Configure the firewall profile with DSC (Part 3)

The third part deals with the most advanced or modern way of creating custom DSC resources.
Sorry, this time, there’s no helper module 😦 but there’s an excellent documentation on MSDN on this page 😀

mkdir 'C:\Program Files\WindowsPowerShell\Modules\xFirewallProfile'

$Manifest = @{
    Path = 'C:\Program Files\WindowsPowerShell\Modules\xFirewallProfile\xFirewallProfile.psd1'
    RootModule = 'xFirewallProfile.psm1'
    Guid = ([guid]::NewGuid().Guid) ;
    Author  = 'Emin Atac' ;
    CompanyName  = 'Emin Atac'
    Copyright = 'Free to use'
    ModuleVersion = '1.0.0'
    PowerShellVersion = '5.0'
    DscResourcesToExport = 'ClassFirewallProfile'
New-ModuleManifest @Manifest -Verbose

psedit "C:\Program Files\WindowsPowerShell\Modules\xFirewallProfile\xFirewallProfile.psm1"

NB: Notice that the RootModule and DscResourcesToExport statements added to the manifest.

Now here’s what to paste into the xFirewallProfile.psm1 file.

Enum Enabled {
Enum Action {
class ClassFirewallProfile {
[ClassFirewallProfile] Get() {
$p = Get-NetFirewallProfile -Name $this.Name -ErrorAction SilentlyContinue
$r = @{
Name = [String]$p.Name
Enabled = [String]$p.Enabled
DefaultInboundAction = [String]$p.DefaultInboundAction
DefaultOutboundAction = [String]$p.DefaultOutboundAction
return $r
[void] Set() {
Write-verbose "Changing firewall profile $($this.Name)"
Set-NetFirewallProfile -Enabled "$($this.Enabled)"`
-Name "$($this.Name)"`
-DefaultInboundAction "$($this.DefaultInboundAction)"`
-DefaultOutboundAction "$($this.DefaultOutboundAction)"
Write-Verbose -Message "Successfully set the firewall profile $($this.Name)"
[bool] Test() {
$p = Get-NetFirewallProfile -Name $this.Name -ErrorAction SilentlyContinue
$bool = $true
if(($this.Enabled) -ne ($p.Enabled).ToString()) {
Write-Verbose "Firewall profile $($this.Name) is not $($this.Enabled)"
$bool = $false
if($this.DefaultInboundAction -ne ($p.DefaultInboundAction).ToString()) {
Write-Verbose ("Firewall profile {0} DefaultInboundAction is not {1} but is set to {2}" -f $($this.Name),
$bool = $false
if($this.DefaultOutboundAction -ne ($p.DefaultOutboundAction).ToString()) {
Write-Verbose ("Firewall profile {0} DefaultOutboundAction is not {1} but is set to {2}" -f $($this.Name),
$bool = $false
return $bool

Let’s first examine the syntax.

Looks good. Let’s create a configuration to test it. This isn’t much different from what we saw in part 2.

If my machine is already configured as expected, I’ll get:

If I change the domain profile and reapply my configuration, it’s set back to its desired state

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.