Configure the firewall profile with DSC (Part 3)

The third part deals with the most advanced or modern way of creating custom DSC resources.
Sorry, this time, there’s no helper module 😦 but there’s an excellent documentation on MSDN on this page 😀

mkdir 'C:\Program Files\WindowsPowerShell\Modules\xFirewallProfile'

$Manifest = @{
    Path = 'C:\Program Files\WindowsPowerShell\Modules\xFirewallProfile\xFirewallProfile.psd1'
    RootModule = 'xFirewallProfile.psm1'
    Guid = ([guid]::NewGuid().Guid) ;
    Author  = 'Emin Atac' ;
    CompanyName  = 'Emin Atac'
    Copyright = 'Free to use'
    ModuleVersion = '1.0.0'
    PowerShellVersion = '5.0'
    DscResourcesToExport = 'ClassFirewallProfile'
}
New-ModuleManifest @Manifest -Verbose

psedit "C:\Program Files\WindowsPowerShell\Modules\xFirewallProfile\xFirewallProfile.psm1"

NB: Notice that the RootModule and DscResourcesToExport statements added to the manifest.

Now here’s what to paste into the xFirewallProfile.psm1 file.

Enum Enabled {
True
False
}
Enum Action {
Allow
Block
NotConfigured
}
[DscResource()]
class ClassFirewallProfile {
[DscProperty(Key)]
[string]$Name
[DscProperty(Mandatory)]
[Enabled]$Enabled
[DscProperty(Mandatory)]
[Action]$DefaultInboundAction
[DscProperty(Mandatory)]
[Action]$DefaultOutboundAction
[ClassFirewallProfile] Get() {
$p = Get-NetFirewallProfile -Name $this.Name -ErrorAction SilentlyContinue
$r = @{
Name = [String]$p.Name
Enabled = [String]$p.Enabled
DefaultInboundAction = [String]$p.DefaultInboundAction
DefaultOutboundAction = [String]$p.DefaultOutboundAction
}
return $r
}
[void] Set() {
Write-verbose "Changing firewall profile $($this.Name)"
Set-NetFirewallProfile -Enabled "$($this.Enabled)"`
-Name "$($this.Name)"`
-DefaultInboundAction "$($this.DefaultInboundAction)"`
-DefaultOutboundAction "$($this.DefaultOutboundAction)"
Write-Verbose -Message "Successfully set the firewall profile $($this.Name)"
}
[bool] Test() {
$p = Get-NetFirewallProfile -Name $this.Name -ErrorAction SilentlyContinue
$bool = $true
if(($this.Enabled) -ne ($p.Enabled).ToString()) {
Write-Verbose "Firewall profile $($this.Name) is not $($this.Enabled)"
$bool = $false
}
if($this.DefaultInboundAction -ne ($p.DefaultInboundAction).ToString()) {
Write-Verbose ("Firewall profile {0} DefaultInboundAction is not {1} but is set to {2}" -f $($this.Name),
$($this.DefaultInboundAction),$($p.DefaultInboundAction))
$bool = $false
}
if($this.DefaultOutboundAction -ne ($p.DefaultOutboundAction).ToString()) {
Write-Verbose ("Firewall profile {0} DefaultOutboundAction is not {1} but is set to {2}" -f $($this.Name),
$($this.DefaultOutboundAction),$($p.DefaultOutboundAction))
$bool = $false
}
return $bool
}
}

Let’s first examine the syntax.
fw-class-syntax

Looks good. Let’s create a configuration to test it. This isn’t much different from what we saw in part 2.
fw-class-test-config

If my machine is already configured as expected, I’ll get:
test-fw-class-config-01

If I change the domain profile and reapply my configuration, it’s set back to its desired state
test-fw-class-config-02

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.