1 #!powershell 2 3 # Copyright: (c) 2017, Michael Eaton <meaton@iforium.com> 4 # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) 5 6 #Requires -Module Ansible.ModuleUtils.Legacy 7 8 $ErrorActionPreference = "Stop" 9 $firewall_profiles = @('Domain', 'Private', 'Public') 10 11 $params = Parse-Args $args -supports_check_mode $true 12 $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false 13 14 $profiles = Get-AnsibleParam -obj $params -name "profiles" -type "list" -default @("Domain", "Private", "Public") 15 $state = Get-AnsibleParam -obj $params -name "state" -type "str" -failifempty $true -validateset 'disabled','enabled' 16 $inbound_action = Get-AnsibleParam -obj $params -name "inbound_action" -type "str" -validateset 'allow','block','not_configured' 17 $outbound_action = Get-AnsibleParam -obj $params -name "outbound_action" -type "str" -validateset 'allow','block','not_configured' 18 19 $result = @{ 20 changed = $false 21 profiles = $profiles 22 state = $state 23 } 24 25 try { 26 get-command Get-NetFirewallProfile > $null 27 get-command Set-NetFirewallProfile > $null 28 } 29 catch { 30 Fail-Json $result "win_firewall requires Get-NetFirewallProfile and Set-NetFirewallProfile Cmdlets." 31 } 32 33 Try { 34 35 ForEach ($profile in $firewall_profiles) { 36 37 $current_profile = Get-NetFirewallProfile -Name $profile 38 $currentstate = $current_profile.Enabled 39 $current_inboundaction = $current_profile.DefaultInboundAction 40 $current_outboundaction = $current_profile.DefaultOutboundAction 41 $result.$profile = @{ 42 enabled = ($currentstate -eq 1) 43 considered = ($profiles -contains $profile) 44 currentstate = $currentstate 45 } 46 47 if ($profiles -notcontains $profile) { 48 continue 49 } 50 51 if ($state -eq 'enabled') { 52 53 if ($currentstate -eq $false) { 54 Set-NetFirewallProfile -name $profile -Enabled true -WhatIf:$check_mode 55 $result.changed = $true 56 $result.$profile.enabled = $true 57 } 58 if($null -ne $inbound_action) { 59 $inbound_action = [Globalization.CultureInfo]::InvariantCulture.TextInfo.ToTitleCase($inbound_action.ToLower()) -replace '_', '' 60 if ($inbound_action -ne $current_inboundaction) { 61 Set-NetFirewallProfile -name $profile -DefaultInboundAction $inbound_action -WhatIf:$check_mode 62 $result.changed = $true 63 } 64 } 65 if($null -ne $outbound_action) { 66 $outbound_action = [Globalization.CultureInfo]::InvariantCulture.TextInfo.ToTitleCase($outbound_action.ToLower()) -replace '_', '' 67 if ($outbound_action -ne $current_outboundaction) { 68 Set-NetFirewallProfile -name $profile -DefaultOutboundAction $outbound_action -WhatIf:$check_mode 69 $result.changed = $true 70 } 71 } 72 } else { 73 74 if ($currentstate -eq $true) { 75 Set-NetFirewallProfile -name $profile -Enabled false -WhatIf:$check_mode 76 $result.changed = $true 77 $result.$profile.enabled = $false 78 } 79 80 } 81 } 82 } Catch { 83 Fail-Json $result "an error occurred when attempting to change firewall status for profile $profile $($_.Exception.Message)" 84 } 85 86 Exit-Json $result 87