 'Out' are allowed"); -} else { +$state = $state.ToString().ToLower() +If ($state -eq "present")){ $fwsettings.Add("Direction", $direction) -}; -if ((($action.ToLower() -ne "allow") -And ($action.ToLower() -ne "block")) -And ($state -eq "present")){ - $misArg+="Action"; - $msg+=@("for the Action parameter only the values 'allow' and 'block' are allowed"); -} else { $fwsettings.Add("Action", $action) }; -$args=@( - "Description", - "LocalIP", - "RemoteIP", - "LocalPort", - "RemotePort", - "Program", - "Service", - "Protocol" -) -foreach ($arg in $args){ - New-Variable -Name $arg -Value $(Get-Attr $params $arg ""); - if ((Get-Variable -Name $arg -ValueOnly) -ne ""){ - $fwsettings.Add($arg, $(Get-Variable -Name $arg -ValueOnly)); - }; -}; +If ($description) { + $fwsettings.Add("Description", $description); +} -$winprofile=Get-Attr $params "profile" "current"; -$fwsettings.Add("Profiles", $winprofile) +If ($program) { + $fwsettings.Add("Program", $program); +} -if ($misArg){ - $result=New-Object psobject @{ - changed=$false - failed=$true - msg=$msg - }; - Exit-Json($result); -}; +$fwsettings.Add("LocalIP", $localip); +$fwsettings.Add("RemoteIP", $remoteip); +$fwsettings.Add("LocalPort", $localport); +$fwsettings.Add("RemotePort", $remoteport); +$fwsettings.Add("Service", $service); +$fwsettings.Add("Protocol", $protocol); +$fwsettings.Add("Profiles", $winprofile) $output=@() $capture=getFirewallRule ($fwsettings); @@ -299,7 +270,7 @@ if ($capture.failed -eq $true) { } -switch ($state.ToLower()){ +switch ($state){ "present" { if ($capture.exists -eq $false) { $capture=createFireWallRule($fwsettings); diff --git a/windows/win_firewall_rule.py b/windows/win_firewall_rule.py index d833c2fa24d..3ed0f7e3e7b 100644 --- a/windows/win_firewall_rule.py +++ b/windows/win_firewall_rule.py @@ -29,9 +29,8 @@ options: enable: description: - is this firewall rule enabled or disabled - default: null + default: true required: false - choices: ['yes', 'no'] state: description: - should this rule be added or removed @@ -48,13 +47,13 @@ options: - is this rule for inbound or outbound trafic default: null required: true - choices: [ 'In', 'Out' ] + choices: ['in', 'out'] action: description: - what to do with the items this rule is for default: null required: true - choices: [ 'allow', 'block' ] + choices: ['allow', 'block', 'bypass'] description: description: - description for the firewall rule @@ -63,22 +62,22 @@ options: localip: description: - the local ip address this rule applies to - default: null + default: 'any' required: false remoteip: description: - the remote ip address/range this rule applies to - default: null + default: 'any' required: false localport: description: - the local port this rule applies to - default: null + default: 'any' required: false remoteport: description: - the remote port this rule applies to - default: null + default: 'any' required: false program: description: @@ -88,17 +87,17 @@ options: service: description: - the service this rule applies to - default: null + default: 'any' required: false protocol: description: - the protocol this rule applies to - default: null + default: 'any' required: false profile: description: - the profile this rule applies to, e.g. Domain,Private,Public - default: null + default: 'any' required: false force: description: