From 19699737daad61bfe31fe32adb8099950d1c9009 Mon Sep 17 00:00:00 2001 From: robpe49 Date: Fri, 9 Sep 2022 12:13:03 +0200 Subject: [PATCH 1/2] add PolicyStore Parameter for targeting local GPO --- .../DSC_FirewallProfile.psm1 | 71 +++++++++++++------ .../DSC_FirewallProfile.schema.mof | 1 + 2 files changed, 50 insertions(+), 22 deletions(-) diff --git a/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.psm1 b/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.psm1 index 1a05d3a9..dc115e6b 100644 --- a/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.psm1 +++ b/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.psm1 @@ -22,10 +22,13 @@ $script:parameterList = $resourceData.ParameterList <# .SYNOPSIS - Returns the current Firewall Profile. + Returns the current Firewall Profile of the selected Policy Store .PARAMETER Name The name of the firewall profile to configure. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. #> function Get-TargetResource { @@ -36,7 +39,12 @@ function Get-TargetResource [Parameter(Mandatory = $true)] [ValidateSet('Domain', 'Public', 'Private')] [System.String] - $Name + $Name, + + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore' ) Write-Verbose -Message ( @( @@ -48,11 +56,13 @@ function Get-TargetResource # Get the current Dns Client Global Settings $netFirewallProfile = Get-NetFirewallProfile ` -Name $Name ` + -PolicyStore $Policystore ` -ErrorAction Stop # Generate the return object. $returnValue = @{ - Name = $Name + Name = $Name + PolicyStore = $PolicyStore } foreach ($parameter in $script:parameterList) @@ -65,10 +75,9 @@ function Get-TargetResource return $returnValue } # Get-TargetResource - <# .SYNOPSIS - Sets the Firewall Profile. + Sets the Firewall Profile of the selected Policy Store. .PARAMETER Name The name of the firewall profile to configure. @@ -129,6 +138,9 @@ function Get-TargetResource .PARAMETER NotifyOnListen Allows the notification of listening for inbound connections by a service. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. #> function Set-TargetResource { @@ -215,14 +227,19 @@ function Set-TargetResource $LogIgnored, [Parameter()] - [ValidateRange(1,32767)] + [ValidateRange(1, 32767)] [System.Uint64] $LogMaxSizeKilobytes, [Parameter()] [ValidateSet('True', 'False', 'NotConfigured')] [System.String] - $NotifyOnListen + $NotifyOnListen, + + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore' ) Write-Verbose -Message ( @( @@ -234,6 +251,7 @@ function Set-TargetResource # Get the current Firewall Profile Settings $netFirewallProfile = Get-NetFirewallProfile ` -Name $Name ` + -PolicyStore $PolicyStore ` -ErrorAction Stop # Generate a list of parameters that will need to be changed. @@ -245,16 +263,16 @@ function Set-TargetResource $parameterNewValue = (Get-Variable -Name ($parameter.name)).Value if ($PSBoundParameters.ContainsKey($parameter.Name) ` - -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0)) + -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0)) { $changeParameters += @{ $($parameter.name) = $parameterNewValue } Write-Verbose -Message ( @( - "$($MyInvocation.MyCommand): " - $($script:localizedData.FirewallProfileUpdateParameterMessage) ` - -f $Name,$parameter.Name,$parameterNewValue + "$($MyInvocation.MyCommand): " + $($script:localizedData.FirewallProfileUpdateParameterMessage) ` + -f $Name, $parameter.Name, $parameterNewValue ) -join '' ) } # if } # foreach @@ -262,21 +280,21 @@ function Set-TargetResource if ($changeParameters.Count -gt 0) { # Update any parameters that were identified as different - $null = Set-NetFirewallProfile -Name $Name ` + $null = Set-NetFirewallProfile -Name $Name -PolicyStore $PolicyStore ` @ChangeParameters ` -ErrorAction Stop Write-Verbose -Message ( @( - "$($MyInvocation.MyCommand): " - $($script:localizedData.FirewallProfileUpdatedMessage) ` - -f $Name + "$($MyInvocation.MyCommand): " + $($script:localizedData.FirewallProfileUpdatedMessage) ` + -f $Name ) -join '' ) } # if } # Set-TargetResource <# .SYNOPSIS - Tests the state of Firewall Profile. + Tests the state of Firewall Profile of the selected Policy Store. .PARAMETER Name The name of the firewall profile to configure. @@ -337,6 +355,9 @@ function Set-TargetResource .PARAMETER NotifyOnListen Allows the notification of listening for inbound connections by a service. + + .PARAMETER PolicyStore + Specifies the policy store from which to retrieve the rules to be created. #> function Test-TargetResource { @@ -424,14 +445,19 @@ function Test-TargetResource $LogIgnored, [Parameter()] - [ValidateRange(1,32767)] + [ValidateRange(1, 32767)] [System.Uint64] $LogMaxSizeKilobytes, [Parameter()] [ValidateSet('True', 'False', 'NotConfigured')] [System.String] - $NotifyOnListen + $NotifyOnListen, + + [Parameter()] + [ValidateSet('PersistentStore', 'localhost')] + [String] + $PolicyStore = 'PersistentStore' ) Write-Verbose -Message ( @( @@ -446,6 +472,7 @@ function Test-TargetResource # Get the current Dns Client Global Settings $netFirewallProfile = Get-NetFirewallProfile ` -Name $Name ` + -PolicyStore $PolicyStore ` -ErrorAction Stop # Check each parameter @@ -455,12 +482,12 @@ function Test-TargetResource $parameterNewValue = (Get-Variable -Name ($parameter.name)).Value if ($PSBoundParameters.ContainsKey($parameter.Name) ` - -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0)) + -and (Compare-Object -ReferenceObject $parameterSourceValue -DifferenceObject $parameterNewValue -SyncWindow 0)) { Write-Verbose -Message ( @( - "$($MyInvocation.MyCommand): " - $($script:localizedData.FirewallProfileParameterNeedsUpdateMessage) ` - -f $Name,$parameter.Name,$parameterSourceValue,$parameterNewValue + "$($MyInvocation.MyCommand): " + $($script:localizedData.FirewallProfileParameterNeedsUpdateMessage) ` + -f $Name, $parameter.Name, $parameterSourceValue, $parameterNewValue ) -join '' ) $desiredConfigurationMatch = $false diff --git a/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.schema.mof b/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.schema.mof index a8133a57..c079521b 100644 --- a/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.schema.mof +++ b/source/DSCResources/DSC_FirewallProfile/DSC_FirewallProfile.schema.mof @@ -19,4 +19,5 @@ class DSC_FirewallProfile : OMI_BaseResource [Write, Description("Specifies how to log the ignored packets in the location specified by the LogFileName parameter."), ValueMap{"True", "False", "NotConfigured"}, Values{"True", "False", "NotConfigured"}] String LogIgnored; [Write, Description("Specifies the maximum file size of the log, in kilobytes. The acceptable values for this parameter are: 1 through 32767.")] UInt64 LogMaxSizeKilobytes; [Write, Description("Allows the notification of listening for inbound connections by a service."), ValueMap{"True", "False", "NotConfigured"}, Values{"True", "False", "NotConfigured"}] String NotifyOnListen; + [Write, Description("Specifies the policy store from which to retrieve the rules to be created."), ValueMap{"localhost", "PersistentStore"}, Values{"localhost", "PersistentStore"}] String PolicyStore; }; From 0863403cab250a7cd89477bc101258f0b6ef6bc2 Mon Sep 17 00:00:00 2001 From: robpe49 Date: Fri, 9 Sep 2022 12:20:51 +0200 Subject: [PATCH 2/2] Update changelog for adding PolicyStore --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 824bd648..9da39c59 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +### Added + +- FirewallProfile + - Added `PolicyStore` parameter (defaults to PersistentStore to prevent a breaking change) - fixes [Issue #428](https://github.com/dsccommunity/NetworkingDsc/issues/428). + ### Changed - Updated CHANGELOG.md