@ -20,12 +20,30 @@
# WANT_JSON
# WANT_JSON
# POWERSHELL_COMMON
# POWERSHELL_COMMON
# TODO: Reimplement this using Powershell cmdlets
$ErrorActionPreference = " Stop "
function convertToNetmask($maskLength ) {
function convertToNetmask($maskLength ) {
[ IPAddress ] $ip = 0 ;
[ IPAddress ] $ip = 0
$ip . Address = ( [ UInt32 ] :: MaxValue ) -shl ( 32 - $maskLength ) -shr ( 32 - $maskLength )
$ip . Address = ( [ UInt32 ] :: MaxValue ) -shl ( 32 - $maskLength ) -shr ( 32 - $maskLength )
return $ip . IPAddressToString
return $ip . IPAddressToString
}
}
function ConvertTo-TitleCase($string ) {
return ( Get-Culture ) . TextInfo . ToTitleCase ( $string . ToLower ( ) )
}
function ConvertTo-SortedKV($object , $unsupported = @ ( ) ) {
$output = " "
foreach ( $item in $object . GetEnumerator ( ) | Sort -Property Name ) {
if ( ( $item . Name -notin $unsupported ) -and ( $item . Value -ne $null ) ) {
$output + = " $( $item . Name ) : $( $item . Value ) `n "
}
}
return $output
}
function preprocessAndCompare($key , $outputValue , $fwsettingValue ) {
function preprocessAndCompare($key , $outputValue , $fwsettingValue ) {
if ( $key -eq 'RemoteIP' ) {
if ( $key -eq 'RemoteIP' ) {
if ( $outputValue -eq $fwsettingValue ) {
if ( $outputValue -eq $fwsettingValue ) {
@ -54,351 +72,382 @@ function preprocessAndCompare($key, $outputValue, $fwsettingValue) {
}
}
}
}
}
}
elseif ( $key -eq 'Profiles' ) {
if ( ( $fwsettingValue -eq " any " ) -and ( $outputValue -eq " Domain,Private,Public " ) ) {
return $true
}
}
return $false
return $false
}
}
function getFirewallRule ( $fwsettings ) {
function getFirewallRule ( $fwsettings ) {
try {
$diff = $false
$result = @ {
changed = $false
identical = $false
exists = $false
failed = $false
msg = @ ( )
multiple = $false
}
#$output = Get-NetFirewallRule -name $($fwsettings.'Rule Name');
try {
$rawoutput = @ ( netsh advfirewall firewall show rule name = " $( $fwsettings . 'Rule Name' ) " verbose )
$command = " netsh advfirewall firewall show rule name= `" $( $fwsettings . 'Rule Name' ) `" verbose "
if ( ! ( $rawoutput -eq 'No rules match the specified criteria.' ) ) {
#$output = Get-NetFirewallRule -name $($fwsettings.'Rule Name')
$rawoutput | Where { $_ -match '^([^:]+):\s*(\S.*)$' } | Foreach -Begin {
$result . output = Invoke-Expression $command | Where { $_ }
$FirstRun = $true ;
$rc = $LASTEXITCODE
$HashProps = @ { } ;
if ( $rc -eq 1 ) {
$result . msg + = @ ( " No rule ' $name ' could be found " )
} elseif ( $rc -eq 0 ) {
# Process command output
$result . output | Where { $_ -match '^([^:]+):\s*(\S.*)$' } | ForEach -Begin {
$FirstRun = $true
$HashProps = @ { }
} -Process {
} -Process {
if ( ( $Matches [ 1 ] -eq 'Rule Name' ) -and ( ! ( $FirstRun ) ) ) {
if ( ( $Matches [ 1 ] -eq 'Rule Name' ) -and ( -not $FirstRun ) ) {
#$output=New-Object -TypeName PSCustomObject -Property $HashProps;
$output = $HashProps
$output = $HashProps ;
$HashProps = @ { }
$HashProps = @ { } ;
}
} ;
$HashProps . $ ( $Matches [ 1 ] ) = $Matches [ 2 ]
$HashProps . $ ( $Matches [ 1 ] ) = $Matches [ 2 ] ;
$FirstRun = $false
$FirstRun = $false ;
} -End {
} -End {
#$output=New-Object -TypeName PSCustomObject -Property $HashProps;
$output = $HashProps
$output = $HashProps ;
}
}
}
if ( $ ( $output | measure ) . count -gt 0 ) {
$exists = $false ;
$diff = $false
$correct = $true ;
$result . exists = $true
$diff = $false ;
#$result.msg += @("The rule '$($fwsettings.'Rule Name')' exists.")
$multi = $false ;
if ( $ ( $output | measure ) . count -gt 1 ) {
$correct = $false ;
$result . multiple = $true
$difference = @ ( ) ;
$result . msg + = @ ( " The rule ' $( $fwsettings . 'Rule Name' ) ' has multiple entries. " )
$msg = @ ( ) ;
$result . diff = @ { }
if ( $ ( $output | measure ) . count -gt 0 ) {
$result . diff . after = ConvertTo-SortedKV $fwsettings
$exists = $true ;
$result . diff . before = ConvertTo-SortedKV $rule $unsupported
$msg + = @ ( " The rule ' " + $fwsettings . 'Rule Name' + " ' exists. " ) ;
if ( $result . diff . after -ne $result . diff . before ) {
if ( $ ( $output | measure ) . count -gt 1 ) {
$diff = $true
$multi = $true
}
$msg + = @ ( " The rule ' " + $fwsettings . 'Rule Name' + " ' has multiple entries. " ) ;
} else {
ForEach ( $rule in $output . GetEnumerator ( ) ) {
if ( $diff_support ) {
$result . diff = @ { }
$result . diff . after = ConvertTo-SortedKV $fwsettings
$result . diff . before = ConvertTo-SortedKV $output $unsupported
}
ForEach ( $fwsetting in $fwsettings . GetEnumerator ( ) ) {
ForEach ( $fwsetting in $fwsettings . GetEnumerator ( ) ) {
if ( $rule . $fwsetting -ne $fwsettings . $fwsetting ) {
if ( $output . $ ( $fwsetting . Key ) -ne $fwsettings . $ ( $fwsetting . Key ) ) {
$diff = $true ;
if ( ( preprocessAndCompare -key $fwsetting . Key -outputValue $output . $ ( $fwsetting . Key ) -fwsettingValue $fwsettings . $ ( $fwsetting . Key ) ) ) {
#$difference+=@($fwsettings.$($fwsetting.Key));
Continue
$difference + = @ ( " output: $rule . $fwsetting ,fwsetting: $fwsettings . $fwsetting " ) ;
} elseif ( ( $fwsetting . Key -eq 'DisplayName' ) -and ( $output . " Rule Name " -eq $fwsettings . $ ( $fwsetting . Key ) ) ) {
} ;
Continue
} ;
} elseif ( ( $fwsetting . Key -eq 'Program' ) -and ( $output . $ ( $fwsetting . Key ) -eq ( Expand-Environment ( $fwsettings . $ ( $fwsetting . Key ) ) ) ) ) {
if ( $diff -eq $false ) {
# Ignore difference caused by expanded environment variables
$correct = $true
Continue
} ;
} else {
} ;
$diff = $true
} else {
Break
ForEach ( $fwsetting in $fwsettings . GetEnumerator ( ) ) {
}
if ( $output . $ ( $fwsetting . Key ) -ne $fwsettings . $ ( $fwsetting . Key ) ) {
}
if ( ( preprocessAndCompare -key $fwsetting . Key -outputValue $output . $ ( $fwsetting . Key ) -fwsettingValue $fwsettings . $ ( $fwsetting . Key ) ) ) {
}
Continue
}
} elseif ( ( $fwsetting . Key -eq 'DisplayName' ) -and ( $output . " Rule Name " -eq $fwsettings . $ ( $fwsetting . Key ) ) ) {
if ( -not $diff ) {
Continue
$result . identical = $true
} else {
}
$diff = $true ;
if ( $result . identical ) {
$difference + = @ ( $fwsettings . $ ( $fwsetting . Key ) ) ;
$result . msg + = @ ( " The rule ' $name ' exists and is identical " )
} ;
} else {
} ;
$result . msg + = @ ( " The rule ' $name ' exists but has different values " )
} ;
}
if ( $diff -eq $false ) {
$correct = $true
} ;
} ;
if ( $correct ) {
$msg + = @ ( " An identical rule exists " ) ;
} else {
$msg + = @ ( " The rule exists but has different values " ) ;
}
}
} else {
} else {
$msg + = @ ( " No rule could be found " ) ;
$result . failed = $true
} ;
$result = @ {
failed = $false
exists = $exists
identical = $correct
multiple = $multi
difference = $difference
msg = $msg
}
} catch [ Exception ] {
$result = @ {
failed = $true
error = $_ . Exception . Message
msg = $msg
}
}
} ;
} catch [ Exception ] {
$result . failed = $true
$result . error = $_ . Exception . Message
}
return $result
return $result
} ;
}
function createFireWallRule ( $fwsettings ) {
function createFireWallRule ( $fwsettings ) {
$msg = @ ( )
$result = @ {
$execString = " netsh advfirewall firewall add rule "
changed = $false
failed = $false
msg = @ ( )
}
$command = " netsh advfirewall firewall add rule "
ForEach ( $fwsetting in $fwsettings . GetEnumerator ( ) ) {
ForEach ( $fwsetting in $fwsettings . GetEnumerator ( ) ) {
if ( $fwsetting . key -eq 'Direction' ) {
if ( $fwsetting . value -ne $null ) {
$key = 'dir'
switch ( $fwsetting . key ) {
} elseif ( $fwsetting . key -eq 'Rule Name' ) {
" Direction " { $option = " dir " }
$key = 'name'
" Rule Name " { $option = " name " }
} elseif ( $fwsetting . key -eq 'Enabled' ) {
" Enabled " { $option = " enable " }
$key = 'enable'
" Profiles " { $option = " profile " }
} elseif ( $fwsetting . key -eq 'Profiles' ) {
" InterfaceTypes " { $option = " interfacetype " }
$key = 'profile'
" Security " { $option = " security " }
} else {
" Edge traversal " { $option = " edge " }
$key = $ ( $fwsetting . key ) . ToLower ( )
default { $option = $ ( $fwsetting . key ) . ToLower ( ) }
} ;
}
$execString + = " " ;
$command + = " $option =' $( $fwsetting . value ) ' "
$execString + = $key ;
}
$execString + = " = " ;
}
$execString + = '"' ;
$execString + = $fwsetting . value ;
$execString + = '"' ;
} ;
try {
#$msg+=@($execString);
$output = $ ( Invoke-Expression $execString | ? { $_ } ) ;
$msg + = @ ( " Created firewall rule $name " ) ;
$result = @ {
failed = $false
output = $output
changed = $true
msg = $msg
} ;
try {
$rc = 0
if ( -not $check_mode ) {
$result . output = Invoke-Expression $command | Where { $_ }
$rc = $LASTEXITCODE
}
if ( $rc -eq 0 ) {
if ( $diff_support ) {
$result . diff = @ { }
$result . diff . after = ConvertTo-SortedKV $fwsettings
$result . diff . before = " "
}
$result . changed = $true
$result . msg + = @ ( " Created firewall rule ' $name ' " )
} else {
$result . failed = $true
$result . msg + = @ ( " Create command ' $command ' failed with rc= $rc " )
}
} catch [ Exception ] {
} catch [ Exception ] {
$msg = @ ( " Failed to create the rule " )
$result . error = $_ . Exception . Message
$result = @ {
$result . failed = $true
output = $output
$result . msg = @ ( " Failed to create the rule ' $name ' " )
failed = $true
}
error = $_ . Exception . Message
msg = $msg
} ;
} ;
return $result
return $result
} ;
}
function removeFireWallRule ( $fwsettings ) {
function removeFireWallRule ( $fwsettings ) {
$msg = @ ( )
$result = @ {
changed = $false
failed = $false
msg = @ ( )
}
$command = " netsh advfirewall firewall delete rule name=' $( $fwsettings . 'Rule Name' ) ' "
try {
try {
$rawoutput = @ ( netsh advfirewall firewall delete rule name = " $( $fwsettings . 'Rule Name' ) " )
$rc = 0
$rawoutput | Where { $_ -match '^([^:]+):\s*(\S.*)$' } | Foreach -Begin {
if ( -not $check_mode ) {
$FirstRun = $true ;
$result . output = Invoke-Expression $command | Where { $_ }
$HashProps = @ { } ;
$rc = $LASTEXITCODE
} -Process {
$result . output | Where { $_ -match '^([^:]+):\s*(\S.*)$' } | Foreach -Begin {
if ( ( $Matches [ 1 ] -eq 'Rule Name' ) -and ( ! ( $FirstRun ) ) ) {
$FirstRun = $true
$output = $HashProps ;
$HashProps = @ { }
$HashProps = @ { } ;
} -Process {
} ;
if ( ( $Matches [ 1 ] -eq 'Rule Name' ) -and ( -not $FirstRun ) ) {
$HashProps . $ ( $Matches [ 1 ] ) = $Matches [ 2 ] ;
$result . output = $HashProps
$FirstRun = $false ;
$HashProps = @ { }
} -End {
}
$output = $HashProps ;
$HashProps . $ ( $Matches [ 1 ] ) = $Matches [ 2 ]
} ;
$FirstRun = $false
$msg + = @ ( " Removed the rule " )
} -End {
$result = @ {
$result . output = $HashProps
failed = $false
}
changed = $true
}
msg = $msg
if ( $rc -eq 0 -or $rc -eq 1 ) {
output = $output
if ( $diff_support ) {
} ;
$result . diff = @ { }
} catch [ Exception ] {
$result . diff . after = " "
$msg + = @ ( " Failed to remove the rule " )
$result . diff . before = ConvertTo-SortedKV $fwsettings
$result = @ {
}
failed = $true
$result . changed = $true
error = $_ . Exception . Message
$result . msg + = @ ( " Removed the rule ' $name ' " )
msg = $msg
} else {
$result . failed = $true
$result . msg + = @ ( " Remove command ' $command ' failed with rc= $rc " )
}
}
} ;
} catch [ Exception ] {
$result . error = $_ . Exception . Message
$result . failed = $true
$result . msg + = @ ( " Failed to remove the rule ' $name ' " )
}
return $result
return $result
}
}
# Mount Drives
# FIXME: Unsupported keys
$change = $false ;
#$unsupported = @("Grouping", "Rule source")
$fail = $false ;
$unsupported = @ ( " Rule source " )
$msg = @ ( ) ;
$fwsettings = @ { }
$result = @ {
changed = $false
fwsettings = @ { }
msg = @ ( )
}
# Variabelise the arguments
$params = Parse-Args $args -supports_check_mode $true
$params = Parse-Args $args ;
$check_mode = Get-AnsibleParam -obj $params -name " _ansible_check_mode " -type " bool " -default $false
$diff_support = Get-AnsibleParam -obj $params -name " _ansible_diff " -type " bool " -default $false
$name = Get-AnsibleParam -obj $params -name " name " -failifempty $true
$name = Get-AnsibleParam -obj $params -name " name " -failifempty $true
$direction = Get-AnsibleParam -obj $params -name " direction " -failifempty $true -validateSet " in " , " out "
$description = Get-AnsibleParam -obj $params -name " description " -type " str "
$action = Get-AnsibleParam -obj $params -name " action " -failifempty $true -validateSet " allow " , " block " , " bypass "
$direction = Get-AnsibleParam -obj $params -name " direction " -type " str " -failifempty $true -validateset " in " , " out "
$program = Get-AnsibleParam -obj $params -name " program "
$action = Get-AnsibleParam -obj $params -name " action " -type " str " -failifempty $true -validateset " allow " , " block " , " bypass "
$service = Get-AnsibleParam -obj $params -name " service " -default " any "
$program = Get-AnsibleParam -obj $params -name " program " -type " str "
$description = Get-AnsibleParam -obj $params -name " description "
$service = Get-AnsibleParam -obj $params -name " service " -type " str "
$enable = ConvertTo-Bool ( Get-AnsibleParam -obj $params -name " enable " -default " true " )
$enabled = Get-AnsibleParam -obj $params -name " enabled " -type " bool " -default $true -aliases " enable "
$winprofile = Get-AnsibleParam -obj $params -name " profile " -default " any "
$profiles = Get-AnsibleParam -obj $params -name " profiles " -type " str " -default " domain,private,public " -aliases " profile "
$localip = Get-AnsibleParam -obj $params -name " localip " -default " any "
$localip = Get-AnsibleParam -obj $params -name " localip " -type " str " -default " any "
$remoteip = Get-AnsibleParam -obj $params -name " remoteip " -default " any "
$remoteip = Get-AnsibleParam -obj $params -name " remoteip " -type " str " -default " any "
$localport = Get-AnsibleParam -obj $params -name " localport " -default " any "
$localport = Get-AnsibleParam -obj $params -name " localport " -type " str "
$remoteport = Get-AnsibleParam -obj $params -name " remoteport " -default " any "
$remoteport = Get-AnsibleParam -obj $params -name " remoteport " -type " str "
$protocol = Get-AnsibleParam -obj $params -name " protocol " -default " any "
$protocol = Get-AnsibleParam -obj $params -name " protocol " -type " str " -default " any "
$edge = Get-AnsibleParam -obj $params -name " edge " -type " str " -default " no " -validateset " no " , " yes " , " deferapp " , " deferuser "
$state = Get-AnsibleParam -obj $params -name " state " -failifempty $true -validateSet " present " , " absent "
$interfacetypes = Get-AnsibleParam -obj $params -name " interfacetypes " -type " str " -default " any "
$force = ConvertTo-Bool ( Get-AnsibleParam -obj $params -name " force " -default " false " )
$security = Get-AnsibleParam -obj $params -name " security " -type " str " -default " notrequired "
$state = Get-AnsibleParam -obj $params -name " state " -type " str " -default " present " -validateset " present " , " absent "
$force = Get-AnsibleParam -obj $params -name " force " -type " bool " -default $false
# Check the arguments
# Check the arguments
If ( $enable -eq $true ) {
if ( $enabled ) {
$fwsettings . Add ( " Enabled " , " yes " ) ;
$result . fwsettings . Add ( " Enabled " , " Yes " )
} Else {
} else {
$fwsettings . Add ( " Enabled " , " no " ) ;
$result . fwsettings . Add ( " Enabled " , " No " )
} ;
$fwsettings . Add ( " Rule Name " , $name )
#$fwsettings.Add("displayname", $name)
$state = $state . ToString ( ) . ToLower ( )
If ( $state -eq " present " ) {
$fwsettings . Add ( " Direction " , $direction )
$fwsettings . Add ( " Action " , $action )
} ;
If ( $description ) {
$fwsettings . Add ( " Description " , $description ) ;
}
}
If ( $program ) {
$result . fwsettings . Add ( " Rule Name " , $name )
$fwsettings . Add ( " Program " , $program ) ;
#$result.fwsettings.Add("displayname", $name)
if ( $state -eq " present " ) {
$result . fwsettings . Add ( " Direction " , $ ( ConvertTo-TitleCase ( $direction ) ) )
$result . fwsettings . Add ( " Action " , $ ( ConvertTo-TitleCase $action ) )
}
}
$fwsettings . Add ( " LocalIP " , $localip ) ;
if ( $description -ne $null ) {
$fwsettings . Add ( " RemoteIP " , $remoteip ) ;
$result . fwsettings . Add ( " Description " , $description )
$fwsettings . Add ( " LocalPort " , $localport ) ;
}
$fwsettings . Add ( " RemotePort " , $remoteport ) ;
$fwsettings . Add ( " Service " , $service ) ;
if ( $program -ne $null ) {
$fwsettings . Add ( " Protocol " , $protocol ) ;
$result . fwsettings . Add ( " Program " , $program )
$fwsettings . Add ( " Profiles " , $winprofile )
}
$output = @ ( )
$result . fwsettings . Add ( " LocalIP " , $localip )
$capture = getFirewallRule ( $fwsettings ) ;
$result . fwsettings . Add ( " RemoteIP " , $remoteip )
if ( $capture . failed -eq $true ) {
$msg + = $capture . msg ;
if ( $localport -ne $null ) {
$result = New-Object psobject @ {
$result . fwsettings . Add ( " LocalPort " , $localport )
changed = $false
}
failed = $true
error = $capture . error
if ( $remoteport -ne $null ) {
msg = $msg
$result . fwsettings . Add ( " RemotePort " , $remoteport )
} ;
}
Exit-Json $result ;
if ( $service -ne $null ) {
$result . fwsettings . Add ( " Service " , $ ( ConvertTo-TitleCase ( $service ) ) )
}
if ( $protocol -eq " Any " ) {
$result . fwsettings . Add ( " Protocol " , $protocol )
} else {
} else {
$diff = $capture . difference
$result . fwsettings . Add ( " Protocol " , $protocol . toupper ( ) )
$msg + = $capture . msg ;
$identical = $capture . identical ;
$multiple = $capture . multiple ;
}
}
if ( $profiles -eq " Any " ) {
$result . fwsettings . Add ( " Profiles " , " Domain,Private,Public " )
} else {
$result . fwsettings . Add ( " Profiles " , $ ( ConvertTo-TitleCase ( $profiles ) ) )
}
switch ( $state ) {
$result . fwsettings . Add ( " Edge traversal " , $ ( ConvertTo-TitleCase ( $edge ) ) )
" present " {
if ( $capture . exists -eq $false ) {
if ( $interfacetypes -ne $null ) {
$capture = createFireWallRule ( $fwsettings ) ;
$result . fwsettings . Add ( " InterfaceTypes " , $ ( ConvertTo-TitleCase ( $interfacetypes ) ) )
$msg + = $capture . msg ;
}
$change = $true ;
if ( $capture . failed -eq $true ) {
switch ( $security ) {
$result = New-Object psobject @ {
" Authenticate " { $security = " Authenticate " }
failed = $capture . failed
" AuthDynEnc " { $security = " AuthDynEnc " }
error = $capture . error
" AuthEnc " { $security = " AuthEnc " }
output = $capture . output
" AuthNoEncap " { $security = " AuthNoEncap " }
changed = $change
" NotRequired " { $security = " NotRequired " }
msg = $msg
}
difference = $diff
$result . fwsettings . Add ( " Security " , $security )
fwsettings = $fwsettings
} ;
# FIXME: Define unsupported options
Exit-Json $result ;
#$result.fwsettings.Add("Grouping", "")
}
#$result.fwsettings.Add("Rule source", "Local Setting")
} elseif ( $capture . identical -eq $false ) {
if ( $force -eq $true ) {
$get = getFirewallRule ( $result . fwsettings )
$capture = removeFirewallRule ( $fwsettings ) ;
$result . msg + = $get . msg
$msg + = $capture . msg ;
$change = $true ;
if ( $get . failed ) {
if ( $capture . failed -eq $true ) {
$result . error = $get . error
$result = New-Object psobject @ {
$result . output = $get . output
failed = $capture . failed
Fail-Json $result $result . msg
error = $capture . error
}
changed = $change
msg = $msg
$result . diff = $get . diff
output = $capture . output
fwsettings = $fwsettings
} ;
Exit-Json $result ;
}
$capture = createFireWallRule ( $fwsettings ) ;
$msg + = $capture . msg ;
$change = $true ;
if ( $capture . failed -eq $true ) {
$result = New-Object psobject @ {
failed = $capture . failed
error = $capture . error
changed = $change
msg = $msg
difference = $diff
fwsettings = $fwsettings
} ;
Exit-Json $result ;
}
} else {
if ( $state -eq " present " ) {
$fail = $true
if ( -not $get . exists ) {
$msg + = @ ( " There was already a rule $name with different values, use force=True to overwrite it " ) ;
$create = createFireWallRule ( $result . fwsettings )
$result . msg + = $create . msg
$result . diff = $create . diff
if ( $create . failed ) {
$result . error = $create . error
$result . output = $create . output
Fail-Json $result $result . msg
}
$result . changed = $true
} elseif ( -not $get . identical ) {
# FIXME: This ought to use netsh advfirewall firewall set instead !
if ( $force ) {
$remove = removeFirewallRule ( $result . fwsettings )
# NOTE: We retain the diff output from $get.diff here
$result . msg + = $remove . msg
if ( $remove . failed ) {
$result . error = $remove . error
$result . output = $remove . output
Fail-Json $result $result . msg
}
}
} elseif ( $capture . identical -eq $true ) {
$msg + = @ ( " Firewall rule $name was already created " ) ;
$create = createFireWallRule ( $result . fwsettings )
} ;
# NOTE: We retain the diff output from $get.diff here
}
$result . msg + = $create . msg
" absent " {
if ( $capture . exists -eq $true ) {
if ( $create . failed ) {
$capture = removeFirewallRule ( $fwsettings ) ;
$result . error = $create . error
$msg + = $capture . msg ;
$result . output = $create . output
$change = $true ;
Fail-Json $result $result . msg
if ( $capture . failed -eq $true ) {
$result = New-Object psobject @ {
failed = $capture . failed
error = $capture . error
changed = $change
msg = $msg
output = $capture . output
fwsettings = $fwsettings
} ;
Exit-Json $result ;
}
}
$result . changed = $true
} else {
} else {
$msg + = @ ( " Firewall rule $name did not exist " ) ;
} ;
$result . msg + = @ ( " There was already a rule ' $name ' with different values, use the 'force' parameter to overwrite it " )
Fail-Json $result $result . msg
}
} else {
$result . msg + = @ ( " Firewall rule ' $name ' was already created " )
}
}
} ;
} elseif ( $state -eq " absent " ) {
if ( $get . exists ) {
$remove = removeFirewallRule ( $result . fwsettings )
$result . diff = $remove . diff
$result . msg + = $remove . msg
$result = New-Object psobject @ {
if ( $remove . failed ) {
failed = $fail
$result . error = $remove . error
changed = $change
$result . output = $remove . output
msg = $msg
Fail-Json $result $result . msg
difference = $diff
}
fwsettings = $fwsettings
} ;
$result . changed = $true
} else {
$result . msg + = @ ( " Firewall rule ' $name ' did not exist " )
}
}
Exit-Json $result ;
Exit-Json $result